Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [optimization]

Questions about problems that entail selecting the best element from some set of available alternatives, and methods to solve them.

Questions about problems that entail selecting the best element from some set of available alternatives, and methods to solve them.

19 questions
5
votes
0 answers

Why Salsa20 rotates columns vertically to optimize for SIMD?

I'm writing a school assignment and I'm trying to fully grasp the differences between Salsa20 and ChaCha. I've come to understand that by rotating upwards the initial matrix columns, DJB says that thanks to SIMD each quarter-round will run in…
Fabrizio Mele
  • 181
  • 4
4
votes
1 answer

Optimized Garbled Circuit Algorithmic Description

The Garbled Circuit (GC) is now over thirty years old, and many optimization methodologies have been proposed, including point-and-permute, row-reduction, free-XOR, fixed-key blockcipher, half-and. But, after Googling papers and forums, I can't…
alexander
  • 159
  • 5
4
votes
1 answer

Sextic twist of BN pairing parameters vs security

I've previously asked questions on BN pairing parameters. Here's one more. In the BN construction, one is working in a subgroup of a curve over an extension field $\mathbf{F}_{p^{12}}$ for some prime $p$. Now, in the scheme I'm looking at, they…
Morty
  • 639
  • 4
  • 13
3
votes
1 answer

Prove you computed $hash^r(input)$ for some cryptographic hash function

What is the most efficient way to prove that a person computed $r$ rounds of some cryptographic hash function (ex. SHA256) on an input? Specifically, I'm trying to optimize (1) the running time of the verifier and (2) the size of the proof (in that…
user74433
  • 33
  • 3
3
votes
1 answer

Problem with efficiency of projective coordinates in Elliptic Curve arithmetic

Ok sort of long post incoming. Will go slow to make it as clear as possible I'm trying to build a C library for Elliptic Curve Arithmetic. Since the idea is to learn from the process, I decided to support many different coordinate systems. So far,…
popeye
  • 95
  • 5
2
votes
1 answer

Number of rounds for constant header size in common hashes and XOFs

We compute hash $H(M_0\mathbin\|M_1)$ of size $d\ge1$ for some constant header $M_0$ of size $m_0$, and $\nu\ge1$ messages $M_1$ of random content and size $m_1$. For Merkle-Damgård hashes, a simple optimization pre-computes the first $\left\lfloor…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
2
votes
3 answers

Who has checked that AES-NI produces the expected results? (i.e. the exact same as software-only AES encryption)

Everybody seems to rely happily on the set of Intel instructions on > 2010 CPUs to accelerate AES256 encryption. This might be a too naive question but, being the exact algorithms an industrial secret, some independent experts must have checked at…
Mephisto
  • 143
  • 3
2
votes
1 answer

Is there any bijective obfuscation scheme which maintains a byte order (e.g. sorted) or does so after not too many trials? (for 128bit = 16 byte)

We have given 16 bytes and apply some order to them. For example sorting them by their absolute value. We want to obfuscate them as best as possible while maintaining their order. That means if we apply the order function after the obfuscation…
J. Doe
  • 463
  • 4
  • 15
2
votes
2 answers

Merge two multisignatures

I want to know if there is a multisignature scheme that allows the merging of two multisignatures for the same data but by two different sets of users, and without knowing the corresponding private keys. The goal is to obtain a single multisig that…
JacopoStanchi
  • 241
  • 1
  • 11
1
vote
1 answer

Lookup table for DSA/ECDSA/Schnorr multiplication

Something in common to [EC]DSA and related signature schemes like Schnorr is that the most expensive part of signing is calculating $r = g^k$ in the group for some per-signature $k$ of length $b$ bits. But this is always taking the same generator…
Myria
  • 2,635
  • 15
  • 26
1
vote
1 answer

Ciphertext packing for bandwidth optimization

Let's say $Alice$ needs to send ciphertext $c_b = enc(m_b,k_b)$ to $Bob$ and ciphertext $c_c = enc(m_c,k_c)$ to $Carol$. For both the ciphertexts notice that underlying plaintexts are different (i.e. $m_b, m_c$). Now imagine a single envelope needs…
sashank
  • 6,234
  • 4
  • 36
  • 68
1
vote
1 answer

How is GF(2^n) multiplication optimized using only rotation and xor

I have been reading the paper on SNEIKEN and SNEIKHA authenticated encryption and cryptographic hashing when I came upon some interesting optimization that was used to perform field multiplcation in order to create 32-bit permutations. As part of…
cookiecipher
  • 359
  • 1
  • 8
1
vote
1 answer

OPRF based on symmetric encryption

We need to use OPRF(oblivious pseudo random function) on very large sets. Unfortunately most of algorithms use elliptic curves and so this algorithms are very slow. Does exist some relaxation of oprf(like the function is random only on generic…
Galois group
  • 187
  • 1
  • 10
1
vote
0 answers

What is the fastest stable 128-bit non-cryptographic hash function?

I need a stable 128-bit hash function which is extremely fast since it will be used for generating unique IDs for billions of objects. It doesn't need to be a cryptographic hash function, nor does it have to act as a PRF. The only requirements are…
TypicalHog
  • 133
  • 9
1
vote
1 answer

Constant-time decompression on an elliptic curve

Let $E\!: y^2 = f(x)$ be an elliptic curve over a finite field $\mathbb{F}_{q}$ of odd characteristic. Consider an $\mathbb{F}_{q}$-point $P = (x,y)$ on $E$. Suppose that we only have the $x$-coordinate (with one auxiliary bit) and we want to…
Dimitri Koshelev
  • 495
  • 2
  • 8
1
2