Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [standards]

Questions about official cryptographic standards and their implementation.

135 questions
53
votes
1 answer

Why do 5G, 4G, etc., use non-conventional algorithms?

Looking up information about 5G and the previous 3GPP standards, why have they been incorporating non-conventional algorithms into the standards? For example, AES has been considered secure for ages and there is lots of support for hardware…
MCCCS
  • 731
  • 1
  • 7
  • 15
27
votes
3 answers

Why is the P-521 elliptic curve not in Suite B if AES-256 is?

In the NSA's document, "The Case for Elliptic Curve Cryptography" (archived), we have +---------------+-------------------------+-----------------+ | Symmetric Key | RSA and Diffie-Hellman | Elliptic Curve | | Size (bits) | Key Size (bits)…
DeepSpace101
  • 1,717
  • 3
  • 17
  • 24
27
votes
2 answers

Why did TLS 1.3 prohibit PGP authentication?

There is a specification, in Informational(!) RFC 6091, for using PGP keys in TLS authentication, although I don’t think it has ever been implemented outside of GnuTLS (it’s certainly not in OpenSSL). Yet the TLS 1.3 RFC 8446 §4.4.2 goes as far as…
Alex Shpilkin
  • 370
  • 3
  • 11
25
votes
5 answers

How useful is NIST's Randomness Beacon for cryptographic use?

NIST have just launched a new service called the NSANIST Randomness Beacon. It has been met with some initial skepticism. Perhaps the cryptography community would have used it before June 2013 when NIST had a trusted reputation. At first I thought…
user3461497
  • 361
  • 3
  • 5
24
votes
2 answers

How exactly was the finalist chosen in the NIST AES competition?

I was just reading the Stick Figure Guide to AES and came across an interesting table explaining how the winner was chosen: Unfortunately the NIST site is down so I can't gain further information about the approval process so I was hoping someone…
J_M
  • 341
  • 2
  • 3
23
votes
4 answers

EC Schnorr signature: multiple standard?

I'm working on some EC-Schnorr signature code. Reading various papers on that, it seems EC-Schnorr is not standardized as well as ECDSA. For example, I found two main differences in two main actors specs (also found other minor variants in other…
cslashm
  • 413
  • 3
  • 4
22
votes
3 answers

Is RSASSA-PKCS1-v1_5 a good signature scheme for new systems?

Is RSASSA-PKCS1-v1_5 a good signature scheme to recommend that people use in new systems? Is it believed to be secure and represent the state-of-the-art in RSA-based signatures? I understand that RSA-PSS is a newer signature scheme, also…
D.W.
  • 36,982
  • 13
  • 107
  • 196
18
votes
1 answer

What changed in PKCS#1 v2.2, and why?

PKCS#1 is one of the most used (de-facto) standard for real-world use of RSA. That's for good reasons: PKCS#1 is well thought, versatile, understandable, has been relatively stable for over two decades, and remains practically secure in its original…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
17
votes
2 answers

Is there a contingency plan in the event of a catastrophic attack on AES?

NIST selected Rijndael in 2000 to be AES. In a paper from the Serpent authors, they mention that there was the possibility of choosing a second cipher as a backup in the case of any severe breaks: I believe that there should be only one standard.…
forest
  • 15,626
  • 2
  • 49
  • 103
17
votes
2 answers

How did || come to be used in crypto texts to represent concatenation?

In RFC5647, NIST SP 800-38D, etc., || is used to denote concatenation. How did that come to be? In most programming languages || represents "or" and + denotes concatenation and the fact that crypto texts just kind of mixed it up seems to make for an…
neubert
  • 2,969
  • 1
  • 29
  • 58
17
votes
3 answers

Is there a standardized tree hash?

SHA-1, SHA-2, and the standardized version of SHA-3 are all sequential. This is impractical for hashing very large files distributed across machines. Any sequential hash can be straightforwardly converted into an efficiently parallelized hash…
Geoffrey Irving
  • 404
  • 2
  • 12
16
votes
2 answers

NIST Diffie-Hellman prime: how was it picked? Where did it come from?

According to this Matasano Crypto challenge, the NIST "likes" the following prime modulus, which appears to be expressed in…
Elias Zamaria
  • 279
  • 2
  • 9
15
votes
1 answer

What the X stands for in the front of Elliptic curve names like X25519

I have seen Curve25519 and X25519, Curve448 and X448. I've seen a small note in this answer (Historical note: Originally, X25519 was called Curve25519, but now Curve25519 just means the elliptic curve and X25519 means the cryptosystem.) Is it a…
kelalaka
  • 49,797
  • 12
  • 123
  • 211
14
votes
1 answer

What was NIST’s reason to switch naming from MD… (Message Digest) to SHA… (Secure Hashing Algorithm)?

When NIST introduced SHA-0 in 1993, they – for the first time – switched their naming convention from MD-n to SHA-n. Since both point to similar constructions (read: hashing algorithms with the same cryptographic goals), I am wondering why NIST…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
13
votes
2 answers

Why NIST insists on post-quantum standardization procedure rather than post-quantum competition?

I have seen in many papers and even in communications from NIST that the ongoing standardization is a "procedure" or a "process". They carefully refrain from using the term competition like AES. I was wondering what is the reason for this? Is there…
Rick
  • 1,305
  • 8
  • 17
1
2 3
8 9