Highest Voted Questions - Cryptography Stack Exchange

33

votes

2 answers

Formal verification in cryptography

I have seen in some places that people use formal verification and/or computer-aided verification for cryptography (tools like ProVerif, CryptoVerif, etc.). How do these approaches work?

provable-security verifiability

asked Apr 06 '16 at 19:25

user4936

33

votes

4 answers

What is the difference between known-plaintext attack and chosen-plaintext attack?

I am very confused between the concept of known-plaintext attack and chosen-plaintext attack. It seems to me that these two are the same thing, but it definitely is not. Can anyone explain to me how these two differ?

cryptanalysis known-plaintext-attack chosen-plaintext-attack

asked Jun 10 '12 at 17:00

Tom Fabregas

33

votes

2 answers

Disadvantage AES-GCM

What are the disadvantages and weaknesses of AES-GCM mode for authenticated encryption? Why does the CAESAR competition say that it’s one of the goals to "find an AE scheme that offers an advantage over AES-GCM"? What advantage they are talking…

authenticated-encryption gcm

asked Jul 31 '14 at 19:25

user2035863

437
4
4

33

votes

3 answers

Is 80 bits of key size considered safe against brute force attacks?

I came across the KATAN family of ciphers for small domain input blocks. They cipher arbitrary block lengths: 32, 48 and 64, but their key size is 80 bits only. Is 80 bits of key size considered safe against brute force attacks with current state…

cryptanalysis brute-force-attack key-size

asked Feb 03 '14 at 14:39

sashank

6,234
4
36
68

33

votes

2 answers

Reason why “XOR” is a linear operation, but ordinary “addition” isn’t?

I'm new in cryptography and try to read some articles in this field. Many of these articles talk about non-linear S-boxes, and nothing more on what they mean by their non-linearity. I have a simple question which I think will guide me through my…

algorithm-design xor s-boxes linear-cryptanalysis

asked Dec 28 '13 at 15:46

Shnd

495
1
4
7

33

votes

2 answers

In RSA, why is it important to choose e so that it is coprime to φ(n)?

When choosing the public exponent e, it is stressed that $e$ must be coprime to $\phi(n)$, i.e. $\gcd(\phi(n), e) = 1$. I know that a common choice is to have $e = 3$ (which requires a good padding scheme) or $e=65537$, which is slower but safer. I…

rsa modular-arithmetic

asked Dec 11 '13 at 02:44

Martin

341
1
3
4

33

votes

2 answers

Why do we need special key-wrap algorithms?

Wikipedia says: Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. We are using these algorithms to encrypt (and authenticate) a key, using a symmetric algorithm…

encryption modes-of-operation authenticated-encryption key-wrap

asked Nov 01 '11 at 00:29

Paŭlo Ebermann

22,946
7
82
119

32

votes

2 answers

ECDSA Compressed public key point back to uncompressed public key point

From the ECDH demo here, if I generate a private key for Alice I can get _ P = 1175846487558108474218546536054752289210804601041 Which gives the following public key point. X = 583857549063195252150226340830731484791130788759 Y =…

elliptic-curves dsa

asked Jun 28 '13 at 09:30

Ian Purton

513
1
5
5

32

votes

2 answers

Theoretically, what if I were to change some magic numbers in, say, AES?

Purely theoretically. I know it's a bad idea to try to invent your own encryption and that's not the intention here. Just a thought experiment. Say, I change some or all of the magic numbers used in, say, AES (but this would also apply to other…

encryption algorithm-design

asked Dec 09 '19 at 02:32

RobIII

459
4
10

32

votes

6 answers

What is the practical impact of using System.Random which is not cryptographically random?

I recently noticed a .NET software using PBKDF to derive an encryption key from a password string. This password string was dynamically generated using System.Random. Now, I know that System.Random is not really cryptographically random and should…

keys random-number-generator key-derivation randomness pseudo-random-function

asked Aug 29 '19 at 19:46

learnerX

687
1
8
15

32

votes

2 answers

Prevent double-spending with decentralized digital currencies without all transactions being public?

A recent approach to creating a decentralized online currency, called Bitcoin, has been generating some interest. The goal is to have a way to transfer currency without a central authority and without double spending or counterfeiting. Their…

protocol-design cryptocurrency

asked Aug 25 '11 at 10:27

Artem Kaznatcheev

421
4
6

32

votes

2 answers

Fixed point of the SHA-256 compression function

SHA256 Free Start Self Collision (Full 64 rounds) IVec: 72BF9EF1 27B82DFB F298F3B7 22B6C32C 18A54860 4C032D91 ADD7B85B 7ED1A4AC Block: 0000004D 0000006F 00000075 00000073 00000065 00000054 00000072 00000061 00000070 00000000 00000000 00000000…

collision-resistance sha-256

asked Jun 24 '17 at 10:32

Nathan.Mariels

329
1
3
5

32

votes

3 answers

Applicability of IBM's projected 50-qubit quantum computer Q to cryptanalysis?

IBM announced Q, a project for a 50-qubit universal quantum computer, according to the press realease. Here is more PR spin, and the research sub-page. What would be the applicability of that to cryptanalysis?

cryptanalysis quantum-cryptanalysis

asked Mar 06 '17 at 16:27

fgrieu

149,326
13
324
622

32

votes

2 answers

Key derivation functions (KDF): What are they, what are their main purposes and how they can be used?

What are KDFs? What are their main purposes? How they can be used, in other words, what's their drill in a cryptography scheme?

keys key-derivation

asked Oct 17 '16 at 14:42

Samuel Paz

485
1
4
6

32

votes

4 answers

Why does Neumann think cryptography isn't the solution?

What did Peter G. Neumann mean by: If you think cryptography is the answer to your problem, then you don't know what your problem is. (eg: quoted in the New York Times, February 20 2001)

provable-security

asked Aug 12 '16 at 08:15

user2768

367
4
15

Most Popular