Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
32
votes
7 answers

Why does RSA need p and q to be prime numbers?

Despite having read What makes RSA secure by using prime numbers?, I seek clarification because I am still struggling to really grasp the underlying concepts of RSA. Specifically, why can't we choose a non-prime $p$ and $q$? I do understand the key…
sharly
  • 423
  • 1
  • 4
  • 4
32
votes
2 answers

Blum Blum Shub vs. AES-CTR or other CSPRNGs

Following on from D.W.'s comments on a previous question, what properties does Blum Blum Shub have that make it better / worse than other PRNGs? Are there significant implementation difficulties or security issues with BBS?
Polynomial
  • 3,577
  • 4
  • 30
  • 45
32
votes
2 answers

How much computing resource is required to brute-force RSA?

It's been over 30 years since Rivest, Shamir and Adleman first publicly described their algorithm for public-key cryptography; and the intelligence community is thought to have known about it for around 40 years—possibly longer. It's fair to assume…
eggyal
  • 507
  • 1
  • 5
  • 10
32
votes
3 answers

Are common cryptographic hashes bijective when hashing a single block of the same size as the output?

It's been said that CRC-64 is bijective for a 64-bit block. It the corresponding statement true for typical cryptographic hashes, like MD5, SHA-1, SHA-2 or SHA-3? For example, would SHA-512 be bijective when hashing a single 512 bit block?
SDL
  • 1,927
  • 13
  • 25
32
votes
3 answers

Is every output of a hash function possible?

Is every output of a hash function (e.g. SHA1, MD5, etc) guaranteed to be possible, or, conversely, are there any output values that cannot possibly be created from any input? In other words, are hash functions surjective? If so, what guarantees…
Polynomial
  • 3,577
  • 4
  • 30
  • 45
32
votes
1 answer

How is SHA1 different from MD5?

On the surface, SHA1 and MD5 look pretty similar. Their diagrams include chunks of bits, bit rotation, xor and special functions. Their implementations are roughly the same length (at least the ones I've seen). Yet it's widely known that MD5 is…
qwr
  • 455
  • 1
  • 4
  • 16
32
votes
2 answers

Using the same RSA keypair to sign and encrypt

The RSA signature operation is basically the same as encrypting with the private key. In particular, both operations use the same kind of keys. Is it safe to use the same RSA keypair both for encryption / decryption and for signing / verification?
Lay András
  • 421
  • 1
  • 4
  • 3
31
votes
1 answer

Is it possible to actually verify a “sponge function” security claim?

When using a “sponge function” to create a cryptographic hash, we can look at the flat sponge claim, which flattens the claimed success probabilities of all attacks using a single parameter: the claimed capacity cclaim Is there any way to actually…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
31
votes
3 answers

repeating-key xor and hamming distance

I read that to break repeating-key xor you can do the following: try a keysize $n$ and compute the hamming distance between the first $n$ bits of the encrypted string and the bits $n+1$ to $2n$ of the encrypted string and normalize by keysize. The…
user782220
  • 443
  • 1
  • 4
  • 4
31
votes
4 answers

How to fairly select a random number for a game without trusting a third party?

Several people are playing a game with random events and require a way to produce a random number. (Such as dice rolls or a lottery.) Can this be done such that each player has the power to be reasonably sure that the random number was fairly…
billpg
  • 711
  • 5
  • 16
31
votes
2 answers

What are standard cryptographic assumptions?

I am struggling to understand what is meant by "standard cryptographic assumption". The Wikipedia artice on the Goldwasser–Micali system (GM) reads "GM has the distinction of being the first probabilistic public-key encryption scheme which is…
3nondatur
  • 617
  • 6
  • 11
31
votes
2 answers

What are the implications of the new alleged key recovery attack preprint on SIMON?

Just recently, a new attack was published against SIMON-32/64 which claims to also be applicable to other versions of the cipher. The paper, now archived, is titled A Note on SIMON-32/64 Security and describes a new practical, low-cost key recovery…
forest
  • 15,626
  • 2
  • 49
  • 103
31
votes
1 answer

Uniform vs discrete Gaussian sampling in Ring learning with errors

The Wikipedia article on RLWE mentions two methods of sampling "small" polynomials namely uniform sampling and discrete Gaussian sampling. Uniform sampling is clearly the simplest, involving simply uniformly selecting the coefficients from the set…
Morty
  • 639
  • 4
  • 13
31
votes
2 answers

How does a non-prime modulus for Diffie-Hellman allow for a backdoor?

Recently someone found that a Diffie-Hellman modulus used in a unix tool (socat) was not prime. This led some people to shout "backdoor". What I don't understand is, how could this allow for a backdoor? I'm guessing the problem could be small…
David 天宇 Wong
  • 1,595
  • 11
  • 27
31
votes
7 answers

How can SSL secure a two-way communication with only one key-pair?

As I understand it, SSL involved the use of a public-private key pair. How does this enable two-way communication? Suppose I have some server with which I wish to communicate securely. I connect to it, and it supplies me a certificate, which…
GWLlosa
  • 659
  • 1
  • 6
  • 8
1 2 3
99 100