Highest Voted Questions - Cryptography Stack Exchange

27

votes

1 answer

Why are the lower 3 bits of curve25519/ed25519 secret keys cleared during creation?

I am currently experimenting with ed25519 and I noticed that on secret key creation, bit 254 is always set and the lower 3 bits are always cleared. I found that bit 254 is always set to protect against timing attacks in this question: When using…

ed25519

asked Dec 18 '13 at 11:57

MepAhoo

273
3
4

26

votes

7 answers

Does Terra Quantum AG break AES and Hash Algorithms?

According to this Bloomberg article: A Swiss Company Says It Found Weakness That Imperils Encryption Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and…

hash aes post-quantum-cryptography grovers-algorithm

asked Feb 07 '21 at 20:09

kelalaka

49,797
12
123
211

26

votes

4 answers

Why does key generation take an input $1^k$, and how do I represent it in practice?

In my lecture, the lecturer said: Let $K$ be the key generation algorithm. Given a security parameter represented in unary, $1^k$, $K(1^k)$ will output a keypair $(pk; sk)$, known as the public key and the private (or secret) key, respectively.…

public-key notation

asked Apr 29 '13 at 21:09

juaninf

2,781
3
21
29

26

votes

3 answers

"Weaknesses" in SHA-256d?

According to this answer, "SHA-256d" was proposed in one of the Ferguson/Schneier books like so: SHA-256d(x) = SHA-256(SHA-256(x)) Apparently, the motivation for this construction is to avoid length extension attacks. Incidentally, SHA-256d is the…

hash sha-256

asked Apr 02 '13 at 21:09

Nemo

1,377
1
14
18

26

votes

1 answer

Low Public Exponent Attack for RSA

I'm having trouble understanding the algorithm for finding the original message $m$, when there is a small public exponent. Here is the example I'm trying to follow (you can also read it in the 'Low exponent RSA paragraph' of this article-…

encryption rsa public-key

asked Mar 17 '13 at 03:45

user1136342

459
1
5
10

26

votes

3 answers

Is Encrypt+HMAC stronger than AEAD?

There are a few posts that I've come across that seem to imply that using regular encryption and a MAC might be better than using the newer AEAD (ie: AES/GCM)…

hmac authenticated-encryption

asked Jan 22 '13 at 19:48

slipheed

437
4
8

26

votes

3 answers

How effective is quantum computing against elliptic curve cryptography?

I've been reading the Wikipedia page on Elliptic-Curve Cryptography and I came across the following. in August 2015, the NSA announced that it plans to replace Suite B with a new cipher suite due to concerns about quantum computing attacks on ECC.…

cryptanalysis elliptic-curves quantum-cryptography

asked Jun 04 '18 at 11:49

Fathima Abdur Rahman

441
1
4
5

26

votes

3 answers

AES-GCM and its IV/nonce value

I was reading about the differences between the GCM and the CBC modes here and I have a follow up question: In the CBC mode the person who performs the encryption is the one who provides the IV for the encryption -- and the IV is required to decrypt…

aes gcm

asked Dec 21 '12 at 05:02

user114

26

votes

4 answers

What makes Quantum Cryptography secure?

This is my current understanding of how Quantum Cryptography works: (The first bit is Quantum Key Distribution) Alice sends a beam of photons to Bob through a quantum channel such as an optical fiber. Each of these photons represent a bit of…

key-exchange key-distribution quantum-key-distribution

asked Sep 05 '17 at 01:46

lal lal

373
3
7

26

votes

3 answers

How Far Ahead of Academia Are Government Agencies?

This is a soft question regarding comparisons between government security services (eg, NSA or GCHQ) and open-source research (e.g., academia). Hopefully it's on-topic for this site! In essence, my question is the following. How far ahead (if at…

encryption cryptanalysis nsa

asked Aug 20 '17 at 10:43

Sam OT

448
5
12

26

votes

2 answers

Why is it not possible to increase the size of RSA keys indefinitely?

According to this primer on elliptic curves by Ars Technica, when composite numbers get "too" big, they become easier to factorize with Quadratic Sieve and General Number Field Sieve. While this is not explained in detail on the site, it is a common…

rsa elliptic-curves modular-arithmetic factoring

asked Dec 13 '16 at 07:12

fast-reflexes

371
3
5

26

votes

1 answer

What are the odds of collisions for a hash function with 256-bit output?

There are some related questions on the net but I did not understand their solutions. I am reading in a textbook about methods of finding a collision. It states to consider a collision for a hash function with a 256-bit output size and writes if we…

hash collision-resistance

asked Aug 27 '16 at 16:54

Max

417
1
6
11

26

votes

4 answers

What tests can I do to ensure my random number generator is working correctly?

In the past I have used the Chi-squared test to check the statistical randomness of my generator. Is this a good test to use? Are there other tests?

random-number-generator

asked Aug 12 '11 at 21:53

this.josh

2,037
4
17
13

26

votes

6 answers

Did a certain cryptography method get abandoned due to security flaws in the past?

I am researching how quantum computers affect current encryption methods (RSA and more). However, I remember learning in a course that there used to be a particular encryption method which was popular but suddenly had a very bad vulnerability in the…

encryption attack history

asked Jun 04 '16 at 23:35

Kevin Van Ryckegem

371
3
6

26

votes

2 answers

Which elliptic curves are quantum resistant?

If I want to learn about quantum resistant crytography what are the best resources? Which type of elliptic curves should I be studying?

elliptic-curves post-quantum-cryptography

asked May 21 '16 at 07:21

Imagin Ation

369
1
3
5

Most Popular