Highest Voted Questions - Cryptography Stack Exchange

11

votes

3 answers

Is Poly1305 an information-theoretically secure MAC?

I have heard some people say that the Poly1305 authenticator is a "nuclear" MAC i.e. it is information-theoretically secure. After reading the paper I see it is based on the Wegman-Carter MAC which is supposedly the natural authentication pairing…

mac one-time-pad poly1305 information-theory carter-wegman

asked Jun 17 '17 at 21:34

lightspeeder

368
3
9

11

votes

1 answer

Is it easy to factorize a number of the form $n = t^{2} \cdotp p$?

Is it easy to factorize a number of the form $n = t^{2} \cdotp p$, where $t$ and $p$ are large primes?

prime-numbers factoring

asked Jun 12 '17 at 15:11

AdveRSAry

634
3
14

11

votes

1 answer

Why are elliptic curves over a field of characteristic 2 or 3 insecure?

The following is a quotation from my cryptography course: Recent results on the discrete logarithm raise big concerns on the security of elliptic curves over a binary field. What are these results? Also, is characteristic three safe?

elliptic-curves discrete-logarithm finite-field

asked Jun 10 '17 at 11:41

user1868607

1,243
12
29

11

votes

2 answers

Why use RSA-2048 for plaintext when AES-256 is much more secure?

Why do we use RSA encryption for ANY text/communication/data encryption when everybody on internet is writing that AES-256 is much stronger than RSA-2048? If this is true, why do encrypted email services like Protonmail even use RSA encryption for…

encryption rsa aes

asked Jun 08 '17 at 05:49

daniel

391
2
4
13

11

votes

2 answers

Why is Ring-LWE more efficient compared to LWE?

Can someone please tell me why is the Ring-LWE more efficient? By introducing polynomials in place of matrices, what kind of optimizations do we introduce that make Ring-LWE more efficient?

lwe

asked May 21 '17 at 19:48

AdveRSAry

634
3
14

11

votes

0 answers

Share Conversion between Different Finite Fields

Let us have any linear secret sharing scheme (LSSS) that works on some field $Z_{p}$, where p is some prime or a power of a prime e.g., Shamir Secret Sharing, Additive secret Sharing. The problem at hand is simple, for any secret shared value in…

secret-sharing multiparty-computation finite-field garbled-circuits function-evaluation

asked May 19 '17 at 13:58

DaWNFoRCe

892
7
17

11

votes

2 answers

Why can't they just fix SHA-1 if it's broken?

Presently 160 bits of hash block width seems to provide adequate security against brute force attacks. The recent developments concerning SHA-1 have reduced the effort to force collisions by 5 orders of magnitude according to the latest Wikipedia…

sha-1

asked May 02 '17 at 22:26

Paul Uszak

15,905
2
32
83

11

votes

1 answer

Should I use SHA256 or Blake2 to checksum and sign scrypt headers?

I use scrypt as a key derivation function (not to store passwords). To pass around the detached key header I use the standard encoding as implemented in Colin Percival's scrypt implementation (scryptenc.c#L224). The original scrypt key header…

sha-256 scrypt blake2

asked Mar 29 '17 at 11:32

RobS

113
1
1
6

11

votes

1 answer

(EC)DSA signature without hashing, or with offloaded hash?

In (EC)DSA as per FIPS 186-4, the message to sign is first hashed. Imagine that we skip this hashing stage, instead put the message where the hash was, and constrain the size of message $h$ to the original hash's output width $N$ bits. The resulting…

hash dsa cryptographic-hardware

asked Mar 19 '17 at 16:06

fgrieu

149,326
13
324
622

11

votes

1 answer

Which compression functions are PRFs?

In a 2006 paper Bellare showed that HMAC remains secure even if collision resistance for MD5/SHA-1 is broken as long they are still PRFs. The Wikipedia article on cryptographic hash functions mentions that In practice, collision resistance is…

hmac pseudo-random-function compression-function

asked Mar 14 '17 at 15:13

Elias

4,933
1
16
32

11

votes

0 answers

How exactly does ASKE (Alpha Secure Key Establishment) in Zigbee work?

I am working on Zigbee security. For key establishment, some approaches are given in Zigbee. Some of them are: ASKE (Alpha Secure Key Establishment), ASAC (Alpha Secure Access Control), and SKKE (Symmetric Key Key Establishment). I tried to do my…

authentication key-exchange reference-request access-control

asked Feb 22 '17 at 06:19

Prasanth Kumar Arisetti

219
1
6

11

votes

1 answer

CBC-Mode Infinite Garble Extension

A variation of the CBC mode is the Inﬁnite Garble Extension. I can neither find a block diagram of it, nor the formulas for encryption and decryption. I would really like to learn more about it but there is not much online information available…

encryption aes cbc modes-of-operation

asked Feb 13 '17 at 17:58

userkir

403
5
12

11

votes

1 answer

Why do crypto tools display key components in such an unusual format?

openssl x509 (v1.0.1f) displays public key moduli as arrays of hex-encoded bytes, 15 columns wide, starting with a leading 00:: Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) …

rsa keys openssl notation

asked Feb 07 '17 at 05:00

Dan Lenski

345
2
11

11

votes

2 answers

Best password hashing strategy with Argon2 in a web app

What are reasonable parameters for Argon2 to hash passwords in a web application? On the one hand we need good performance, fast responses and DDoS resistance, but on the other hand we need protection from brute force on modern GPU, ASIC, FPGA etc.…

password-hashing argon2

asked Feb 03 '17 at 15:54

CaptainRR

656
5
16

11

votes

5 answers

What is the purely mathematical definition of encryption strength?

An encryption function can be used to obfuscate pieces of information and later on retrieve them. What is the yardstick for measuring how well the function encrypts the information ? Given any invertible function, which are the quantified parameters…

encryption key-size

asked Jan 27 '17 at 18:18

ARi

235
2
7

Most Popular