Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
3 answers

Are these emerging threats against AES affecting your designs?

Recentally, an attack on AES was discovered which reduces its computationally complexity, by a very slight amount. The first key recovery attack on the full AES-128 with computational complexity $2^{126.1}$. The first key recovery attack on the…
Rook
  • 1,506
  • 1
  • 13
  • 22
11
votes
1 answer

Poly1305-AES vs AES-GCM

What are the advantages of Poly1305-AES over AES-GCM? Please note I am not talking about chacha20-Poly1305 that has been widely adopted, including by Google. But I would like to know pros and cons of Poly1305-AES vs AES-GCM
user12480
  • 293
  • 2
  • 9
11
votes
1 answer

What is a pseudo-collision attack?

In the context of cryptographic hash function collisions, what exactly is a pseudo-collision attack? E.g., pseudo-collisions are discussed here: Preimage and Pseudo-Collision Attacks on Step-Reduced SM3 Hash Function Converting Meet-in-the-Middle…
Arminius
  • 268
  • 3
  • 13
11
votes
1 answer

Can someone clarify two things about the HKDF by Krawczyk?

I got a question about the HKDF Scheme by Hugo Krawczyk. On the following link you can find a small explanation of the HKDF-Scheme and some short informations. The HKDF specification itself has been published as RFC 5869. I got two questions about…
chris000r
  • 519
  • 3
  • 15
11
votes
2 answers

Is the additive discrete Logarithm problem always easy in Fields?

While thinking about additive DH key exchanges, I somehow had the idea that additive DH key exchange may always be easy to break, if we are in a field. So here's (directly) the question: In any finite field, is the additive discrete logarithm and /…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
11
votes
1 answer

Difference between somewhat homomorphic encryption and leveled homomorphic encryption?

Is there any difference between somewhat homomorphic encryption and leveled homomorphic encryption? I heard that leveled homomorphic encryption supports computing circuits of bounded depth on cipher text, and somewhat homomorphic encryption supports…
satya
  • 1,484
  • 10
  • 32
11
votes
3 answers

Padding in Keccak SHA3 hashing algorithm

In FIPS-202 specification, the padding required for SHA3 were not clearly mentioned. so we have analyzed the NIST test vectors for SHA3, which states that append "0x06" (never used 1 followed by 'j'zeros and then 1 specified in FIPS-202) to the…
Vani
  • 111
  • 1
  • 3
11
votes
1 answer

Why does Skein use an output transform, but other similar hashes don't?

Skein uses an additional compression function call to finalize the output, even when the output isn't larger than the native output size. The Skein paper says: Due to Skein’s output transformation, it remains an open problem how to create…
CodesInChaos
  • 25,121
  • 2
  • 90
  • 129
11
votes
3 answers

Is there a signature scheme in which private keys can't be linked to their signatures?

Normally in a signature system, the private key can be used to derive the public key, and therefore verify any given signature signed by that private key. Can we create a system without this property? Namely, I'm looking for a signature scheme in…
Christopher King
  • 839
  • 5
  • 20
11
votes
3 answers

What's up with unnamed elliptic curves in e-passports?

At my work I deal with the cryptographic aspects of the international E-Passport specification (the crypto chips embedded in your passports, the kiosks at airports that talk to them, and the certificate authorities that issue their certs). The…
Mike Ounsworth
  • 3,717
  • 1
  • 20
  • 29
11
votes
1 answer

Somewhat Homomorphic Encryption versus Fully Homomorphic Encryption?

Is that correct that Somewhat Homomorphic Encryption is more efficient that “Fully Homomorphic Encryption” (FHE) but less efficient than Partially Homomorphic Encryption (e.g Paillier encryption)? Is that correct that in Somewhat Homomorphic…
user153465
  • 1,583
  • 12
  • 23
11
votes
2 answers

Why is the Lovász condition used in the LLL algorithm?

The LLL algorithm is used to approximate the Shortest Vector Problem, i.e., it outputs a reduced basis. Such a basis will satisfy two conditions: $$ \forall i \gt j. \quad \lvert\mu_{ij}\rvert \le \frac{1}{2} \qquad\text{[size-reduced]} $$ $$…
preethi
  • 951
  • 7
  • 24
11
votes
1 answer

Using SHA-256 with different initial hash value

FIPS 180-3 defines the initial hash value for SHA-256 as the first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19. What would be the risks of using a different value (for example: a random salt)? Conceptually, this…
ericball
  • 413
  • 4
  • 10
11
votes
1 answer

Applying machine learning algorithms to homomorphic encrypted data

I have a basic understanding of encryption and I got back to the topic because of an interesting site that encrypts financial data using homomorphic encryption (HE) and I would be happy for any input from the community here. They don't really tell…
Richi W
  • 163
  • 1
  • 9
11
votes
2 answers

How many keys does the Playfair Cipher have?

I was just studying the Playfair cipher and from what I've understood, it is just a slightly better version of a Caesar cipher, in that it isn't actually mono-alphabetic but rather the 'digrams' are mono-alphabetic. I believe that since it offers a…
GamingX
  • 647
  • 2
  • 7
  • 9
1 2 3
99 100