Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
3 answers

What's up with unnamed elliptic curves in e-passports?

At my work I deal with the cryptographic aspects of the international E-Passport specification (the crypto chips embedded in your passports, the kiosks at airports that talk to them, and the certificate authorities that issue their certs). The…
Mike Ounsworth
  • 3,627
  • 1
  • 18
  • 28
11
votes
1 answer

Somewhat Homomorphic Encryption versus Fully Homomorphic Encryption?

Is that correct that Somewhat Homomorphic Encryption is more efficient that “Fully Homomorphic Encryption” (FHE) but less efficient than Partially Homomorphic Encryption (e.g Paillier encryption)? Is that correct that in Somewhat Homomorphic…
user153465
  • 1,583
  • 12
  • 23
11
votes
1 answer

Using SHA-256 with different initial hash value

FIPS 180-3 defines the initial hash value for SHA-256 as the first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19. What would be the risks of using a different value (for example: a random salt)? Conceptually, this…
ericball
  • 413
  • 4
  • 10
11
votes
1 answer

Applying machine learning algorithms to homomorphic encrypted data

I have a basic understanding of encryption and I got back to the topic because of an interesting site that encrypts financial data using homomorphic encryption (HE) and I would be happy for any input from the community here. They don't really tell…
Richi W
  • 163
  • 1
  • 9
11
votes
2 answers

How many keys does the Playfair Cipher have?

I was just studying the Playfair cipher and from what I've understood, it is just a slightly better version of a Caesar cipher, in that it isn't actually mono-alphabetic but rather the 'digrams' are mono-alphabetic. I believe that since it offers a…
GamingX
  • 647
  • 2
  • 7
  • 9
11
votes
2 answers

Why would Carter-Wegman-style message authentication not be broken by P = NP?

Researching about the implications of P = NP to cryptography I found someone say that the only cryptography left standing would be the one time pad and Carter-Wegman-Style message authentication. While the one time pad seems obvious, I am not sure…
David Schumann
  • 243
  • 3
  • 9
11
votes
4 answers

What is the best-practice for encrypting small files?

I would like to know how to store a sensitive file; a credential of sorts. I want to password-protect it, obviously. It would be appropriate - in my application - to prompt the user for the password each run. There are proper apps - like SSH -…
Will
  • 412
  • 3
  • 11
11
votes
1 answer

How can I instantiate a generalized hash function?

I've come across a bunch of "strange" hash function notations, such as the following ones and now I don't know how to choose / instantiate them. Can you please explain me what this notation means and how I can actually instantiate such a hash…
SEJPM
  • 45,967
  • 7
  • 99
  • 205
11
votes
1 answer

Can Shor's algorithm compromise RSA when both the public and private key are secret?

If RSA is to create a public-private key pair and encryption is performed on plain test P to create ciphertext C, given P and C could Shor's algorithm be used to find either of the public and private keys? You have both the plain text and cipher…
Mathew
  • 325
  • 2
  • 9
11
votes
3 answers

How secure is AES-256, but with an effective key length of 56-bits?

I need to encrypt a few drives using Kaspersky Total Security. I however noted something peculiar, Kaspersky's description of their cipher is: Data will be protected using AES-256 encryption with a 56-bit effective key length? Does this mean…
J. Doe
  • 165
  • 1
  • 1
  • 8
11
votes
1 answer

Qubit / Qutrit - Is there a theoretical limit on how many orthogonal states a quantum bit has?

Seems like a quantum bit with $3$ orthogonal quantum states is called a qutrit - and they have been demonstrated practically. In comparison with $n$ qubits that have ~$2^{n}$ states, these have ~$3^{n}$ states. Is there a theoretical upper-limit on…
StefanS
  • 212
  • 1
  • 10
11
votes
1 answer

Is the "New Hope" Lattice Key Exchange vulnerable to a lattice analog of the Bernstein BADA55 Attack?

In the paper, "Post Quantum Key Exhange - A New Hope," the authors present a lattice-based key exchange based on the work of Chris Peikert. In this "New Hope" key exchange the authors try to gain security by having the basepoint for the key…
Andrea Russo
  • 111
  • 1
  • 3
11
votes
2 answers

Appropriate scrypt parameters when generating an scrypt hash

What values for CPU, memory and parallel difficulty should be used when generating an scrypt hash? i.e. $N The CPU difficulty (must be a power of 2, > 1) $r The memory difficulty $p The parallel difficulty I'm using the PHP…
McJohnson
  • 243
  • 2
  • 4
11
votes
1 answer

Does a big salt have the same memory effects as Bcrypt?

Citing Thomas Pornin on the question Why can't one implement bcrypt in Cuda?: bcrypt is a variant of the Blowfish key scheduling, which is defined over a table (a few kilobytes) which is constantly accessed and modified throughout the algorithm.…
Luc
  • 1,508
  • 3
  • 19
  • 34
11
votes
2 answers

Should HMAC-SHA3 be preferred over H(C(k,M))?

If I understand correctly SHA-3 (Keccak) is resistant against more attacks than SHA-2. This would make it possible - again if I understand correctly - to use SHA-3 with a simpler scheme than HMAC. Would there still be a reason to use the HMAC…
Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
1 2 3
99 100