Highest Voted Questions - Cryptography Stack Exchange

11

votes

1 answer

Can Skein be used as a secure MAC in format H(k || m)?

Can Skein be used as a secure MAC in format H(k || m)? I understand it can work with HMAC, but it is fine as a one-pass MAC in the format above and resists length extension attacks. Is this assumption correct? One of the Skein authors mentions that…

asked Apr 25 '14 at 11:13

user13183

145
6

11

votes

1 answer

Does AES-CTR require an IV for any purpose other than distinguishing identical inputs?

I'd like to encrypt files deterministically, such that any users encrypting the same plaintext will use the same key and end up with the same ciphertext. The ciphertext should be private as long as the plaintext is. I plan to use AES-128-CTR with an…

asked Jan 03 '12 at 23:36

Jeremy

1
2
7
22

11

votes

3 answers

Why programming languages don't provide simple encryption methods?

In c#, there is a namespace called System.Security.Cryptography and there are many classes in this namespace, which help developers encrypt and decrypt data. However, always they take byte[] array and they return byte[] array. So, as a developer,…

encryption

asked Jan 03 '12 at 06:38

Saeed Neamati

211
2
4

11

votes

0 answers

What might be assumed about a PRF if the key has been chosen?

The defining feature of a PRF $f:\{0,1\}^k\times\{0,1\}^s\mapsto\{0,1\}^*$ is that, if the first parameter is selected at random, it should be indistinguishable from a function $g:\{0,1\}^s\mapsto\{0,1\}^*$ selected at random. But what if the key…

pseudo-random-function

asked Mar 28 '14 at 14:44

Henrick Hellström

10,406
1
30
58

11

votes

1 answer

Mapping of message onto elliptic curve and reverse it?

I would like to perform a variant of Elliptic Curve ElGamal in java using the BouncyCastle libraries. I currently face the difficulty of mapping a message $m$ onto the elliptic curve $E_p$. I have so far multiplied the generator $g$ of $E_p$ by the…

asked Mar 12 '14 at 16:29

franckysnow

213
2
6

11

votes

1 answer

ElGamal Signature Scheme: Recovering the key when reusing randomness

Show how if Alice uses the same value of $k$ to sign two different messages $m_1$ and $m_2$, using the ElGamal signature scheme, Eve can recover the value of $a$ from the corresponding signatures $(m_1, r_1, s_1)$ and $(m_2, r_2, s_2)$. (Note: you…

asked Dec 15 '11 at 18:43

Bobby S

1,943
4
23
30

11

votes

3 answers

Digital Signature using symmetric key cryptography

Generally digital signature is a public key cryptography concept.But it needs high overhead. So is there any publication or link available where 'digital signature using symmetric key' has been explained? Can one generate an algorithm combining the…

asked Feb 23 '14 at 08:51

saptarshi nag

211
1
2
3

11

votes

1 answer

What informal indicators exist for estimating the computational infeasibility of cryptographic problems?

When assuming a block cipher primitive is secure, or a number theoretic problem is hard, this assumption is usually based on how far we are from breaking the primitive or solving the problem using known techniques - using known algorithms and…

asked Feb 20 '14 at 12:22

Henrick Hellström

10,406
1
30
58

11

votes

3 answers

One-time digital signatures

Are there digital signatures for which, given two documents signed by the same key, one could derive the key? With such one-time signatures, one may be able to design a cryptocurrency based on proof-of-stake instead of proof-of-work. To…

asked Feb 08 '14 at 17:34

Randomblue

512
3
13

11

votes

1 answer

Is MD5 second-preimage resistant when used only on FIXED length messages?

I fully realize that MD5 should not be used in any new project, but in my particular situation I have severe CPU performance issues, so MD5 is convenient. I have read a lot about MD5 security for this project, and I know it is broken in several…

asked Feb 03 '14 at 16:18

jcea

343
1
3
9

11

votes

1 answer

Is the Couvreur et al. polynomial time attack on McEliece practical?

There's a new e-print out on arXiv titled "A Polynomial Time Attack against Algebraic Geometry Code Based Public Key Cryptosystems" by Alain Couvreur, Irene Márquez-Corbella and Ruud Pellikaan: "We give a polynomial time attack on the McEliece…

asked Jan 29 '14 at 22:35

fractal

121
2

11

votes

2 answers

Shared secret: Generating Random Permutation

-- or: How to Play Poker Without a Dealer I know this question is long but it's a really interesting theoretical problem about shared secrets and multi-party computation. General Problem: "Shared Random Generation" Consider the following scenario:…

asked Jan 06 '14 at 14:16

leemes

213
1
7

11

votes

2 answers

What characters does AES output?

From what I understand after testing the Crypto-JS file here: http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js AES creates encrypted strings that contained letters, both capitalized and lowercase, as well as numbers, division…

asked Dec 27 '13 at 22:52

Howard Butler

139
1
1
4

11

votes

1 answer

Shadowed identity in cryptography

I was trying to implement zero knowledge protocol for authentication based on the paper "A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory". In that, the first step is… each security…

asked Dec 22 '13 at 02:20

user5507

1,913
5
20
29

11

votes

2 answers

KCV and compatibility with block cipher modes of operation

There has been lately a question on KCV (key check value), value provided by many CRYPTOKI (PKCS#11) implementations. I don't particularly like KCV, but I decided to ask about proper use of KCV. This "KCV" (also known as CKA_CHECK_VALUE object…

asked Nov 22 '13 at 16:48

user4982

5,319
20
32

Most Popular