Topic: Cryptography

Recent Tags

2nd-preimage-resistance abe access-control advantage aes aes-gcm algebraic-attack algorithm-design anonymity argon2 arithmetic asn.1 attack authenticated-encryption authentication backdoors bcrypt bilinear-pairing birthday-attack blake2 blind-signature block-cipher blocksize blowfish bls-signature brute-force-attack cbc cbc-mac cca1 certificates cfb chacha checksum chosen-ciphertext-attack chosen-plaintext-attack classical-cipher cmac coding-theory collision-resistance commitments commutative-encryption complexity compression-function computational-complexity-theory constants convergent-encryption cpu crc cryptanalysis cryptocurrency cryptographic-hardware ctr database davis-meyer decryption des deterministic-encryption diffie-hellman diffusion discrete-logarithm distinguisher dsa eax ecb ecies ed25519 ed448 elgamal-encryption elliptic-curve-generation elliptic-curves encoding encryption enigma entropy ephemeral error-propagation feal feistel-network file-encryption finite-field fips-140 forgery format-preserving frequency-analysis function-evaluation functional-encryption garbled-circuits gcm gimli group-theory hard-core-predicate hash hash-based hash-signature history hmac homomorphic-encryption identity-based-encryption implementation indistinguishability information-theory initialization-vector integrity io ipsec keccak key-derivation key-exchange key-generation key-recovery key-reuse key-schedule key-size keys known-plaintext-attack lattice-crypto lfsr libsodium lightweight linear-cryptanalysis literature lwe mac malleability man-in-the-middle matrix-multiplication md5 meet-in-the-middle-attack mental-poker military-encryption modes-of-operation modular-arithmetic monotone-access-structure multiparty-computation multiple-encryption negligible nist nonce notation nsa ntru number-theory oaep oblivious-transfer ocb ofb one-time-pad one-time-password one-way-function onion-routing openssl otr padding padding-oracle paillier pairings password-based-encryption password-hashing passwords pbkdf-2 perfect-secrecy performance permutation pgp pir pkcs11 pkcs8 pki poly1305 post-quantum-cryptography preimage-resistance prime-numbers probability proof-of-work protocol-design provable-security proxy-re-encryption pseudo-random-function pseudo-random-generator pseudo-random-permutation public-key puf random-number-generator random-oracle-model randomness rc4 reduction reference-request replay-attack rijndael ring-lwe rsa s-boxes s-mime s2k salsa20 salt schnorr-identification schnorr-signature scrypt searchable-encryption secp256k1 secret-sharing secure-storage security-definition semantic-security serpent sha-1 sha-2 sha-256 sha-3 sha-512 shacal-2 side-channel-attack signal-protocol signature simulation siphash software-obfuscation sponge srp ssh statistical-test stream-cipher substitution-cipher symmetric terminology test-vectors threshold-cryptography timing-attack tls tokenization transport-security trapdoor tweakable-cipher twofish universal-hash verifiability verifiable-random-function vigenere voting wpa2-psk x25519 xml-encryption xor xts zero-knowledge-proofs

Recent Articles

Solving system of equation based on RSA

Base64 or hex to attach auth tokens to URL?

How much security is gained from hiding the nonce?

(In)security of multiplicative blinding / one-time-pad in a commutative ring

Is there some restrictions on values of p,q,d,e etc in RSA algorithm while trying to encrypt English Ciphertext?

How to prevent the solution of a discrete logarithm problem from being found in a collision way by accident

NIST example shows extra hexadecimal characters in Block Contents of SHA512-256

NIST example shows extra hexadecimal characters in Block Contents of SHA512-256

Is constant-time compare really required for AEAD ciphers?

Is constant-time compare really required for AEAD ciphers?

How to encrypt data which never leave the client but can't be decrypted without the server?

Commutable and Composable Asymmetric Encryption/Decryption

Is there any way to (irrevocably) *transfer* a private key to another person?

Is there any way to (irrevocably) *transfer* a private key to another person?

Understanding the small cofactor attack with Elliptic Curves of non-prime order

Diffie-Hellman over $GF(2^{128})$

Zk Proof to Prove that I know the secret x of y = HASH(x)

Is there a cryptographic algorithm that can make a "lottery ticket"?

ECCDH: direct or with temporary ECC keypairs?

Help with clarification/definitions of Oblivious Transfer (OT) flavors

Where is the definition of one-way trap-door function used in public key cryptography

Replacing Curve25519 with Ristretto255

In Schnorr identification protocol, what happens if the prover uses r+c+x or rx+c.. etc. rather than r+cx?

Why the definition of bilinearity property is different in cryptography compared to mathematics?

Uniform rejection sampling by shifting or rotating bits from CSPRNG output, safe?

How to know that MAC isn't modified in ECIES

What is the meaning of the power notation in the access structure?

What does "key version" refer to when talking about AES 128 in NXP's datasheet?

New paper claims quantum polylog time attack on AES

Derive independent values using block cipher

Follow-up II: Number of points on an elliptic curve

How is RSA-OAEP secure from CCA2?

Follow-up: Number of points on an elliptic curve

How does AES GCM encryption work

Security level of the hash of the sum of two uniformly random keys

Limit definition of negligible function

How can I distribute a set of anonymous tokens digitally among a known limited population to do anonymous voting?

Are all quadratic twists of an elliptic curve equivalent?

Is there a scheme to enforce a random seed without leaking the seed?

Discovery of Ed25519 128-bit private key where a KDF has not been used

How does a CertificateVerify message prevent MITM attacks in TLS 1.3

Argon2id creating key for cryptography, how acceptable is it to use the same salt for the same encryption operation?

Does the AES-GCM specification require the tag-size to be bound to the GCM context?

How is BLS secure against adaptive selection message attacks when the message is known?

Number of points on an elliptic curve

If I have enough examples of a private key's signature, can I discern it?

If I have enough examples of a private key's signature, can I discern it?

LWE with a binary matrix A

AES-GCM with different IVs but close enough for counter to cause duplicates

Can the indistinguishability obfuscator leak the password when obfuscating the password checking function?

Using AES-256-GCM, is your security only 128 bits when solely relying on the MAC?

How does a GMAC in GCM not nullify the utility of a seekable decrypt-able stream

How to securely XOR two passphrases in JavaScript?

How to securely XOR two passphrases in JavaScript?

Security of using AND instead of XOR operation for an OTP

LWE problem with a sparse matrix

How to break RSA when $q = e^{-1} \bmod p$?

Keyless cipher proof

Differences between algorithms, ciphers, primitives and functionalities

Sponge Duplex authenticated encryption with nonce reuse or no nonce

How do you use a PQC Hybrid Shared Secret in Practice?

Simon's quantum algorithm for symmetric encryption

Key Committing AES-GCM

Probability conventions in cryptography


Does hashing a secret/seed make it effectively 2X less secure?

Zero-knowledge proof that the exponents of a Pedersen commitment are not zero

Is there a test that put into numbers how secure a password hashing is?

Why expand keys? Why not rather generate a longer key?

Security Level of DSA given parameters

On using interaction to achieve FHE from old PHE schemes

Are Block Ciphers Pseudorandom functions?

How to expand elliptic curve public key from compressed form?

What is the security of multiple encryption using Even–Mansour scheme (XEX)?

Private key encryption based on NP-complete problem

Is disabling padding integrity check in CBC implementations a good way of overcoming / mitigating padding oracle attack?

Parameters for high density SIS

Addition on elliptic curves on finite fields: what if X_1 = X_2 and Y_1 != Y_2?

What is the name of this kind of logic diagram?

Question on Simulation based security proof for Oblivious Transfer (OT) against semi-honest adversaries

What is more efficient to Encrypt then MAC or to MAC then encrypt

For AES-GCM, does knowing plaintext and ciphertext allow attacker to learn the key?

An unconditional proof of a PRP by restricting adversary run time

How come we only need to generate the first tree in each layer in XMSS MT

Hotbits vs. vs. Anything else?

ASN.1 integer question for DSA

How can I reverse a so-called CRC16 from the data?

How can I reverse a so-called CRC16 from the data?

Did digital signatures come from Zero Knowledge Proofs?

When does the need of random data become an assumption?

Why use pairing to construct identity based encryption?

Is it necessary to (length) pad a fixed length one time pad in the presence of a HMAC?

Can there be identical elliptic curve groups of points from different irreducible polynomials in binary extension fields?

Difference signature / asymmetric encryption (PQC)

Difference signature / asymmetric encryption (PQC)

If RSA uses $e$ with $\gcd(e,\phi(N))\ne1$ but $e$ is hard to factorize has an adversary still an advantage in finding $d$ for $m^{ed}\equiv m\mod N$?

Why does the RFC version of HKDF-Expand start the counter at 1?

How to do addition in Montgomery form?

regarding MDS matrix and security

HMAC data and key swap