Newest Questions

Maximum Distance Separable (MDS) Matrices are used for providing diffusion in a cipher. How to test the strength (with respect to cryptographic properties) of an MDS matrix used in a cipher?

The scenario is like this: I need 2 keys for different purposes (encryption + encryption, encryption + mac, or whatever). Because it is not good practice to reuse the same key, I'd like the 2 keys to ...

I'm currently trying to optimise the finite field multiplication in $ \operatorname{GF}(2)[x]/(p)$, where $p = x^8 ⊕ x^7 ⊕ x^6 ⊕ x ⊕1 ∈ \operatorname{GF}(2)[x] $. The thing is that I have to multiply ...

I have 2 key pairs $(x_1, y_1)$, $(x_2, y_2)$. I also have $a = $random 256-bit array and $b = $256-bit of defined values from me. I know the values for $(x_1, y_1)$, $x_2$ and $b$. But I miss the ...

I have an encryption scheme where the secret keys are $(\alpha_1, \alpha_2)$ and $(y_1, y_2)$. $(y_1', y_2')$ are public information. The ciphertext is: \begin{align*} \mathit{ct}_1 &= r_1 \...

What exactly is the difference between key transport and key encapsulation? Either they seem to be used interchangeably or I'm mixing stuff up.

How are short term keys usually implemented by PKCS#11? Is the proper way to distinguish between keys that are more temporary/stored in volatile memory and those stored in non-volatile memory to ...

NIST recommends doing an additional round of hashing using a secret salt: In addition, verifiers SHOULD perform an additional iteration of a key derivation function using a salt value that is secret ...

Quote: The chosen output length of the key derivation function SHOULD be the same as the length of the underlying one-way function output. Could someone please help explain the benefits and concerns?...

In one of their documents, NIST recommends using an approved one-way function, followed by a list of such functions, such as HMAC, KMAC, etc.. However, the wikipedia page says: Unsolved problem in ...

According to Google, to access the id_token it sends along with Access Tokens (for accessing their API), you must first validate the token using the RS256 Public Key available from this page. The ...

I was reading about memory-hard functions recently. In those papers I read, they almost always introduce a time-space trade-off like this: $$ S(n) \times T(n) \in \Omega(\mathrm{Poly}(n)) $$ I ...

Could anyone explain me why the verifier in Honest verifier zero-knowledge Simulator, has to choose a random challenge to send to prover? I have not understood well. Thank you in advance.

Edit: ok, after I re-read the paper a couple of times it is clear that Table 6 is easily derived from Table 5, which describes the collision differential. So the real question is: how did the ...

I'm currently reverse engineering a program that uses Curve25519 key exchange in network communication. I have only a basic understanding of ECC, so maybe this thing just seems strange to me. The ...