All Questions
138
questions
2
votes
1
answer
69
views
Is AES-GCM safe if same key is used for both uplink and downlink, assuming last IV bit tells the direction
I have designed a cryptographical protocol which uses AES-GCM with a single key.
I have gone to great lengths to ensure the same initialization vector is never reused. The first bits of the ...
1
vote
1
answer
124
views
AES-CTR Mode, Predictability of Nonce
I'm trying to rebuild AES-CTR mode and have some questions concerning the generation of the nounce.
I've comonly seen the nonce be distributed like this $Nonce_{128\,bits} = IV_{64\,bits} \mathbin\...
2
votes
1
answer
63
views
Is AES-CTR mode with predictable IV vulnerable to CPA attacks?
I'm just confused about this topic problem.
I know that the CBC mode will be vulnerable to CPA attacks if the IV is predictable, but what about the CTR mode?
2
votes
0
answers
46
views
Design criteria of block ciphers in quantum setting
Some design criteria of block ciphers are already known for the resistance against known attacks like differential, linear , boomerang, etc. Does there already exist any study of design criteria of ...
1
vote
0
answers
46
views
How Helpful is NXP's LRP Encryption Protocol vs AES for short keys?
NXP has a custom (I think) encryption protocol known as "Leakage-Resistant Primitive", or LRP, built on top of AES. I think the goal of this is to basically "expand" the length of ...
0
votes
1
answer
101
views
Do I need to use unique IVs if all encrypted data is unique?
I am designing a service where each user has both a unique 256-bit private and public ID. These IDs should be derivable from one another, but only within the backend of my service (as to not expose ...
1
vote
0
answers
82
views
Can the requirement to increase rounds with key size be bypassed?
When taking AES for example, the number of rounds increases as the key size increases.
This is done in order to adequately diffuse key bits into the state of the cipher.
Suppose you replace the AES ...
0
votes
1
answer
101
views
How to evaluate the minimum complexity of the key recovery when the success probability p is given?
Since the practical security of a symmetric-key primitive is determined by evaluating its resistance against an almost exhaustive list of known cryptanalytic techniques.
My problem is that could we ...
1
vote
1
answer
51
views
Does any encryption/decryption algorithm supports linear decomposition?
I am not sure whether "linear decomposition" is appropriate to summary my question: We know that the traditional symmetric encryption/decryption algorithm (like AES, TDES) can be written as:
...
2
votes
1
answer
264
views
Can I predict CryptGenRandom on my own device?
I have a Windows 10 laptop with an algorithm that creates a random number using the PRNG CryptGenRandom. According to Wikipedia:
Because CryptGenRandom is the de facto standard CSPRNG in Win32 ...
0
votes
2
answers
316
views
How are the iterations of the AES encryption algorithm determined?
All the knowledge I have learned about encryption algorithms tells me that the AES encryption algorithm uses three key bit lengths of 128, 192, and 256 to encrypt data, and these three key bit lengths ...
6
votes
3
answers
9k
views
Can Quantum Computers crack RSA and AES?
Im trying to learn more about cryptography and ran into a post, Is AES-128 quantum safe?, which asks if AES-128 is safe. From the articles and replies it seems that AES-128 (symmetric key) is safe ...
2
votes
1
answer
90
views
In AES, why do we multiply the columns by a polynomial with a repeating coefficient?
In the MixColumns step of AES, one multiplies each of the columns of the $4\times 4$ box of bytes by the polynomial $a(x)=\{03\}x^3+\{01\}x^2+\{01\}x+\{02\}$ (modulo $x^4+1$). But in this polynomial, ...
0
votes
1
answer
157
views
Do multiple keys mitigate Grover algorithm?
Grover, a quantum algorithm, weakens AES and ChaCha20. Is it possible to use multiple symmetric keys to encrypt a message multiple times to achieve 256-bit security for quantum computers?
0
votes
1
answer
193
views
How does AES-CBC encryption achieve non-repeating blocks of ciphertext?
I am very interested in encryption algorithms, especially AES encryption algorithm in symmetric encryption. To this end, I have studied a lot of theoretical knowledge about AES encryption algorithm ...