Questions tagged [symmetric]
Symmetric cryptosystems assume two communicating entities share a pre-established secret key.
858
questions
-1
votes
0
answers
36
views
Password Manager: Sending stored passwords in API response [closed]
I am building a password manager with client-server architecture. The server will host REST APIs to manage passwords and the client (Web or Mobile) will use these APIs.
The server will store passwords ...
4
votes
0
answers
85
views
+50
Most simple transport encryption for link-constrained environments
What is the most simple, but yet well-known "protocol" to protect a unidirectional channel over air?
Requirements
The protocol should provide common properties like privacy, integrity and ...
2
votes
1
answer
69
views
Is AES-GCM safe if same key is used for both uplink and downlink, assuming last IV bit tells the direction
I have designed a cryptographical protocol which uses AES-GCM with a single key.
I have gone to great lengths to ensure the same initialization vector is never reused. The first bits of the ...
0
votes
1
answer
52
views
Is a salt necessary when using a key and an intialization vector during encryption?
I use OpenSSL to encrypt passwords. For that the parameters - $S
$ salt, $K$ key, $IV$ initialization vector are used.
Although the command produces the results, I am not sure if the salt is really ...
1
vote
0
answers
24
views
Exploring Quantum Attacks in Q1 Model on Symmetric Primitives with Better than Quadratic Speedup
I'm exploring quantum attacks (in the Q1 model) on symmetric structures, including hash functions, block ciphers, modes of operation and stream ciphers with time complexity beyond quadratic speedup.
I'...
1
vote
1
answer
124
views
AES-CTR Mode, Predictability of Nonce
I'm trying to rebuild AES-CTR mode and have some questions concerning the generation of the nounce.
I've comonly seen the nonce be distributed like this $Nonce_{128\,bits} = IV_{64\,bits} \mathbin\...
0
votes
0
answers
34
views
Is the CFB mode of Encryption related-key secure
I am going through the paper https://www.iacr.org/archive/fse2013/84240283/84240283.pdf where the related key security of CBC mode of encryption is well analyzed. I am concerned about whether the CFB ...
1
vote
0
answers
41
views
In Kerberos, is the "Authentication Server" the only "Trusted Third Party"? Or is "Ticket Granting Server" also a "Trusted Third Party"? [closed]
I know that AS (Authentication Server) is a TTP (Trusted Third Party) because it generates keys for two entities (for the client and the TGS).
But what about TGS (Ticket Granting Server)? It also ...
1
vote
1
answer
70
views
Is there any notion of key-recovery attacks security (perhaphs using games) that is equivalent to IND-CPA?
I am talking about Symmetric Cryptography only in the following.
We know that Semantic Security (in the presence of eavesdropper) implies security against message recovery (in the presence of ...
2
votes
1
answer
63
views
Is AES-CTR mode with predictable IV vulnerable to CPA attacks?
I'm just confused about this topic problem.
I know that the CBC mode will be vulnerable to CPA attacks if the IV is predictable, but what about the CTR mode?
0
votes
1
answer
90
views
Asymmetric encryption of the AES key made available along with the ciphertext
I know there are much more sophisticated encryption schemes than this one that achieve the same goal but I would like to understand any weaknesses in this basic, and probably typical, process:
...
1
vote
1
answer
81
views
Shannon's Perfect Security for Asymmetric Encryption
I have the following definition of Shannon's Perfect Security.
Assuming messages and keys are drawn randomly from some distribution then:
The probability of guessing plaintext m is not enhanced by ...
2
votes
0
answers
46
views
Design criteria of block ciphers in quantum setting
Some design criteria of block ciphers are already known for the resistance against known attacks like differential, linear , boomerang, etc. Does there already exist any study of design criteria of ...
1
vote
1
answer
54
views
Differential uniformity of vectorial Boolean function
What could we say about differential uniformity of (a vectorial Boolean function) $F = f+g \pmod 2$ (i.e. XOR) in terms of differential uniformity of $f$ and $g$?
1
vote
0
answers
46
views
How Helpful is NXP's LRP Encryption Protocol vs AES for short keys?
NXP has a custom (I think) encryption protocol known as "Leakage-Resistant Primitive", or LRP, built on top of AES. I think the goal of this is to basically "expand" the length of ...
1
vote
1
answer
71
views
Is it possible to use Diffie-Hellman protocol for symmetric group?
I was asked this question during one of my first cryptography classes, and I'm not sure if I understand it correctly. To begin, I know that after using the Diffie-Hellman protocol (which itself is ...
1
vote
0
answers
189
views
Mathematical approach to symmetric cryptography
I'm no mathematician but when thinking about block ciphers such as AES I find it much easier to think of them as a mathematical function $f$ (rather than an 'algorithm') such that $c=f(m,k)$ with $c$ ...
2
votes
2
answers
109
views
Can you use ChaCha20 as one-time pad?
My knowledge of cryptography nothing beyond basic so I am by no means an expert, but I do know a bit of undergraduate mathematics including number theory.
I know that stream ciphers like ChaCha20 is ...
0
votes
0
answers
35
views
Does Qrypt's BLAST protocol based on "Doubly-Affine Extractors" use public-key or symmetric-key cryptography?
The company Qrypt states that "Key distribution based on asymmetric algorithms is a weak link for cryptography" and claims to "enable encryption without distributing encryption keys&...
3
votes
1
answer
205
views
Is DES/2DES/3DES still used?
I checked a related question, but I still did not find the answer I was looking for.
Specifically, do we have any statistics on the usage of DES/2DES/3DES?
It seems from here that credit card systems ...
0
votes
1
answer
101
views
Do I need to use unique IVs if all encrypted data is unique?
I am designing a service where each user has both a unique 256-bit private and public ID. These IDs should be derivable from one another, but only within the backend of my service (as to not expose ...
1
vote
1
answer
77
views
Is a Shift Cipher with Random Insertions Unbreakable?
Imagine an Encryption Algorithm which applies a classic Shift Cipher (also called Caesar or ROT-X) to a text (with only lowercase [a-z] and the space ...
1
vote
0
answers
48
views
Are semantic security and indistinguishability equivalent for symmetric key cryptosystems?
I've seen a lot written about how, in the context of public key cryptosystems, these definitions are equivalent. Is the same true of symmetric key cryptosystems? If so, what are the precise statements ...
0
votes
0
answers
58
views
Does this protocol description and design look sound?
I am working on a tool that uses password derived keys for AES and a selectable modes of operation to encrypt (and later decrypt) text for storage on an insecure media. The tool is constrained to ...
0
votes
0
answers
17
views
Web app server side encryption scheme
I'm asking if this encryption scheme would increase the security of the user's data. Here's how it would work:
The user would create an account (username + password). An encryption key (symmetric) is ...
0
votes
1
answer
71
views
Shared Key message-encryption multiple receiver communication
Say there are 5 parties. 1 is the sender, and 4 are the receivers.
The sender has a unique shared key with each receiver.
k1 - between sender and receiver1
k2 - between sender and receiver2
k3 - ...
1
vote
0
answers
226
views
In Symmetric encryption where Alice and Bob message each other, how can both decrypt the same data?
I first posted this question on StackOverflow but they told me it belongs here instead:
https://stackoverflow.com/questions/77856486/in-symmetric-encryption-where-alice-and-bob-message-each-other-how-...
2
votes
1
answer
612
views
How does SMB authentication work?
When I learned about the inner workings of the TLS protocol and what exactly it protects a connection against, I was surprised to learn that even asymmetric encryption can be defeated by a MITM attack ...
0
votes
0
answers
69
views
Key-dependent cipher generation
Is there any cryptanalysis possible if the cipher itself is deterministically derived from key material?
For example, suppose you have n building blocks (ARX primitives, AES ops, other primitives) and ...
1
vote
1
answer
81
views
Security of this MAC scheme
I'm studying for a cryptography exam, I have this question from a past exam:
Consider the MAC with key $k$, based on a block cipher $E_{(k)}$ with block size $n$, and a collision-resistant hash ...
-1
votes
1
answer
82
views
Is plaintext and ciphertext absolutely one-to-one in symmetric encryption algorithms? [closed]
Known conditions:
The block size of this algorithm is 16 bytes.
If there are multiple encryption modes, then it is limited to ECB mode.
Always use only one immutable key.
Since only ECB encryption ...
0
votes
0
answers
61
views
The security of cyclic affine key schedules
Suppose that $k$ is the key for a block cipher. I am interested in the security of key schedules of the form $(k_0,\dots,k_n)$ where $k=k_0$ and $k_{j+1}=A_jk_j+b_j$ where each $A_j$ is some constant ...
1
vote
0
answers
82
views
Can the requirement to increase rounds with key size be bypassed?
When taking AES for example, the number of rounds increases as the key size increases.
This is done in order to adequately diffuse key bits into the state of the cipher.
Suppose you replace the AES ...
0
votes
1
answer
101
views
How to evaluate the minimum complexity of the key recovery when the success probability p is given?
Since the practical security of a symmetric-key primitive is determined by evaluating its resistance against an almost exhaustive list of known cryptanalytic techniques.
My problem is that could we ...
0
votes
0
answers
78
views
Does something like Symmetric reencryption exist?
I'm an amateur so bear with me.
I was thinking about an E2E solution for data-at-rest proxy scenarios (like cloud storage provider) that allows you to issue and revoke users via symmetric keys.
I'm ...
0
votes
1
answer
639
views
Why does symmetric encryption not provide authentication and integrity? Is it only this type of encryption or cryptology in general have this issue?
Studying for Cryptology and came across a presentation regarding on "Integrity vs Authenticity" where the discussion briefly mentions how Encryption "does not provide integrity or ...
2
votes
0
answers
119
views
Why KeePassXC is deriving (stretching) the key again before saving changes to the database?
KeePassXC supports Argon2, which is great for security. However, there's a quirk that's been bothering me. Every time I save modifications to the database, it seems to stretch (derive) the key again, ...
4
votes
11
answers
9k
views
For Symmetric Cryptography, why is it considered more important to safeguard a key than the function/algorithm for encrypting/decrypting a message?
As stated for the question above here's an analogy:
You are a robber looking for a house to rob with two different scenarios that might occur.
1. You have a key that you know belongs to a house and ...
0
votes
1
answer
94
views
Does ISAAC really guarantee a cycle length of at least 2**40?
I just noticed that the FSE 1996 conference paper which defines ISAAC mentions a counter variable cc.
This variable is said to be the reason why ISAAC has a ...
2
votes
0
answers
75
views
Is ISAAC+ actually an improvement over ISAAC?
I just tried to implement ISAAC from scratch, using the Jean-Philippe Aumasson paper from 2007 as a reference.
This paper gives a definition of the original ISAAC algorithm as well as the improved ...
0
votes
1
answer
258
views
How secure is a file encrypted with GnuPG, a strong passphrase, and the symmetric option?
Suppose I encrypt a file, of, say, 10 MB, with a secure, suitable passphrase, and the command:
gpg --symmetric my_file.txt
What level of expertise and hardware ...
1
vote
1
answer
342
views
symmetric key generation - random number vs pbkdf2
I am working on improving my grasp on applied cryptography. Following question is just for learning/understanding purposes..
Lets say I want to generate a 16 byte key that I want to use for some ...
1
vote
1
answer
51
views
Does any encryption/decryption algorithm supports linear decomposition?
I am not sure whether "linear decomposition" is appropriate to summary my question: We know that the traditional symmetric encryption/decryption algorithm (like AES, TDES) can be written as:
...
0
votes
1
answer
75
views
Safe implicit value validation: $H_k(k \oplus m) \sim H_k(m)$?
$H_k$ is a cryptographic hash function that's keyed using a section of key material $k$ (for whatever definition of "keyed" that's appropriate for the given hash function $H$).
Are the ...
2
votes
1
answer
264
views
Can I predict CryptGenRandom on my own device?
I have a Windows 10 laptop with an algorithm that creates a random number using the PRNG CryptGenRandom. According to Wikipedia:
Because CryptGenRandom is the de facto standard CSPRNG in Win32 ...
1
vote
2
answers
85
views
Given $i$ keyed-$PRP$ labels $\ell_{i,x}$ from a $2^{256} \times 2^{256}$ Sudoku (Latin-square), how difficult is it for an adversary to solve?
There's a keyed-permutation I'm playing with, $\ell_{i,x} = \pi_i(x_i)$, which is a bijection $X \leftrightarrow X$, where $|X| = 2^{256}$, and whose evaluations on plaintext inputs $x_i$ perfectly ...
0
votes
0
answers
51
views
Securing symmetric ciphers with 56-bit keys
Under the Wassenaar Arrangement and applicable export control law, symmetric cryptography of an (effective) key size of 56 bits or less is (generally) exempted from export control. I am forced to work ...
1
vote
1
answer
75
views
Fully-encrypted (non-fingerprintable) symmetric encryption algorithm?
I am a student in the process of creating a firewall circumvention program based on smuggling data inside of legitimate HTTP. I have limited cryptographic knowledge.
I need a way to encrypt my higher-...
0
votes
1
answer
110
views
Derrive a new key from Trusted Third Party (e.g. Kerberos) session key
Kerberos (and I assume other Trusted Third Party protocols) use (hash) an existing shared secret key to create a session key used for authentication. I read that this authentication secret key can ...
1
vote
1
answer
70
views
How to write monomials in $GF(2^n)$ as a system of equations in $GF(2)$
Let $F = GF(2^n)$ and $P(x) = x^e, P : F \rightarrow F$ be a monomial of degree $e$. How to write each bit of the output of $P$ as a function of input bits? In other words, how to write it as a system ...