Questions tagged [attack]
A cryptographic attack tries to theoretically and/or practically attack the security properties of a cipher and/or algorithm.
473 questions
4
votes
2
answers
281
views
On the unfoundedness of signing as "inverse" of public-key decryption
In their book "Introduction to Modern Cryptography," Katz and Lindell wrote:
Digital signatures are often mistakenly viewed as the “inverse” of public-key
encryption, with the roles of the ...
- 204
2
votes
1
answer
66
views
Multiple Keys Decrypt DES Ciphertext
Messing around on cyberchef I stumbled on some weird DES behavior. Encrypting a message with a key of “password” could also be decrypted with the key “passwosd” example. After some further ...
- 29
1
vote
0
answers
64
views
Reduction from approximate $SVP$ to approximate $GCD$
$SVP(n^a,p)$ be the problem of approximating $SVP$ in $p$-norm to $n^a$ approximation factor.
At $a<1$ there are complexity theoretic hardness results. $a\in[1,2]$ finds cryptographic applications.
...
- 1,179
6
votes
1
answer
675
views
3DES Security nowadays
A properly implemented 3DES consists of 3 independent keys.
The brute-force meet-in-the-middle attack with known plaintext/ciphertext is the most effective brute-force method against 3DES, but it ...
- 99
1
vote
1
answer
100
views
Is it possible to perform a useful Weil descent against an elliptic curve defined over $F_{q^2}$?
Normally a curve using large characteristics is already secure by being prime, but in my case, I saw a system relying of the hardness of the discrete logarithm of an elliptic curve defined over a ...
- 294
4
votes
0
answers
83
views
Why does sequential encryption for PKEs break IND-CCA but not IND-CPA
In my lecture script there is the following task:
Sequential encryption of multiple messages extends the message set of a PKE from $M$ to $M^*$ (and cipher set to $C^*$).
Proof that this construction ...
- 41
0
votes
1
answer
82
views
Is a $2^{O(\sqrt{n})}$ algorithm known for deployed discrete logarithm problems?
I know number field sieve algorithms get $2^{O(\sqrt[3]{n\log^2n})}$ time and space for computing discrete logarithms of $\mathbb Z_p^*$.
Are there problems currently deployed where even an attack of $...
- 1,179
2
votes
1
answer
149
views
Why are only primal and dual attacks dealt with among the various attacks on LWE?
As we see in https://estimate-all-the-lwe-ntru-schemes.github.io/docs/, only dual and primal attacks are the most important attacks against LWE and NTRU schemes. On the other hand, many attacks such ...
- 535
3
votes
1
answer
189
views
Where should I perform EMSA-PSS-encoding (apart from the first hashing step) in a remote signing scenario, on client or server?
I would like to set up a remote signing scenario in which
local: on a client a document exists that is to be signed
remote: a private key for signing resides on a server
Furthermore, I would like to ...
- 31
2
votes
0
answers
70
views
Can we extend the committing security notion to stream cipher?
Can we consider a stream cipher, which takes a key $K$ and a initial vector $IV$ and generates a keystream. Is it possible to construct an attack similar to the notion of context-committing attack, ...
- 137
1
vote
1
answer
138
views
Is the given Somewhat Homomorphic Encryption over Integers still viable and fast?
In the paper: https://eprint.iacr.org/2009/616.pdf
They talk about a public key SWHE over Integers scheme that is pretty simple (I do not care about the FHE aspect of the paper).
I was wondering if ...
- 195
5
votes
1
answer
456
views
Attacks exploiting decryption failures in KYBER
I am going through the portion mentioned under the heading Original KYBER analysis inside Section 5.5 titled Attacks exploiting decryption failures.
$${\sf Pr}[\|v\|> k\sigma \sqrt{m}]< k^m e^{\...
- 161
3
votes
1
answer
215
views
Is EC_POINT_is_on_curve a necessary check when using EC_POINT_mul in openssl?
I'm using EC_POINT_mul in OpenSSL, and I would like to avoid an invalid curve attack. I can see that there is a check for ...
- 31
2
votes
1
answer
321
views
How to find N and e knowing that e = p and N = p*q?
I've been stuck in this problem for a while, this is a challenge about Symmetric RSA:
We know that
$N = p*q$
$e = p$
$ct = pt^p \bmod N$ (1)
We are given $ct$ (which is the flag encrypted) and 4 ...
- 43
2
votes
0
answers
99
views
