software developers, mathematicians and others interested in cryptography
Solved Questions
Unsolved Questions
  1. Question about calculation amount for proportion of collision pair and preimage

  2. Preimage attack against compression function and Merkle-Damgard conversion
  3. Hash collision proportion
  4. learning with errors (LWE) or lattice-based cryptography -- which is a superior post quantum cryptographic construction?

  5. Identify method of encryption
  6. Can reduced-round ChaCha be used as non-cryptographic fast PRNG to produce output indistinguishable from random data?
  7. How does `d-KCA` help secure the zcash protocol?

  8. Security Implications of Fixed & Opposite Fixed Points of Sbox

  9. do koblitz curves always have the a parameter as 0?
  10. Decryption of a file encrypted by pseudo-random number generator (The Linear Congruence rand()
  11. AES encryption using a Diffie-Hellman question

  12. Understanding how Oscar can decrypt a message in RSA

  13. ciphertext stealing and CTR

  14. Is AES-Keywrap (NIST SP 800-38F) quantum-safe?

  15. Executing ECDH using OpenSSL's implementation

  16. Justification for the way s is computed in DSA?

  17. How do I choose blind sizes?
  18. How trivial is it to derive a private key from two public keys?

  19. Does keyless encryption exist?

  20. In a very simplistic and step by step example, how do I get the 'w' values for SHA256?
  21. Secondary private key that produces limited certificates
  22. GCM cipher M0 tables : semantic questions on how to implement GCM

  23. Understanding reversible addition in a prime field

  24. Paillier VS RSA

  25. Can FFT be useful in encryption of dicom images?

  26. CP-ABE for threshold cryptography
  27. Key strenth in Cipher cascades (Veracrypt)

  28. How do I explain zero knowledge proof to my 7 year old cousin?

  29. Constructing public key encryption schemes with desired ciphertext expansion

  30. Computing power function with BGW scheme
  31. ElGamal encryption and signature using same keys

  32. Exploit poorly generated Diffie-Hellman parameters
  33. Generating RSA public/private key pair with Crypto++ vs GPG4Win
  34. Are there cryptographic hash functions that can be computed using only paper and pen without leaking any information about the plaintext?

  35. Using round constants to thwart slide attacks

  36. Secure data storage in OWA

  37. Is it possible to permute a binary vector obliviously?
  38. Secure pseudo-random generator

  39. Exponentiation in ECC
  40. Decrypting message based on plain-text and encrypted text
  41. Secure group chat with large groups
  42. Recommended key lengths for BLAKE2b
  43. Questions regarding the concept of encrypting a device's USB communication

  44. What is the link, if any, between Zero Knowledge Proof (ZKP) and Homomorphic encryption?

  45. Can we construct a simulation sound NIZK (Non Interactive Zero-Knowledge) proof?

  46. Successful Cryptanalysis Research/Attacks on Zero-Knowledge Proofs?

  47. How to cipher with N public keys and decipher with ANY of the N private keys?
  48. Clarification on Hill Cipher crib dragging technique
  49. Secure Pseudo-random functions

  50. What changed in PKCS#1 v2.2, and why?

  51. How secure is ECDH if the public keys are never changed?

  52. Safely using ciphers that take small key sizes

  53. Is there a way to double the size of ciphertexts of a public-key scheme which is IND-CCA2
  54. How would Private-key Cryptography be if we use quadratic polynomials as OWF's?
  55. RSA - Half information
  56. Hashing Resource ID Into Publicly Known Value Securely

  57. RSA: Calculate the private key $d$ when $p,q,e$ are known?
  58. Backward Expansion of SHA1
  59. How should I read these three-dimensional (pseudo)random-generated numbers representations?

  60. ECDSA Signature R|S to ASN1 DER Encoding question

  61. Is it secure using LWE-based cryptosystem under RLWE-based parameters?
  62. Group signature's Scheme
  63. Commit and prove as a general trick for malicious security
  64. I have the ciphertext only. Is it possible to know the key & the plaintext? If not, what do I need to find it?

  65. How to show that the following function is not a OWF?
  66. AES encryption algorithm (MIX COLUMNS)
  67. Varying ECDH key output on different ECC implementations on the secp256k1 curve
  68. Verification using recovered public key from ECDSA signature and normal verification: what are the differences?
  69. ECIES encryption output with additional parameters

  70. RSA private key d knowing e,n

  71. One-time pad and Perfect secrecy

  72. Can sending the same plaintext twice, each encrypted with different key and IV, weaken the encryption?

  73. Blockcipher: key space define permutations of blocks

  74. MAC size 128 bits or more?

  75. Can Fully Homomorphic Encryption do comparisons?

  76. RSA: Given two very large prime $p,q$ and $n=p\;q$, how to quickly find $e$ such that $\gcd(\varphi(n),e)=1$?

  77. My friend sent me a code, could somebody help me decipher it?
  78. whether the order of the leaves in merkle tree will affect the result of merkle root?
  79. Can someone explain an algorithm to generate primitive polynomials over a field Fp?

  80. AES Encryption using C# and Decryption using Java (Android)

  81. 0.75 confidence in bit prediction through $\chi^{-1}$

  82. Finding $d$ in RSA Encryption mathematically and by hand
  83. Tampering with Shamir's subshares

  84. Why does Signal repeatedly hash the secure passphrase?
  85. Crypt-analysing modified AES algorithm with no shift-rows, and no key-expansion

  86. How long will brute force of salted SHA-512 hash will take, if salt is known and possible characters in password are known?
  87. Does anybody know the original paper for this approach?

  88. Elliptic curve representation

  89. Will this Cryptosystem Works?
  90. Does the DES s-box only provide confusion, or does it also provide an avalanche effect?

  91. Compact Schnorr signature?

  92. Lattice-based cryptosystems for blockchain/ledger?

  93. How cryptographically secure was the original WW2 Enigma machine, from a modern viewpoint?

  94. Can I use Shamir's secret sharing scheme for multiplicative homomorphism for secure multiparty computation?

  95. What is the malicious potential of a key-substitution-attack?
  96. Is using the same IV in AES similar to not using an IV in the first place?

  97. Differences between sponge construction, hash function and random oracles.

  98. help with ciphertext with no obvious key
  99. Expanding truly random key into printable password for successive hashing
  100. How to express access structure ( access tree, linear secret sharing , etc.)