cryptography   23564

« earlier    

[Cryptography] Are Momentum and Cuckoo Cycle PoW algorithms broken?
> One detail that bothers me is that SipHash is being used in Cuckoo PoW
in a way that the attacker gets to control all the inputs to SipHash,
and that is not what SipHash was designed to resist. SipHash was
designed to resist an attacker who doesn't control — and actually
doesn't even *know* — the key. There's a possibility (although it
seems unlikely to me) that an attacker could exploit something about
the way Cuckoo uses SipHash to find Cuckoo solutions faster than by
treating SipHash as a random oracle.

> I expressed this concern of mine multiple times to John Tromp in
private communication, and he was not persuaded that it is a real
problem, and he said that the CPU performance is important. I can see
his point: I wasn't able to figure out how to exploit Cuckoo's use of
SipHash after spending a few minutes peering at it. But I'm not a good
cryptanalyst, and the people who are good cryptanalysts have never, to
my knowledge, evaluated SipHash's strength under such conditions.
cryptocurrency  cuckoo-cycle  cryptography 
17 hours ago by num1
Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm (2000)
Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm
security  science  history  cryptography  paper 
23 hours ago by kr4d
bash - How to base64 encode /dev/random or /dev/urandom? - Stack Overflow
”A number of folks have suggested catting and piping through base64 or uuencode. One issue with this is that you can't control how much data to read (it will continue forever, or until you hit ctrl+c). Another possibility is to use the dd command, which will let you specify how much data to read before exiting. For example, to read 1kb:

dd if=/dev/urandom bs=1k count=1 2>/dev/null | base64”
unix  reference  sysadmin  work  security  cryptography  foss  software 
yesterday by kr4d
zkSNARKs in a nutshell - Ethereum Blog
The possibilities of zkSNARKs are impressive, you can verify the correctness of computations without having to execute them and you will not even learn what was executed – just that it was done correctly.
zero-knowledge  cryptography 
yesterday by kkourt
saltpack - a modern crypto messaging format
thin wrapper around NaCl library using MessagePack format, as an alternative to PGP
encrypted  messaging  format  saltpack  cryptography  encryption  messagepack  nacl  PGP  GPG 
yesterday by asteroza
What is the Random Oracle Model and why should you care? (Part 2) – A Few Thoughts on Cryptographic Engineering
The random oracle model is the assumption that your hash function is a call to an oracle which maps every input to a perfectly random output. It's wrong but probably "correct enough", and it makes some proofs easy.

In short: the random oracle model is the assumption that your hash function is a random function.
yesterday by num1

« earlier    

related tags

accounting  activex  algorithm  algorithms  anonymous  apps  ardunio  asp  backdoor  barbets  best-practice  best-practices  bestpractices  bitcoin  blockchain  bodyofknowledge  bok  book  bookmarks_toolbar  books  bootloader  c  ca  cardtricks  challenges  checksum  clojure  cnn  community  component  computer-science  computers  config  crack  creditcard  critique  crypto  cryptocurrency  cs  cuckoo-cycle  cybersecurity  decentralized  development  diagram  digest  digital_signatur  disclosure  diy  domesticspying  dsl  ecc  economics  education  efail  eff  elliptic  email  embedded  encrypted  encrypted_messaging  encryption  energy  essays  ethereum  facebook  finance  fontcode  fonts  format  foss  free  freedomofexpression  gdpr  golang  gpg  grid  hardening  hardware  hash  hashing  history  hmac  hsm  https  ifttt  ikea  illustration  implementation  informationsecurity  infosec  ios  iot  japan  javascript  kata  latacora  lawenforcement  learning  libraries  library  libsodium  links  linux  logging  mac  machine  macosx  magic  management  math  mathematics  meaning  messagepack  messaging  nacl  netw  nodejs  ocr  opensource  openssh  operating_systems  paper  password  passwords  pgp  philippeoechslin  pkcs  pki  policy  politics  privacy  probability  problems  programming  project  python  rainbow  reading-list  readitlater  reference  revo  rust  saltpack  science  search  security  shamirs-secret-sharing-scheme  software  ssh  ssl  steganography  streams  surveillance  swift  sysadmin  technology  tls  tool  totwitter  trojans  tutorial  twitter  unix  unread  usa  usconstitution  user  vb6  virtual  whatsapp  wikipedia  wince  work  zero-knowledge 

Copy this bookmark: