User DannyNiu - Cryptography Stack Exchange

3 votes

2 answers

399 views

Do Korea and Japan have their own national hashing standard?

asked Dec 2, 2020 at 6:39

2 votes

0 answers

217 views

How are ChaCha-based ARC4Random CSPRNGs initialized and reseeded?

asked Nov 27, 2020 at 12:12

2 votes

1 answer

152 views

How does randomized hashing defeat collision attack?

asked Oct 21, 2020 at 3:21

2 votes

2 answers

169 views

What are the typical instance parameters of non-commutative cryptographic schemes?

asked Apr 10, 2021 at 11:47

2 votes

2 answers

564 views

Does SHA-256 have (128-time + 128-space = 256-overall)-bit collision resistance?

asked Jun 23, 2021 at 3:31

2 votes

1 answer

145 views

Is matrix elliptic curve discrete logarithm problem quantum-safe?

asked Sep 28, 2020 at 14:45

2 votes

2 answers

421 views

How to handle modular arithmetic with regard to two's-complement negative numbers?

asked Feb 14, 2021 at 13:43

2 votes

0 answers

115 views

SSL/TLS Forward secrecy with 2 KEM public keys

asked Sep 9, 2021 at 12:17

2 votes

1 answer

300 views

Is it possible to create a Dilithium Prime or Falcon Prime?

asked Sep 19, 2021 at 22:35

2 votes

0 answers

120 views

Are blockciphers with 64-bit blocks still relevant (in any scenario)?

asked Jul 25, 2021 at 10:12

2 votes

0 answers

125 views

What motivated CCM's monstrous design?

asked Jul 26, 2021 at 12:07

2 votes

1 answer

83 views

How to determine whether a point is at infinity in homogenous coordinates?

asked Jan 14, 2022 at 9:04

2 votes

2 answers

216 views

*-LWE equivalent of Diffie-Hellman $g^{x^2}$ vulnerability

asked Nov 18, 2021 at 9:25

2 votes

1 answer

147 views

How important is constant-time verification of lHash label in RSA-OAEP?

asked Mar 26, 2022 at 3:20

2 votes

1 answer

326 views

Double-CBC as AES-KW Substitute?

asked Jun 17, 2017 at 12:41

2 votes

1 answer

233 views

NIST DRBG algorithms' optional parameter

asked Oct 15, 2019 at 7:25

2 votes

3 answers

612 views

Are XOFs and KDFs more usable than DRBGs?

asked Apr 9, 2019 at 7:23

2 votes

1 answer

127 views

Can HKDF be instantiated with HMAC-SWIFFT?

asked Jun 12, 2019 at 7:29

2 votes

2 answers

589 views

Choosing between RLWE-KEX methods.

asked Jul 20, 2016 at 3:23

2 votes

2 answers

278 views

How would low-precision Gaussian sampling impact the security of BLISS?

asked Jul 25, 2016 at 4:23

2 votes

0 answers

54 views

Reference request: 256-byte digital signature metadata block format

asked May 20, 2025 at 3:45

2 votes

0 answers

93 views

Does the supposed domain separation make it safe to reuse Ed25519 public key for Curve25519 key establishment?

asked Sep 14, 2024 at 11:52

2 votes

0 answers

61 views

I just want a post-quantum permutation and I don't care about efficiency. Can multivariate reciprocals help me?

asked Sep 21, 2024 at 16:42

2 votes

1 answer

231 views

Does it make sense to offer only 512-bit hash in a post-quantum DSS?

asked Oct 9, 2024 at 11:55

2 votes

1 answer

113 views

Is this half-smart way of verifying EdDSA signature secure?

asked May 6, 2022 at 9:12

2 votes

1 answer

120 views

API design that maximizes the potential of parallel and tree hashing

asked Aug 4, 2022 at 4:30

2 votes

1 answer

99 views

ML-DSA without lattice

asked Dec 5, 2025 at 14:03

2 votes

0 answers

66 views

Is solving MQ systems hardest when the number of equations equals the number of unknowns?

asked Dec 6, 2025 at 14:53

2 votes

1 answer

265 views

Constant-Time Base64 Codec - Necessity and Implementation

asked Jul 27, 2023 at 6:39

2 votes

0 answers

119 views

Is polynomial the answer?

asked Oct 19, 2025 at 7:48

Stack Exchange Network

93 Questions

Do Korea and Japan have their own national hashing standard?

How are ChaCha-based ARC4Random CSPRNGs initialized and reseeded?

How does randomized hashing defeat collision attack?

What are the typical instance parameters of non-commutative cryptographic schemes?

Does SHA-256 have (128-time + 128-space = 256-overall)-bit collision resistance?

Is matrix elliptic curve discrete logarithm problem quantum-safe?

How to handle modular arithmetic with regard to two's-complement negative numbers?

SSL/TLS Forward secrecy with 2 KEM public keys

Is it possible to create a Dilithium Prime or Falcon Prime?

Are blockciphers with 64-bit blocks still relevant (in any scenario)?

What motivated CCM's monstrous design?

How to determine whether a point is at infinity in homogenous coordinates?

*-LWE equivalent of Diffie-Hellman $g^{x^2}$ vulnerability

How important is constant-time verification of lHash label in RSA-OAEP?

Double-CBC as AES-KW Substitute?

NIST DRBG algorithms' optional parameter

Are XOFs and KDFs more usable than DRBGs?

Can HKDF be instantiated with HMAC-SWIFFT?

Choosing between RLWE-KEX methods.

How would low-precision Gaussian sampling impact the security of BLISS?

Reference request: 256-byte digital signature metadata block format

Does the supposed domain separation make it safe to reuse Ed25519 public key for Curve25519 key establishment?

I just want a post-quantum permutation and I don't care about efficiency. Can multivariate reciprocals help me?

Does it make sense to offer only 512-bit hash in a post-quantum DSS?

Is this half-smart way of verifying EdDSA signature secure?

API design that maximizes the potential of parallel and tree hashing

ML-DSA without lattice

Is solving MQ systems hardest when the number of equations equals the number of unknowns?

Constant-Time Base64 Codec - Necessity and Implementation

Is polynomial the answer?