What is the difference between forward secrecy and key freshness?
Is all random private key that generating a unique session key is both forward secrecy and key freshness?
View ArticleSecure Communication
Focus:I have to design a secure keep alive communication protocol and was wondering if it was necessary to sign the ciphertext after the session key has been generated as an attacker will not know the...
View ArticleRole of long-term asymmetric keys in a forward secrecy instant messaging...
I am trying to understand how forward secrecy works in general, using a simple instant messaging protocol as an example. Tell me if I have this process right or not:1) Alice and Bob each generate a...
View ArticleDifferent ways of building a ChaCha20-based RNG
Let's say you're building RNG with ChaCha20 and the fast key erasure technique. There seem to be a few ways to do it.The reference implementation in the SUPERCOP benchmarking toolkit looks like...
View ArticleStruggling to understand Perfect Forward Secrecy
From the definition on Wikipedia:In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session...
View ArticleProviding forward secrecy with RSA
Forward secrecy with RSA is asked here:Is perfect-forward secrecy achieved with RSA? and fgrieu gave an answer based on creating temporary RSA keys and signing them. And, in the end, he mentionsThe...
View ArticlePerfect Forward Secrecy Stream Cipher based on Block Cipher
I'm thinking about ways to encrypt an endless stream of data (e.g. a video or audio feed) in a way, where a compromise of the current internal state of the encryption (e.g. a RAM dump) does not...
View ArticleWhen/why is RSA (hybrid) encryption used rather than alternatives?
I've read that RSA is not meant for encrypting large plaintext because:(Are these also true for other public-key encryptions like ElGamal?)It is slow.Padding makes the ciphertext blocks much longer.No...
View ArticleIs encrypted e-mail sent over TLS 1.3 a form of "forward secrecy" (similar to...
One common complaint about GPG-encrypted e-mail is that it doesn't provide forward secrecy; however with opportunistic TLS becoming increasingly common in both IMAP and SMTP, it's not unreasonable to...
View ArticleHow does DHE-RSA work and why is PFS guaranteed?
How does it work and why is forward secrecy guaranteed? I understood that it is not susceptible to a man-in-the-middle attack by using certificates in the beginning.
View ArticleCreating cryptographic algorithms at runtime
Would it be possible to create a program with which to create a cryptographic algorithm (i.e. encryption or hash) using well-known elements of other algorithms in the same way that algorithms "reuse"...
View ArticleDoes NTRU provide Perfect Forward Secrecy?
Does NTRU provide Perfect Forward Secrecy if the world would use it in an HTTPS connection?
View ArticleForward Security of Symmetric Encryption Schemes with LFSR based PRNG
Forward security can be achieved using symmetric encryption schemes by combining with a pseudo-random number generator (PRNG). Does LFSR based PRNG provide forward security in this case?
View ArticleIs any encryption system that changes keys for each session "forward secure"?...
As far as i understand, a encryption system is forward secure if new session keys are generated for each session, which is also part of what wikipedia says about forward secrecy:By generating a unique...
View ArticleAre key evolving signatures (or forward secure signatures) that secure?
Reading this paper Forward-Secure Digital Signature Scheme I discovered the notion of key evolving signatures. The intuition behind these signatures is clear: one uses different private keys to...
View ArticleCan you help me understand PFS and wPFS?
Every time I encounter the concepts of PFS (perfect forward secrecy) and wPFS (weak perfect forward secrecy), I feel uncertain about them. My understanding is that: PFS ensures that, if the parties'...
View Articlewhat motivated the design decisions of RFC 8291 ("Message Encryption for Web...
Related question here.I'm reading RFC 8291, which describes a protocol to protect web push messages sent between an application server and a user agent (typically a mobile browser or other mobile...
View ArticleWhy is DH key exchange still useful, if a public key certificate is used?
EDIT:According to Gilles's comments and fgrieu's answer below, I would like to summarize what I have learned, and what's still needs explanation:DHKE is necessary for forward secrecy even when PKI is...
View ArticleDefinitions of secrecy
I found terms like "forward secrecy", "future secrecy", "backwards secrecy" and "perfect forward secrecy" and I would like to know their definitions and to understand the differences among them.I found...
View ArticleDoes the libsodium sealedbox provide forward secrecy?
I am using sodiumoxide, a Rust binding to libsodium that provides a function named sealedbox that requires the receiver's public key. However, they also mention that the message is encrypted with an...
View Article