Filters








17 Hits in 0.92 sec

Forking a Blockcipher for Authenticated Encryption of Very Short Messages [article]

Elena Andreeva, Reza Reyhanitabar, Kerem Varici, Damian Vizár
2018 IACR Cryptology ePrint Archive  
The concept of forkcipher, a new kind of cryptographic primitive, has been proposed as a mean to sidestep the overcome the limitations of AE schemes based on typical primitives (such as blockciphers).  ...  The work is supported in part by funding from imec of the Flemish Government.  ...  Elena Andreeva was supported in part by the Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things with contract number C16/15/058 and by the Research  ... 
dblp:journals/iacr/AndreevaRVV18 fatcat:5f6zwcawgzhzrlsduv67ukotzq

Cryptanalysis of Forkciphers

Augustin Bariant, Nicolas David, Gaëtan Leurent
2020 IACR Transactions on Symmetric Cryptology  
Recent cryptanalysis results at ACNS '19 have shown that ForkAES actually offers a reduced security margin compared to the AES with an 8-round attack, and this was taken into account in the design of ForkSkinny  ...  This is the first attack challenging the security of full ForkAES.  ...  Cryptanalysis of ForkAES ForkAES [ARVV18] is based on the AES standard [DR13] ; more precisely, it is a forked variant of the tweakable block cipher Kiasu-BC [JNP14] , which reuses the AES round function  ... 
doi:10.13154/tosc.v2020.i1.233-265 dblp:journals/tosc/BariantDL20 fatcat:zwgafu35gjbvxpxtqnztifazia

Multiple Impossible Differential Attacks for ForkAES

Zilong Jiang, Chenhui Jin, Jin Wook Byun
2022 Security and Communication Networks  
This paper studies the security of ForkAES against multiple impossible differential cryptanalysis.  ...  The designers also presented ForkAES, a forkcipher that is based on the round function of AES and the tweakable variant of KIASU.  ...  Acknowledgments e work in this paper was supported by the Natural Science Foundation of China (grant no.: 61772547, 61902428, and 61802438).  ... 
doi:10.1155/2022/5360032 fatcat:xd35agzrozf5zcy2bujeze2c54

Looking at the NIST Lightweight Candidates from a Masking Point-of-View [article]

Lauren De Meyer
2020 IACR Cryptology ePrint Archive  
One of the most popular techniques for this purpose is masking. The increased security always comes with a high price tag in terms of implementation cost.  ...  In particular, we take a comparative look at the round 2 candidates of the NIST lightweight competition and their implementation properties in the world of masking.  ...  The author is funded by a PhD fellowship of the FWO. The author would like to thank François-Xavier Standaert and Thomas Peyrin for their feedback.  ... 
dblp:journals/iacr/Meyer20 fatcat:a57rgsusufhadixbackcywzdju

Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule

Lingyue Qin, Xiaoyang Dong, Xiaoyun Wang, Keting Jia, Yunwen Liu
2021 IACR Transactions on Symmetric Cryptology  
In those models, the optimizing objective is usually the probability or the number of rounds of the distinguishers.  ...  Automatic modelling to search distinguishers with high probability covering as many rounds as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis topic today.  ...  Introduction Differential cryptanalysis [BS91] proposed by Biham and Shamir, is one of the most successful cryptanalysis techniques.  ... 
doi:10.46586/tosc.v2021.i2.249-291 fatcat:43ui6tm7evbftjoylx4o5djksi

Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes

Huizhong Li, Guang Yang, Jingdian Ming, Yongbin Zhou, Chengbin Jin
2021 Cybersecurity  
S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs).  ...  We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs.  ...  Generally, S-Boxes have to be chosen carefully to satisfy cryptographic properties like resisting linear and differential cryptanalysis.  ... 
doi:10.1186/s42400-021-00099-1 fatcat:ulv3gpzjxfgrjlhrxa764n5n5q

Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos

Mostafizar Rahman, Dhiman Saha, Goutam Paul
2021 IACR Transactions on Symmetric Cryptology  
cryptanalysis tool.  ...  To the best of our knowledge, this is the first attempt to merge the yoyo and boomerang techniques to analyze SPN ciphers and warrants further attention as it has the potential of becoming an important  ...  Acknowledgments The authors are thankful to Lorenzo Grassi and the anonymous reviewers of ToSC for their valuable comments and suggestions.  ... 
doi:10.46586/tosc.v2021.i3.137-169 fatcat:xfttycicyjcerb3gmynr4vn6ye

Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule: Applications to Boomerangs in SKINNY and ForkSkinny [article]

Lingyue Qin, Xiaoyang Dong, Xiaoyun Wang, Keting Jia, Yunwen Liu
2021 IACR Cryptology ePrint Archive  
In those models, the optimizing objective is usually the probability or the number of rounds of the distinguishers.  ...  Automatic modelling to search distinguishers with high probability covering as many rounds as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis topic today.  ...  Introduction Differential cryptanalysis [BS91] proposed by Biham and Shamir, is one of the most successful cryptanalysis techniques.  ... 
dblp:journals/iacr/QinDWJL21 fatcat:piov4hcdaneqtedyd3broxx7du

Software Evaluation for Second Round Candidates in NIST Lightweight Cryptography [article]

Ryota Hira, Tomoaki Kitahara, Daiki Miyahara, Yuko Hara-Azumi, Yang Li, Kazuo Sakiyama
2022 IACR Cryptology ePrint Archive  
This study aims to facilitate the selection and design of those algorithms according to the usage scenarios.  ...  National Institute of Standards and Technology is working on standardising lightweight authenticated encryption with associated data.  ...  Nonlinear operations are necessary because linear cryptography algorithms are insecure against cryptanalysis.  ... 
dblp:journals/iacr/HiraKMHLS22 fatcat:crcu74frrzbudobxxwf73ugtvu

On the Provable Security of (EC)DSA Signatures

Manuel Fersch, Eike Kiltz, Bertram Poettering
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
It carefully models the "modulo q" conversion function of (EC)DSA as a composition of three independent functions.  ...  Their popularity stands in stark contrast to the absence of rigorous security analyses: Previous works either study modified versions of (EC)DSA or provide a security analysis of unmodified ECDSA in the  ...  An alternative, more conservative interpretation of our findings would be that they give cryptanalysis a clear direction of persue: If, despite our theorems, DSA and ECDSA turn out to be insecure, then  ... 
doi:10.1145/2976749.2978413 dblp:conf/ccs/FerschKP16 fatcat:xswd6ckm6jfstipftwt7qzzl4q

Meet-in-the-Middle Attacks Revisited: Focusing on Key-recovery and Collision Attacks [article]

Xiaoyang Dong, Jialiang Hua, Siwei Sun, Zheng Li, Xiaoyun Wang, Lei Hu
2021 IACR Cryptology ePrint Archive  
We further extend it into a constraint-based framework for finding exploitable MITM characteristics in the context of key-recovery and collision attacks by taking the subtle peculiarities of both scenarios  ...  words without solving the corresponding nonlinear equations or increasing the overall time complexities of the attack.  ...  In addition, we offer the first third-party cryptanalysis of Saturnin-Hash [15] , a second round candidate of the NIST LWC project.  ... 
dblp:journals/iacr/DongHSLWH21 fatcat:kbtifwzmfvg6zn6qg2c44rinpy

Improved Rectangle Attacks on SKINNY and CRAFT [article]

Hosein Hadipour, Nasour Bagheri, Ling Song
2020 IACR Cryptology ePrint Archive  
The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 • E0, to construct a distinguisher for  ...  of SKINNY-128-384.  ...  The first author would like to thank Amir Hossein Firouzian for his kind help throughout the experimental verification of the results.  ... 
dblp:journals/iacr/HadipourBS20 fatcat:opg6p5peorftnkn6fa6cqgqyxi

Improved Rectangle Attacks on SKINNY and CRAFT

Hosein Hadipour, Nasour Bagheri, Ling Song
2021 IACR Transactions on Symmetric Cryptology  
The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for  ...  of SKINNY-128-384.  ...  The first author would like to thank Amir Hossein Firouzian for his kind help throughout the experimental verification of the results.  ... 
doi:10.46586/tosc.v2021.i2.140-198 fatcat:xucyzoijpzapvfs7dcvcwegn3e

Collision-Correlation Attack against Some 1st-Order Boolean Masking Schemes in the Context of Secure Devices [chapter]

Thomas Roche, Victor Lomné
2013 Lecture Notes in Computer Science  
Similarly to the results of Gérard and Standaert, we show -in the context of masked implementations -the superiority of 2 nd -order CPA when its leakage model is not too far from the real leakage function  ...  In this paper we study the collision-correlation attack published by Clavier et al. at CHES 2011 on a 1 st -order boolean masking scheme and show its lack of robustness against unknown and high level of  ...  Acknowledgements We would like to thanks Thomas Fhur and Eliane Jaulmes for many interesting discussions and more particularly for the proposition of an optimal plaintext sequence.  ... 
doi:10.1007/978-3-642-40026-1_8 fatcat:ipksmwhyincd7dpwtnzs3lo2pi

Low-latency Meets Low-area: An Improved Bit-Sliding Technique for AES, SKINNY and GIFT [article]

Fatih Balli, Andrea Caforio, Subhadeep Banik
2020 IACR Cryptology ePrint Archive  
Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique.  ...  Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput).  ...  We denote their modified version with GIFT * , as it leads to a significant difference from a design and implementation perspective (but remains equivalent in terms of cryptanalysis). • Pyjamask and Saturnin  ... 
dblp:journals/iacr/BalliCB20 fatcat:6xxlz6x2tbgordprwoilbes2wq
« Previous Showing results 1 — 15 out of 17 results