Filters








10 Hits in 1.0 sec

Cryptanalysis of NORX v2.0

Colin Chaigneau, Thomas Fuhr, Henri Gilbert, Jérémy Jean, Jean-René Reinhard
2017 IACR Transactions on Symmetric Cryptology  
In this paper, we investigate the security of the full NORX v2.0 primitive that has been accepted as third-round candidate in the CAESAR competition.  ...  This attack yields a ciphertext-only forgery with time and data complexity 266 (resp. 2130) for the variant of NORX v2.0 using 128-bit (resp. 256-bit) keys and breaks the designers' claim of a 128-bit,  ...  Cryptanalysis of NORX v2.0 We give in this section the details of a ciphertext-only forgery attack on NORX v2.0 that exists due to a combination of aggressive choices made by the designers.  ... 
doi:10.46586/tosc.v2017.i1.156-174 fatcat:of3epqp4crbarduv5rce5bhwha

Cryptanalysis of NORX v2.0

Colin Chaigneau, Thomas Fuhr, Henri Gilbert, Jérémy Jean, Jean-René Reinhard
2017 IACR Transactions on Symmetric Cryptology  
In this paper, we investigate the security of the full NORX v2.0 primitive that has been accepted as third-round candidate in the CAESAR competition.  ...  This attack yields a ciphertext-only forgery with time and data complexity 266 (resp. 2130) for the variant of NORX v2.0 using 128-bit (resp. 256-bit) keys and breaks the designers' claim of a 128-bit,  ...  Cryptanalysis of NORX v2.0 We give in this section the details of a ciphertext-only forgery attack on NORX v2.0 that exists due to a combination of aggressive choices made by the designers.  ... 
doi:10.13154/tosc.v2017.i1.156-174 dblp:journals/tosc/ChaigneauFGJR17 fatcat:gg7prmagrbbbpmfjefastmzthy

Preface

María Naya-Plasencia, Bart Preneel
2017 IACR Transactions on Symmetric Cryptology  
The Editorial Board has decided to give the best paper award to the paper by Colin Chaigneau, Thomas Fuhr, Henri Gilbert, Jeremy Jean and Jean-René Reinhard entitled Cryptanalysis of NORX v2.0.  ...  Recently there is also increasing attention towards reproducibility of the results by making source code or tools for cryptanalysis available.  ... 
doi:10.46586/tosc.v2017.i1.1-3 fatcat:45pead3t2rfgvfhskxpk22yqsu

Distinguishing Attack on NORX Permutation

Tao Huang, Hongjun Wu
2018 IACR Transactions on Symmetric Cryptology  
Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.  ...  The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation.  ...  NORX v2.0 [AJN15b] is the tweaked version in the second-round competition which mainly increases the rate of NORX v1.0.  ... 
doi:10.13154/tosc.v2018.i1.57-73 dblp:journals/tosc/HuangW18 fatcat:eskuicvolvbqhk7ftjq3cicydq

Distinguishing Attack on NORX Permutation

Tao Huang, Hongjun Wu
2018 IACR Transactions on Symmetric Cryptology  
Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.  ...  The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation.  ...  NORX v2.0 [AJN15b] is the tweaked version in the second-round competition which mainly increases the rate of NORX v1.0.  ... 
doi:10.46586/tosc.v2018.i1.57-73 fatcat:zpbankfljzfuzafnasvpy7fhya

Preface

María Naya-Plasencia, Bart Preneel
2017 IACR Transactions on Symmetric Cryptology  
of NORX v2.0.  ...  Recently there is also increasing attention towards reproducibility of the results by making source code or tools for cryptanalysis available.  ... 
doi:10.13154/tosc.v2017.i1.1-3 dblp:journals/tosc/Naya-PlasenciaP17 fatcat:j4lcn3kpe5aaddmo5cfdc4rexa

Nonlinear Approximations in Cryptanalysis Revisited

Christof Beierle, Anne Canteaut, Gregor Leander
2018 IACR Transactions on Symmetric Cryptology  
This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear  ...  cryptanalysis.  ...  This attack has then been successfully applied to quite a number of recent designs including Midori64 [GJN + 16], iSCREAM [LMR15], NORX v2.0 [CFG + 17], Simpira v1 [Røn16] and Haraka v.0 [Jea16] .  ... 
doi:10.46586/tosc.v2018.i4.80-101 fatcat:2h6u7f2do5bs5b5hbckokweudi

Nonlinear Approximations in Cryptanalysis Revisited

Christof Beierle, Anne Canteaut, Gregor Leander
2018 IACR Transactions on Symmetric Cryptology  
This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear  ...  cryptanalysis.  ...  This attack has then been successfully applied to quite a number of recent designs including Midori64 [GJN + 16], iSCREAM [LMR15] , NORX v2.0 [CFG + 17], Simpira v1 [Røn16] and Haraka v.0 [Jea16] .  ... 
doi:10.13154/tosc.v2018.i4.80-101 dblp:journals/tosc/BeierleCL18 fatcat:33n6ibzsazcszf6ij4a56snqwm

On the Resilience of Even-Mansour to Invariant Permutations

Bart Mennink, Samuel Neves
2021 Designs, Codes and Cryptography  
The attacks do not invalidate the security of the permutations themselves, but rather they demonstrate the tightness of our bounds and confirm that care should be taken when employing a cryptographic primitive  ...  One way to mitigate invariant subspace attacks is at the primitive level, namely by proper use of round constants (Beierle et al., CRYPTO 2017).  ...  Notably, the cryptanalysis of NORX v2.0 [21, 30] and the "chosen-IV" attacks on BLAKE2 [65] exploit these properties. Invariant subspace attacks were formalized by Leander et al.  ... 
doi:10.1007/s10623-021-00850-2 fatcat:g7gxepprufbkdgxlhsruvia45y

Proving Resistance Against Invariant Attacks: How to Choose the Round Constants [chapter]

Christof Beierle, Anne Canteaut, Gregor Leander, Yann Rotella
2017 Lecture Notes in Computer Science  
types of invariant attacks, independently of the choice of the S-box layer.  ...  Most notably, if the number of invariant factors of the linear layer is small (e.g., if its minimal polynomial has a high degree), we can easily find round constants which guarantee the resistance to all  ...  Indeed, those attacks have been successfully applied to quite a number of recent designs including PRINTcipher [16] , Midori-64 [11, 21] , iSCREAM [17] and SCREAM [21] , NORX v2.0 [6] , Simpira v1  ... 
doi:10.1007/978-3-319-63715-0_22 fatcat:c4m4ghlajzamfkd276tu7lkimi