Filters








2,594 Hits in 7.5 sec

Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities [chapter]

Achiya Bar-On, Orr Dunkelman, Nathan Keller, Eyal Ronen, Adi Shamir
2018 Lecture Notes in Computer Science  
In this paper we combine the technique of Grassi et al. with several other techniques to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity  ...  Extending our techniques to 7-round AES, we obtain the best known attacks on AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained 18 years ago  ...  Its time complexity is 2 80 times decrypting a full AES round and one column of another round, for 16 ciphertexts, plus 2 · 2 80 table lookups, which are roughly equivalent to 3 · 2 80 full encryptions  ... 
doi:10.1007/978-3-319-96881-0_7 fatcat:qyuth52xqvc77m4jxtyn7fga5e

Biclique Cryptanalysis of the Full AES [chapter]

Andrey Bogdanov, Dmitry Khovratovich, Christian Rechberger
2011 Lecture Notes in Computer Science  
-Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2 124.9 .  ...  Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants  ...  We thank Joan Daemen and Vincent Rijmen for their helpful feedback on the earlier versions of the paper.  ... 
doi:10.1007/978-3-642-25385-0_19 fatcat:mvuaeztrrbhojn7joqu3o7xlw4

Automatic Search of Attacks on Round-Reduced AES and Applications [chapter]

Charles Bouillaguet, Patrick Derbez, Pierre-Alain Fouque
2011 Lecture Notes in Computer Science  
To demonstrate the strengh of these tool, we show that they allows to automatically discover new attacks on round-reduced AES with very low data complexity, and to find improved attacks on the AES-based  ...  When the attack found by the tool are practical, they have been implemented and validated.  ...  We implemented this attack and validated it in practice. It terminates in a couple of seconds on a laptop.  ... 
doi:10.1007/978-3-642-22792-9_10 fatcat:z6qimqnvv5agnd5njvk5wropw4

Bicliques with Minimal Data and Time Complexity for AES [chapter]

Andrey Bogdanov, Donghoon Chang, Mohona Ghosh, Somitra Kumar Sanadhya
2015 Lecture Notes in Computer Science  
computational and data complexities: -Among attacks with the minimal data complexity of the unicity distance, the ones with computational complexity 2 126.67 (for AES-128), 2 190.9 (for AES-192) and 2  ...  Within these, the one with data complexity 2 64 requires the smallest amount of data. Thus, the original attack (with data complexity 2 88 ) did not have the optimal data complexity for AES-128.  ...  However, in [9] , no application of their improved biclique attack with low data complexity is demonstrated on AES.  ... 
doi:10.1007/978-3-319-15943-0_10 fatcat:d4o7mo6xsva3pmxsma4kclot4q

Cryptanalysis of HMAC/NMAC-Whirlpool [chapter]

Jian Guo, Yu Sasaki, Lei Wang, Shuang Wu
2013 Lecture Notes in Computer Science  
These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting.  ...  In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool.  ...  This research was initially started from a discussion at the second Asian Workshop on Symmetric Key Cryptography (ASK 2012). We would like to thank the organizers of ASK12.  ... 
doi:10.1007/978-3-642-42045-0_2 fatcat:hpkhatgszbhh7lllwwfcfqj5my

Narrow-Bicliques: Cryptanalysis of Full IDEA [chapter]

Dmitry Khovratovich, Gaëtan Leurent, Christian Rechberger
2012 Lecture Notes in Computer Science  
We also show that the biclique approach to block cipher cryptanalysis not only obtains results on more rounds, but also improves time and data complexities over existing attacks.  ...  We consider the first 7.5 rounds of IDEA and demonstrate a variant of the approach that works with practical data complexity.  ...  Acknowledgements We thank Orr Dunkelman and Adi Shamir for bringing to our attention their new attack on 6 middle rounds of IDEA during the MSR Symmetric Cryptanalysis Workshop 2011.  ... 
doi:10.1007/978-3-642-29011-4_24 fatcat:um5qqm6wvzhzzg3qjg335eo4au

Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations [chapter]

Jean-François Gallais, Ilya Kizhvatov, Michael Tunstall
2011 Lecture Notes in Computer Science  
We also show how to deal with unreliable cache event detection in the real-life measurement scenario and present practical explorations on a 32-bit ARM microprocessor.  ...  The second is a new known plaintext attack that can recover a 128-bit key with approximately 30 measurements to reduce the number of key hypotheses to 2 30 .  ...  Attacks".  ... 
doi:10.1007/978-3-642-17955-6_18 fatcat:zp53l6aibzcwbd3usirzyzkiia

A Fault-based Attack on AEZ v4.2

Hassan Qahur Al Mahri, Leonie Simpson, Harry Bartlett, Ed Dawson, Kenneth Koon-Ho Wong
2017 2017 IEEE Trustcom/BigDataSE/ICESS  
A fault-based attack on AEZ v4.2.  ...  The improved attack employs the AES key schedule algorithm to reduce key hypotheses from 2 32 to 2 8 .  ...  Our attack applied the differential fault attack on AES4, a reduced round version of AES used as a component in AEZ.  ... 
doi:10.1109/trustcom/bigdatase/icess.2017.294 dblp:conf/trustcom/MahriSBDW17 fatcat:asv46jhlo5awfjwzxgb6y4pia4

Cache Misses and the Recovery of the Full AES 256 Key

Samira Briongos, Pedro Malagón, Juan-Mariano de Goyeneche, Jose Moya
2019 Applied Sciences  
about three times more complex to attack than AES-128 via cache attacks.  ...  Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which would reveal this information  ...  [51] presented a distinguisher and related key attack on AES-256 with 2 131 data complexity. Later, they slightly improved their results [52] , achieving 2 119 data complexity.  ... 
doi:10.3390/app9050944 fatcat:wlge3sm4jrfz7am6sawdlxvjza

Cryptanalysis of AES-PRF and Its Dual

Patrick Derbez, Tetsu Iwata, Ling Sun, Siwei Sun, Yosuke Todo, Haoyang Wang, Meiqin Wang
2018 IACR Transactions on Symmetric Cryptology  
and reduced round versions.  ...  Our results on AES-PRF improve the initial security evaluation by the designers in various ways, and our results on Dual-AES-PRF give the first insight to its security.  ...  Acknowledgements The authors thank the anonymous FSE 2019 reviewers and Samuel Neves for careful reading and many helpful comments. We also thank the organizers of  ... 
doi:10.46586/tosc.v2018.i2.161-191 fatcat:eljgb5volbbjdeoeba7cwt2z5e

Cryptanalysis of AES-PRF and Its Dual

Patrick Derbez, Tetsu Iwata, Ling Sun, Yosuke Todo, Haoyang Wang, Meiqin Wang
2018 IACR Transactions on Symmetric Cryptology  
and reduced round versions.  ...  Our results on AES-PRF improve the initial security evaluation by the designers in various ways, and our results on Dual-AES-PRF give the first insight to its security.  ...  Acknowledgements The authors thank the anonymous FSE 2019 reviewers and Samuel Neves for careful reading and many helpful comments. We also thank the organizers of ASK 2017 (the  ... 
doi:10.13154/tosc.v2018.i2.161-191 dblp:journals/tosc/DerbezISSTWW18 fatcat:xljfiicm2bcexj3lfqkkq4b3te

Key Recovery Attacks on Iterated Even–Mansour Encryption Schemes

Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir
2015 Journal of Cryptology  
Despite their generic nature, we show that the attacks can be applied to improve the best known attacks on several concrete ciphers, including the full AES 2 (proposed at Eurocrypt 2012) and reduced-round  ...  In the identical-subkeys variant, we improve the best known attack by an additional round, and show that r = 3 rounds are insufficient for assuring security, by devising a key-recovery attack whose running  ...  In addition, we present improved attacks on 2-round iterated EM, improving the attack of [28] in both data and memory complexities.  ... 
doi:10.1007/s00145-015-9207-3 fatcat:6laql7jmobdz5gwbxfryu7zmfq

Practical DFA Strategy for AES Under Limited-access Conditions

Kazuo Sakiyama, Yang Li, Shigeto Gomisawa, Yu-ichi Hayashi, Mitsugu Iwamoto, Naofumi Homma, Takafumi Aoki, Kazuo Ohta
2014 Journal of Information Processing  
In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults.  ...  The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions.  ...  Based on a practical fault injection scenario, this work verifies the improvement of reducing the required data by applying the proposed key recovery method for uncertain faults.  ... 
doi:10.2197/ipsjjip.22.142 fatcat:zyqstydnvrewnc54qwsqerhtfi

Cryptanalysis of WIDEA [chapter]

Gaëtan Leurent
2014 Lecture Notes in Computer Science  
We show a distinguisher for the full WIDEA with complexity only 2 65 , and we use the distinguisher in a key-recovery attack with complexity w · 2 68 .  ...  In addition, we use structures of plaintext to reduce the data complexity.  ...  Reducing the Memory Cost Since the complexity of the key-recovery attacks on WIDEA is rather low, we briefly discuss practical aspects of the attack, in addition to the complexity figures which don't account  ... 
doi:10.1007/978-3-662-43933-3_3 fatcat:udg5sgh3pfa3bbykoowpkwyakm

Lightweight Cryptography for IoT: A State-of-the-Art [article]

Vishal A. Thakor, M.A. Razzaque, Muhammad R. A. Khandaker
2020 arXiv   pre-print
This paper presents the performance comparison along with their reported cryptanalysis, mainly for lightweight block ciphers, and further shows new research directions to develop novel algorithms with  ...  right balance of cost, performance and security characteristics.  ...  key-recovery attacks [71], an asymmetric biclique attack [72] 12 LED related key attacks [75], Biclique cryptanalysis on reduced round cipher [24], differential fault analysis based on Super-Sbox  ... 
arXiv:2006.13813v1 fatcat:tydoekhuvrhjtek64z77zw34ti
« Previous Showing results 1 — 15 out of 2,594 results