A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Simpira v2: A Family of Efficient Permutations Using the AES Round Function
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
In the next section, we show
how the unkeyed setting leads to invariant subspace attacks on Simpira v1 for
b = 4.
9 Invariant Subspace Attacks
Leander et al. [58] introduced the term invariant subspace ...
We searched for invariant subspaces in all Simpira v2 variants, but were un-
able to find any. ...
doi:10.1007/978-3-662-53887-6_4
fatcat:3wjksrkgqzgo3pg57fpdq6cffu
Impossible differential attack on Simpira v2
2017
Science China Information Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Those are the first attacks on the round-reduced Simpira v2 and do not threaten the Even-Mansour mode with the full 15-round Simpira-4. ...
round impossible differentials, we propose a series of 7-round key recovery attacks on the block cipher mode; each 6-round impossible differential helps recover 32 bits of the master key (512 bits), and in ...
In addition, Rønjom reported on the invariant subspaces in Simpira v1 with x = 4 [18] . ...
doi:10.1007/s11432-016-9075-6
fatcat:6365375suffqbevgkbodbaa6g4
Cryptanalysis of Simpira v1
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. ...
Simpira v1 is a recently proposed family of permutations, based on the AES round function. ...
We thank the Simpira designers Shay Gueron and Nicky Mouha for verifying our results and providing useful suggestions. ...
doi:10.1007/978-3-319-69453-5_16
fatcat:dxhmopucrbe77oypcn2uauyx2i
(Quantum) Collision Attacks on Reduced Simpira v2
2021
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this paper, we build an improved MILP model to count the differential and linear active Sboxes for Simpira v2, which achieves tighter bounds of the minimum number of active Sboxes for a few versions ...
of Simpira v2. ...
There have been several cryptanalysis papers on Simpira. Rønjom [Røn16] proposed an invariant subspace attack on Simpira v1, an informal version of Simpira. At SAC 2016, Dobraunig et al. ...
doi:10.46586/tosc.v2021.i2.222-248
fatcat:e5wztfjpufg4fm6m4nahxkrhgu
Symmetric Cryptography (Dagstuhl Seminar 16021)
2016
Dagstuhl Reports
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
It was the fifth in the series of the Dagstuhl seminars "Symmetric Cryptography" held in 2007, 2009, 2012, and 2014. ...
From January 10-15, 2016, the seminar 16021 in Symmetric Cryptography was held in Schloss Dagstuhl -Leibniz Center for Informatics. ...
Invariant Subspace Attack Against Full Midori64 Yu Sasaki . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
doi:10.4230/dagrep.6.1.34
dblp:journals/dagstuhl-reports/ArmknechtINP16
fatcat:3p4woms76ncrdm5hkd2iempk74
Nonlinear Approximations in Cryptanalysis Revisited
2018
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
., with correlation ±1) nonlinear approximation we show that in many cases, such a nonlinear approximation implies the existence of a highly-biased linear approximation. ...
Using this framework we in particular show that there exist ciphers for which some transformed versions are significantly weaker with regard to linear cryptanalysis than their original counterparts. ...
The nonlinear invariant attack could be viewed in terms of an invariant subspace of dimension (n − 1) over the transformed cipher. ...
doi:10.13154/tosc.v2018.i4.80-101
dblp:journals/tosc/BeierleCL18
fatcat:33n6ibzsazcszf6ij4a56snqwm
Proving Resistance Against Invariant Attacks: How to Choose the Round Constants
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In fact, several of those schemes were recently broken using invariant attacks, i.e., invariant subspace or nonlinear invariant attacks. ...
Many lightweight block ciphers apply a very simple key schedule in which the round keys only differ by addition of a roundspecific constant. ...
Then, this subspace is the smallest linear subspace of F n 2 invariant under L which contains c. ...
doi:10.1007/978-3-319-63715-0_22
fatcat:c4m4ghlajzamfkd276tu7lkimi
Nonlinear Approximations in Cryptanalysis Revisited
2018
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
., with correlation ±1) nonlinear approximation we show that in many cases, such a nonlinear approximation implies the existence of a highly-biased linear approximation. ...
Using this framework we in particular show that there exist ciphers for which some transformed versions are significantly weaker with regard to linear cryptanalysis than their original counterparts. ...
The nonlinear invariant attack could be viewed in terms of an invariant subspace of dimension (n − 1) over the transformed cipher. ...
doi:10.46586/tosc.v2018.i4.80-101
fatcat:2h6u7f2do5bs5b5hbckokweudi
On the Resilience of Even-Mansour to Invariant Permutations
2021
Designs, Codes and Cryptography
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Recent invariant subspace attacks have shown that these can be a serious issue. ...
One way to mitigate invariant subspace attacks is at the primitive level, namely by proper use of round constants (Beierle et al., CRYPTO 2017). ...
It can furthermore readily be extended to match the invariant subspaces found on Simpira v1 [97] , or the attacks that rely on a block cipher hitting a particular set of bad keys. ...
doi:10.1007/s10623-021-00850-2
fatcat:g7gxepprufbkdgxlhsruvia45y
Practical Low Data-Complexity Subspace-Trail Cryptanalysis of Round-Reduced PRINCE
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, we consider PRINCE, a widely analyzed block cipher proposed in 2012. ...
After the identification of a 2.5 rounds subspace trail of PRINCE, we present several (truncated differential) attacks up to 6 rounds of PRINCE. ...
Bardeh for pointing out an error in the C/C++ implementation of PRINCE block cipher. The work in this paper has been partially supported by the Austrian Science Fund (project P26494-N15). ...
doi:10.1007/978-3-319-49890-4_18
fatcat:6cqqmlfvmjdxfkhnowmdkd6egm
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES
2018
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Here we theoretically prove that for 4-round AES the corresponding ciphertexts of the original pair of plaintexts lie in a particular subspace if and only if the corresponding pairs of ciphertexts of the ...
In this paper we introduce "Mixture Differential Cryptanalysis" on round-reduced AESlike ciphers, a way to translate the (complex) "multiple-of-8" 5-round distinguisher into a simpler and more convenient ...
Then if F (V ⊕ a) = V ⊕ a we say that V ⊕ a is an invariant coset of the subspace V for the function F . ...
doi:10.13154/tosc.v2018.i2.133-160
dblp:journals/tosc/Grassi18
fatcat:7hql4rlszfcknhxxg4m3mh3ty4
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES
2018
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Here we theoretically prove that for 4-round AES the corresponding ciphertexts of the original pair of plaintexts lie in a particular subspace if and only if the corresponding pairs of ciphertexts of the ...
In this paper we introduce "Mixture Differential Cryptanalysis" on round-reduced AESlike ciphers, a way to translate the (complex) "multiple-of-8" 5-round distinguisher into a simpler and more convenient ...
Then if F (V ⊕ a) = V ⊕ a we say that V ⊕ a is an invariant coset of the subspace V for the function F . ...
doi:10.46586/tosc.v2018.i2.133-160
fatcat:qo6nav6febc7hcfpq4pyvdc25e
Yoyo Tricks with AES
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper we present new fundamental properties of SPNs. ...
In addition, we present the first key-independent distinguisher for 6-rounds AES based on yoyos that preserve impossible zero di↵erences in plaintexts and ciphertexts. ...
Other types of structural attacks relevant in our setting include invariant subspace attacks [5, 6] and subspace trail cryptanalysis [7, 8] . Moreover, one may also note the paper by Ferguson et al ...
doi:10.1007/978-3-319-70694-8_8
fatcat:xewqdjpiwngwrl3pno4bieneym
Dagstuhl Reports, Volume 6, Issue 1, January 2016, Complete Issue
[article]
2016
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Preliminary results have been published in [2]. ...
For example, the NSF in the US explicitly requests "broader impact" statements, DARPA in the US often runs programs with the goal of transitioning technology to industry or government, and REF in the UK ...
The first approach is extending the class of invariant subspaces, which reveals weaker keys. ...
doi:10.4230/dagrep.6.1
fatcat:vq74ezrwifbkhex6twvtdzbpaa