Filters








30 Hits in 5.5 sec

Gimli : A Cross-Platform Permutation [chapter]

Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, Benoît Viguier
2017 Lecture Notes in Computer Science  
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64bit Intel/AMD server CPUs, 64-bit and 32bit ARM smartphone  ...  This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32bit ARM  ...  Algorithm 1 is pseudocode for the full Gimli permutation.  ... 
doi:10.1007/978-3-319-66787-4_15 fatcat:iezmwrpkgfarle7thx4chabixu

Exploiting Weak Diffusion of Gimli: Improved Distinguishers and Preimage Attacks

Fukang Liu, Takanori Isobe, Willi Meier
2021 IACR Transactions on Symmetric Cryptology  
The above two facts have been recently exploited to construct a distinguisher for the full Gimli permutation with time complexity 264.  ...  Apart from the permutation itself, the weak diffusion can also be utilized to accelerate the preimage attacks on reduced Gimli-Hash and Gimli-XOF-128 with a divide-and-conquer method.  ...  Acknowledgments We thank María Naya-Plasencia and Gaëtan Leurent for many discussions on the definition of a distinguisher for a public permutation.  ... 
doi:10.46586/tosc.v2021.i1.185-216 fatcat:5f2cwz5n6re5tgl7v6fszbusmy

Exploiting Weak Diffusion of Gimli: A Full-Round Distinguisher and Reduced-Round Preimage Attacks [article]

Fukang Liu, Takanori Isobe, Willi Meier
2020 IACR Cryptology ePrint Archive  
The above two facts have been recently exploited to construct a distinguisher for the full Gimli permutation with time complexity 2 64 .  ...  Apart from the permutation itself, the weak diffusion can also be utilized to accelerate the preimage attacks on reduced Gimli-Hash and Gimli-XOF-128 with a divide-and-conquer method.  ...  Acknowledgement We thank María Naya-Plasencia and Gaëtan Leurent for many discussions on the definition of a distinguisher for a public permutation.  ... 
dblp:journals/iacr/LiuIM20 fatcat:avkn4hn42vdm5kulmd7od4bwaq

Preimages and Collisions for Up to 5-Round Gimli-Hash Using Divide-and-Conquer Methods [article]

Fukang Liu, Takanori Isobe, Willi Meier
2019 IACR Cryptology ePrint Archive  
Finally, the divide-and-conquer method was also applied to a collision attack on up to 5-round Gimli-Hash.  ...  As the designers claimed, Gimli is distinguished from other well-known permutation-based primitives for its crossplatform performance.  ...  . • Apply the Gimli permutation. The input ends with exactly one final non-full (empty or partial) block, having b bytes where 0 ≤ b ≤ 15.  ... 
dblp:journals/iacr/LiuIM19a fatcat:wocq7tpthfhzhjruvny2nvkvxq

LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4 [chapter]

Fabio Campos, Tim Kohlstadt, Steffen Reith, Marc Stöttinger
2020 Lecture Notes in Computer Science  
To achieve this, we evaluated LMS and XMSS using optimised implementations of SHA-256, SHAKE256, Gimli-Hash, and different variants of KECCAK.  ...  This recommendation suggests the use of some of the parameter sets from the RFCs and defines some new parameter sets.  ...  The work presented in this paper has been partly funded by the German Federal Ministry of Education and Research (BMBF) under the project "QuantumRISC" (16KIS1034) [29] .  ... 
doi:10.1007/978-3-030-51938-4_13 fatcat:pygss22unza6vbcq2veq5lk6lm

Lightweight AEAD and Hashing using the Sparkle Permutation Family

Christof Beierle, Alex Biryukov, Luan Cardoso Dos Santos, Johann Großschädl, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, Qingju Wang
2020 IACR Transactions on Symmetric Cryptology  
We introduce the Sparkle family of permutations operating on 256, 384 and 512 bits.  ...  We also use them to build new sponge-based hash functions, Esch256 and Esch384. Our permutations are among those with the lowest footprint in software, without sacrificing throughput.  ...  Acknowledgments Part of the work of Christof Beierle was performed while he was at the University of Luxembourg and funded by the SnT CryptoLux RG budget.  ... 
doi:10.13154/tosc.v2020.is1.208-261 dblp:journals/tosc/BeierleBSGPUVW20 fatcat:cqmv2ppxtvcczlupmduourbaye

Xoodyak, a lightweight cryptographic scheme

Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche, Ronny Van Keer
2020 IACR Transactions on Symmetric Cryptology  
Internally, it uses the Xoodoo[12] permutation that, with its width of 48 bytes, allows for very compact implementations.  ...  It inherently hashes the history of all operations in its state, allowing to derive its resistance against generic attacks from that of the full-state keyed duplex.  ...  Acknowledgments We thank Frederik Armknecht and anonymous reviewers of ToSC editorial board for their suggestions improving the editorial quality of this paper.  ... 
doi:10.13154/tosc.v2020.is1.60-87 dblp:journals/tosc/DaemenHPAK20 fatcat:zpgfemwxf5cljcetkxbwlczsem

Simplified MITM Modeling for Permutations: New (Quantum) Attacks [article]

André Schrottenloher, Marc Stevens
2022 IACR Cryptology ePrint Archive  
Third, we show that the model can be extended to target more permutations, like Feistel networks. In this context we give new Guess-and-determine attacks on reduced Simpira v2 and Sparkle.  ...  First, Present-like constructions, with the permutations of the Spongent hash functions: we improve the MITM step in distinguishers by up to 3 rounds.  ...  A.S. wants to thank Patrick Derbez and Léo Perrin for helpful discussions. A.S. is supported by ERC-ADG-ALGSTRONGCRYPTO (project 740972).  ... 
dblp:journals/iacr/SchrottenloherS22 fatcat:m7yxyhdx5rccvot52w4o5bjl7q

The Subterranean 2.0 Cipher Suite

Joan Daemen, Pedro Maat Costa Massolino, Alireza Mehrdad, Yann Rotella
2020 IACR Transactions on Symmetric Cryptology  
At its core it has a duplex object with a 257-bit state and a lightweight single-round permutation.  ...  This makes Subterranean 2.0 very well suited for low-area and low-energy implementations in dedicated hardware.  ...  We thank Xilinx for the Vivado and ISE software licenses and donating the ZedBoard. They were useful to obtain the FPGA results and evaluating the hardware design.  ... 
doi:10.13154/tosc.v2020.is1.262-294 dblp:journals/tosc/DaemenMMR20 fatcat:43sy3mtqz5hqfcqgbv7jq7njdi

Tight Preimage Resistance of the Sponge Construction [article]

Charlotte Lefevre, Bart Mennink
2022 IACR Cryptology ePrint Archive  
We derive an improved and tight preimage security bound for the cryptographic sponge construction. The result has direct implications for various lightweight cryptographic hash functions.  ...  This result in particular implies that, as long as the attack complexity does not exceed this bound, the sponge construction achieves a comparable level of collision, preimage, and second preimage resistance  ...  Acknowledgements We would like to thank the anonymous reviewers for their valuable comments, and in particular the reviewer that proposed a fix to the square root loss that was present in an earlier version  ... 
dblp:journals/iacr/LefevreM22 fatcat:5mrrdkwrdbeyplncokrxznn7ea

The design of Xoodoo and Xoofff

Joan Daemen, Seth Hoffert, Gilles Van Assche, Ronny Van Keer
2018 IACR Transactions on Symmetric Cryptology  
Combining a relatively narrow permutation with the parallelism of Farfalle results in very efficient schemes on a wide range of platforms, from low-end devices to high-end processors with vector instructions  ...  Its design approach is inspired by Keccak-p, while it is dimensioned like Gimli for efficiency on low-end processors.  ...  Furthermore, we provide (3) an improved attack strategy for generating accumulator collisions in Farfalle.  ... 
doi:10.46586/tosc.v2018.i4.1-38 fatcat:fyqmlptcpbgx5al5zbk72m6fma

The design of Xoodoo and Xoofff

Joan Daemen, Seth Hoffert, Gilles Van Assche, Ronny Van Keer
2018 IACR Transactions on Symmetric Cryptology  
Combining a relatively narrow permutation with the parallelism of Farfalle results in very efficient schemes on a wide range of platforms, from low-end devices to high-end processors with vector instructions  ...  Its design approach is inspired by Keccak-p, while it is dimensioned like Gimli for efficiency on low-end processors.  ...  Furthermore, we provide (3) an improved attack strategy for generating accumulator collisions in Farfalle.  ... 
doi:10.13154/tosc.v2018.i4.1-38 dblp:journals/tosc/DaemenHAK18 fatcat:g5yefloefnf7fl3wzdi3zkppo4

Security of Truncated Permutation Without Initial Value [article]

Lorenzo Grassi, Bart Mennink
2022 IACR Cryptology ePrint Archive  
If one evaluates a random permutation on an input value concatenated with a fixed initial value, and truncates the output, one obtains a construction that is indifferentiable from a random function up  ...  Recently, advances have been made in proving indifferentiability of one-way functions with fixed input length. One such example is truncation of a permutation.  ...  Later, Lee [26] proved improved security for the general construction, and Bhattacharya and Nandi [11] improved all these known bounds and proved (full) b-bit indifferentiability of the sum of k ≥  ... 
dblp:journals/iacr/MarcantiniM22 fatcat:57mmrqygo5baddwuqkdhglinyy

Sycon: A New Milestone in Designing ASCON-like Permutations [article]

Kalikinkar Mandal, Dhiman Saha, Sumanta Sarkar, Yosuke Todo
2021 IACR Cryptology ePrint Archive  
In this article, we have overcome the challenge of constructing a permutation that is lighter than the AS-CON permutation while ensuring a similar performance, and based on which we achieve a more lightweight  ...  Our hardware implementation result shows that the Sycon permutation has 5.35% reduced area, compared to the ASCON permutation.  ...  The authors would like to thank the JCEN reviewers for their insightful comments and suggestions that have improved the quality of the paper.  ... 
dblp:journals/iacr/MandalSST21 fatcat:arh63m2ye5estkk4eqx6icekjy

Deck-Based Wide Block Cipher Modes and an Exposition of the Blinded Keyed Hashing Model

Aldo Gunsing, Joan Daemen, Bart Mennink
2020 IACR Transactions on Symmetric Cryptology  
incremental tweaks, where one includes the state of the system in the variable-length tweak and appends new data incrementally.  ...  We prove that the distinguishing advantage of the resulting wide block ciphers is simply two times the sum of the pseudorandom function distinguishing advantage of the deck function and the blinded keyed  ...  Acknowledgments The authors would like to thank Seth Hoffert, Gilles Van Assche and the anonymous reviewers of ToSC for their valuable feedback. Aldo Gunsing is supported by the Netherlands  ... 
doi:10.13154/tosc.v2019.i4.1-22 dblp:journals/tosc/GunsingDM19 fatcat:24chhpmytvad7nxfah4a5egtqe
« Previous Showing results 1 — 15 out of 30 results