Filters








49 Hits in 6.9 sec

Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256 [chapter]

Christina Boura, Anne Canteaut
2011 Lecture Notes in Computer Science  
We exhibit several zero-sum partitions for 20 rounds (out of 24) of Keccak-f and some zero-sum partitions of size 2 19 and 2 10 for the finalization permutation in Hamsi-256.  ...  The zero-sum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zero-sum is established.  ...  This new bound improves in part the results on the Keccak hash function, presented in this paper.  ... 
doi:10.1007/978-3-642-19574-7_1 fatcat:cckfhvrsjjclvdke2qtlogardi

Higher-Order Differential Properties of Keccak and Luffa [chapter]

Christina Boura, Anne Canteaut, Christophe De Cannière
2011 Lecture Notes in Computer Science  
These techniques yield zero-sum partitions of size 2 1575 for the full Keccak-f permutation and several observations on the Luffa hash family.  ...  In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function and in components of the Luffa v2 algorithm.  ...  Now, by choosing the intermediate states after the linear layer on the 12-th round of Keccak-f in any subspace V corresponding to a collection of 315 rows, we obtain a zero-sum partition for the full 24  ... 
doi:10.1007/978-3-642-21702-9_15 fatcat:pz5kaykvtzaqvh4u6kkd7z2ise

Zero-Sum Partitions of PHOTON Permutations [chapter]

Qingju Wang, Lorenzo Grassi, Christian Rechberger
2018 Lecture Notes in Computer Science  
We describe an approach to zero-sum partitions using Todo's division property at EUROCRYPT 2015.  ...  With respect to the security claims made by the designers, we for the first time show zero-sum partitions for almost all of those full 12-round permutation variants that use a 4-bit S-Box.  ...  The authors would like to thank Meicheng Liu and Jian Guo for their fruitful discussions, and the anonymous reviewers for their comments and suggestions.  ... 
doi:10.1007/978-3-319-76953-0_15 fatcat:45ip7sx6l5gqzehzxbx3lzdace

Conditional Cube Attack on Reduced-Round Keccak Sponge Function [chapter]

Senyang Huang, Xiaoyun Wang, Guangwu Xu, Meiqin Wang, Jingyuan Zhao
2017 Lecture Notes in Computer Science  
Finally we remark that our attacks on the the reduced-round Keccak will not threat the security margin of Keccak sponge function.  ...  In this paper, we develop a new type of cube distinguisher, the conditional cube tester, for Keccak sponge function.  ...  In [5] , a distinguisher of full 24-round Keccak internal permutation was proposed which takes 2 1579 Keccak calls. Using the rebound attack and efficient differential trails, Duc et al.  ... 
doi:10.1007/978-3-319-56614-6_9 fatcat:vqi5grrgtvhsvftcukrdsbwtbq

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function [chapter]

Itai Dinur, Paweł Morawiecki, Josef Pieprzyk, Marian Srebrny, Michał Straus
2015 Lecture Notes in Computer Science  
This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search  ...  Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC.  ...  However, the full 24-round variants still have a big security margin.  ... 
doi:10.1007/978-3-662-46800-5_28 fatcat:5lswdqy6efhx7pmjoduus2rt6a

Unaligned Rebound Attack: Application to Keccak [chapter]

Alexandre Duc, Jian Guo, Thomas Peyrin, Lei Wei
2012 Lecture Notes in Computer Science  
The complexity of the 8 round distinguisher is 2 491.47 . Our results have been implemented and verified experimentally on a small version of Keccak.  ...  We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties.  ...  The authors would like to thank Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche for their helpful comments.  ... 
doi:10.1007/978-3-642-34047-5_23 fatcat:pmc7mofxtnckbbaqqnex5ocqqe

Conditional cube attack on round-reduced River Keyak

Wenquan Bi, Zheng Li, Xiaoyang Dong, Lu Li, Xiaoyun Wang
2017 Designs, Codes and Cryptography  
And then we use the new variables by this new method to launch 8-round conditional cube attack with the time complexity 2 81 . These are the first cryptanalysis results on round-reduced River Keyak.  ...  Dinur et al. gave the sevenround cube-like attack on Lake Keyak (1600-bit) using the divide-and-conquer method at EUROCRYPT 2015, then Huang et al. improved the result to 8-round using a new conditional  ...  First, we describe a few property of Keccak permutation as follows: Property 2 [13] If the sum of the cube variables in one column is zero, these variables will not diffuse to other bits after θ operation  ... 
doi:10.1007/s10623-017-0396-7 fatcat:bvlf3qzkvvhldenti3k7rvbfoe

On the Relationships between Different Methods for Degree Evaluation

Siwei Chen, Zejun Xiang, Xiangyong Zeng, Shasha Zhang
2021 IACR Transactions on Symmetric Cryptology  
degree using division property is never greater than that of numeric mapping.  ...  proof and give the experimental verification to illustrate that division property is the optimal one among these methods in terms of the accuracy of the upper bounds on algebraic degree.  ...  Acknowledgments We would like to thank the anonymous reviewers for their helpful comments and suggestions.  ... 
doi:10.46586/tosc.v2021.i1.411-442 fatcat:edh3pszcybg3tnw4h4ojchq4uq

Cube-like Attack on Round-Reduced Initialization of Ketje Sr

Xiaoyang Dong, Zheng Li, Xiaoyun Wang, Ling Qin
2017 IACR Transactions on Symmetric Cryptology  
In addition, we introduce the new dynamic variable instead of the auxiliary variable (it was used in Dinur et al.'  ...  Hence, the number of key bits independent of the cube sum is very small, which makes the divide-and-conquer method (it has been applied to 7-round attack on Keccak-MAC by Dinur et al.) can not be translated  ...  Acknowledgments We would like to thank Florian Mendel and the anonymous reviewers who helped improve this paper.  ... 
doi:10.13154/tosc.v2017.i1.259-280 dblp:journals/tosc/DongLWQ17 fatcat:qxnpdqzbufgh3d2cgrldcw5lwy

Cube-like Attack on Round-Reduced Initialization of Ketje Sr

Xiaoyang Dong, Zheng Li, Xiaoyun Wang, Ling Qin
2017 IACR Transactions on Symmetric Cryptology  
In addition, we introduce the new dynamic variable instead of the auxiliary variable (it was used in Dinur et al.'  ...  Hence, the number of key bits independent of the cube sum is very small, which makes the divide-and-conquer method (it has been applied to 7-round attack on Keccak-MAC by Dinur et al.) can not be translated  ...  Acknowledgments We would like to thank Florian Mendel and the anonymous reviewers who helped improve this paper.  ... 
doi:10.46586/tosc.v2017.i1.259-280 fatcat:k7og5xexofhbjnuijezx3tpgya

Cryptanalysis of Ascon [chapter]

Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer
2015 Lecture Notes in Computer Science  
Moreover, we present a practical forgery attack for 3 rounds of the finalization, a theoretical forgery attack for 4 rounds finalization and zero-sum distinguishers for the full 12-round Ascon permutation  ...  Our results are practical key-recovery attacks on round-reduced versions of Ascon-128, where the initialization is reduced to 5 out of 12 rounds.  ...  The work has been supported in part by the Austrian Science Fund (project P26494-N15) and by the Austrian Research Promotion Agency (FFG) and the Styrian Business Promotion Agency (SFG) under grant number  ... 
doi:10.1007/978-3-319-16715-2_20 fatcat:lbodxbimxbcurnu4x7tcwf54gu

Bit-wise cryptanalysis on AND-RX permutation Friet-PC

Ryoma Ito, Rentaro Shiba, Kosei Sakamoto, Fukang Liu, Takanori Isobe
2021 Journal of Information Security and Applications  
, and zero-sum distinguishing attacks on the AND-RX permutation Friet-PC, which is implemented in a lightweight authenticated encryption scheme Friet.  ...  Finally, we construct 13-, 15-, and 17-round zero-sum distinguishers with time complexities of 2 31 , 2 63 , and 2 127 , respectively.  ...  Acknowledgments Takanori Isobe is supported by JST, Japan, PRESTO, Japan Grant Number JPMJPR2031 and Grant-in-Aid for Scientific Research (B), Japan (KAKENHI 19H02141) for Japan Society for the Promotion  ... 
doi:10.1016/j.jisa.2021.102860 fatcat:6v7tktn4cnc67mykd2shjqkwwy

Cube-Based Cryptanalysis of Subterranean-SAE

Fukang Liu, Takanori Isobe, Willi Meier
2020 IACR Transactions on Symmetric Cryptology  
A distinguishing attack with 233 calls to the internal permutation of Subterranean-SAE and 233 32-bit blocks is achieved as well.  ...  Moreover, the designers make no security claim but expect a non-trivial effort to achieve full-state recovery in a nonce-misuse scenario.  ...  Acknowledgments We thank Joan Daemen for discussing the initial version of this paper, providing many insightful comments and helping improve the writing quality of this paper.  ... 
doi:10.13154/tosc.v2019.i4.192-222 dblp:journals/tosc/LiuIM19 fatcat:ettssgtsxrd7vdqssrbsmaciuq

Links between Division Property and Other Cube Attack Variants

Yonglin Hao, Lin Jiao, Chaoyun Li, Willi Meier, Yosuke Todo, Qingju Wang
2020 IACR Transactions on Symmetric Cryptology  
In addition to the zero-sum property, we further prove that the bias phenomenon, the non-randomness widely utilized in dynamic cube attacks and cube testers, can also be reflected by the division property  ...  both the zero-sum and bias cube testers.  ...  As distinguishers, both the constant-sum and zero-sum can be used for identifying the correct key guesses.  ... 
doi:10.13154/tosc.v2020.i1.363-395 dblp:journals/tosc/HaoJLMTW20 fatcat:2whx4nizzrfurfweptdcsmqokm

Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography

Tim Fritzmann, Michiel Van Beirendonck, Debapriya Basu Roy, Patrick Karl, Thomas Schamberger, Ingrid Verbauwhede, Georg Sigl
2021 Transactions on Cryptographic Hardware and Embedded Systems  
For the critical non-linear operations, masked HW accelerators were developed, allowing a secure execution using RISC-V instruction set extensions.  ...  performance bottlenecks, we developed a generic Number Theoretic Transform (NTT) multiplier, which, in contrast to previously published accelerators, is also efficient and suitable for schemes not based on  ...  Acknowledgements This work was partly funded by the German Ministry of Education, Research and Technology in the context of the project Aquorypt (reference number 16KIS1017K).  ... 
doi:10.46586/tches.v2022.i1.414-460 fatcat:enicskdhinharkoqthnojvk7di
« Previous Showing results 1 — 15 out of 49 results