6,966 Hits in 3.8 sec

On Cipher-Dependent Related-Key Attacks in the Ideal-Cipher Model [chapter]

M. R. Albrecht, P. Farshim, K. G. Paterson, G. J. Watson
2011 Lecture Notes in Computer Science  
Precisely such related-key functions underlie the generic attack, so our extended modelling allows us to capture a larger universe of related-key attacks in the ideal-cipher model.  ...  In this sense, the attack can be seen as a separation between the ideal-cipher model and the standard model.  ...  The work described in this paper has in part been supported by the Commission of the European Communities through the ICT program under contract ICT-2007-216676 (ECRYPT-II). M.R.  ... 
doi:10.1007/978-3-642-21702-9_8 fatcat:eejesz6qbne3zc7g6ehyaaszmy

Hash Functions from Defective Ideal Ciphers [chapter]

Jonathan Katz, Stefan Lucks, Aishwarya Thiruvengadam
2015 Lecture Notes in Computer Science  
to related-key attack on TEA -Attack on the RMAC message authentication code This work • We define a "defective" ideal cipher model incorporating linear related-key attacks -Goal: better understand real-world  ...  -Here: hash functions from block ciphers • When instantiated, the primitive may have "defects" and be far from ideal Motivating example • Related-key attacks on block ciphers -Several such attacks on  ...  variable ℎ and message switched from Davies-Meyer -In particular, the key to the block cipher does not depend on the input • MMO compression function proven collisionresistant in the ideal-cipher model  ... 
doi:10.1007/978-3-319-16715-2_15 fatcat:xmq3wx5gxra2zag33mlsgveohu

On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks [chapter]

Benoît Cogliati, Yannick Seurin
2015 Lecture Notes in Computer Science  
This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule).  ...  In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed  ...  Acknowledgment We thank Gaëtan Leurent for pointing to our attention the related-key attack matching the security bound of Theorem 2.  ... 
doi:10.1007/978-3-662-46800-5_23 fatcat:dyikfqk23jcdlanqcjrhhihhbi

Towards Understanding the Known-Key Security of Block Ciphers [chapter]

Elena Andreeva, Andrey Bogdanov, Bart Mennink
2014 Lecture Notes in Computer Science  
In this paper, we tackle this problem for the case of block ciphers based on ideal components such as random permutations and random functions as well as propose new generic known-key attacks on generalized  ...  To show its meaningfulness, we prove that the known-key attacks on block ciphers with ideal primitives to date violate security under known-key indifferentiability.  ...  The security model in known-key attacks is quite different though: the attacker knows the randomly drawn key the block cipher operates with and aims to find a structural property for the cipher under the  ... 
doi:10.1007/978-3-662-43933-3_18 fatcat:lp6gui3ie5g4xckqpkrcfbbjwa

Multi-key Security: The Even-Mansour Construction Revisited [chapter]

Nicky Mouha, Atul Luykx
2015 Lecture Notes in Computer Science  
In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour construction surprisingly offers similar security as an ideal block cipher with  ...  At ASIACRYPT 1991, Even and Mansour introduced a block cipher construction based on a single permutation.  ...  It is difficult to say whether related-key security should be a requirement, as this depends on the protocol in which the cryptosystem is used.  ... 
doi:10.1007/978-3-662-47989-6_10 fatcat:o3izd5smcrcvloiybvbbfvfcje

Towards Fresh and Hybrid Re-Keying Schemes with Beyond Birthday Security [chapter]

Christoph Dobraunig, François Koeune, Stefan Mangard, Florian Mendel, François-Xavier Standaert
2016 Lecture Notes in Computer Science  
In this paper, we provide two provably secure (in the ideal cipher model) solutions to avoid such collision attacks.  ...  cipher execution in the protocol.  ...  However, this is not a problem in the ideal cipher model, where related-key attacks do not apply. 2.  ... 
doi:10.1007/978-3-319-31271-2_14 fatcat:5cwr2bqf6vaqxhm7dmw7mdyjwe

A Simple Key-Recovery Attack on McOE-X [chapter]

Florian Mendel, Bart Mennink, Vincent Rijmen, Elmar Tischhauser
2012 Lecture Notes in Computer Science  
The attack is based on the observation that in McOE-X the key is changed for every block of message that is encrypted in a deterministic way.  ...  In this paper, we present a key-recovery attack on the online authenticated encryption scheme McOE-X proposed by Fleischmann et al. at FSE 2012.  ...  In addition, this work was supported by the Research Fund KU Leuven, OT/08/027.  ... 
doi:10.1007/978-3-642-35404-5_3 fatcat:7peqbm7e4vajnlzm63p6rn3jn4

A new security relation between information rate and state size of a keystream generator

2016 Turkish Journal of Electrical Engineering and Computer Sciences  
The main reason is that stream ciphers are supposed to have large internal states due to the strict requirement related to their resistance against tradeoff attacks (time-memory-data tradeoff (TMDT)).  ...  The classical stream cipher encryption relies on deterministic keystream generation both at transmission and at receiver sides.  ...  We showed that this model provides security enhancement against error nontolerant attacks and further analyzed the security of the model for TMDT attacks to show how a reduction in the minimum state size  ... 
doi:10.3906/elk-1311-54 fatcat:jhbvgeuohvd2dbboybsiz4h24y

Multivariate Profiling of Hulls for Linear Cryptanalysis

Andrey Bogdanov, Elmar Tischhauser, Philip S. Vejre
2018 IACR Transactions on Symmetric Cryptology  
being responsible for the best known attacks on ciphers such as Serpent and present.  ...  We successfully extend the attack to present the first 27-round attack which takes key-dependence into account.  ...  This is the first attack on 27 rounds of present in a model that accounts for key-dependence. Our attacks are compared to previous attacks on present in Table 1 .  ... 
doi:10.13154/tosc.v2018.i1.101-125 dblp:journals/tosc/BogdanovTV18 fatcat:22fdcgq5sfeihn2izp3esoq5ei

Structural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128 [chapter]

Pierre-Alain Fouque, Jérémy Jean, Thomas Peyrin
2013 Lecture Notes in Computer Science  
, as shown by the numerous candidates broken in the related-key model or in a hash function setting.  ...  We use a variant of Dijkstra's algorithm to efficiently find the most efficient related-key attacks on SPN ciphers with an algorithm linear in the number of rounds.  ...  We would like to thank the Martjin Stam, Christian Rechberger and the anonyous referees for their valuable comments on our paper.  ... 
doi:10.1007/978-3-642-40041-4_11 fatcat:4c33qsv6sjfipcnz644mswmkuy

Different Types of Attacks on Block Ciphers

2020 International journal of recent technology and engineering  
In this paper, algebraic attack is used to formulate the substitution box(S-box) of a block cipher to system of nonlinear equations and solve this system by using a classical method called Grobner  Bases  ...  By Solving these equations, we made algebraic attack on S-box.  ...  Algebraic attacks depend on formulating the cipher into system of equations and then solve it [4] . The block ciphers depend on the substitution boxes( S-boxes).  ... 
doi:10.35940/ijrte.c4214.099320 fatcat:eb26junbdfgxxdflmlgwzj5e5m

Modes of Operation of Stream Ciphers [chapter]

Jovan Dj. Golić
2001 Lecture Notes in Computer Science  
A general stream cipher with memory in which each ciphertext symbol depends on both the current and previous plaintext symbols, as well as each plaintext symbol depends on both the current and previous  ...  Rather new and unusual designs can thus be obtained, such as the designs of block ciphers and (keyed) hash functions based on clock-controlled shift registers only.  ...  We are interested in the SCM mode whose initial state depends on the secret key only, without using any randomizing key to satisfy the one-time-pad assumption.  ... 
doi:10.1007/3-540-44983-3_17 fatcat:ch7qw75is5ekhm555hw3nudnv4

A Hybrid MCDM Approach of Selecting Lightweight Cryptographic Cipher Based on ISO and NIST Lightweight Cryptography Security Requirements for Internet of Health Things

Li Ning, Yasir Ali, Hu Ke, Shah Nazir, Zhao Huanli
2020 IEEE Access  
The most serious challenges currently faced by healthcare environment is the decision making related to the installation of the most suitable and appropriate lightweight authentication cipher that could  ...  Similarly, the selected lightweight authentication cryptographic ciphers are used for the first time for assessment in IoHT environment.  ...  The Feistel structure of key scheduling of KLEIN cipher allows it to avoid key related attacks [56] .  ... 
doi:10.1109/access.2020.3041327 fatcat:3kyrdot44fa5jljcswxjsvnjvq

On the Security of Encrypted Secret Sharing

Johannes Braun, Alexander Wiesmaier, Johannes Buchmann
2013 2013 46th Hawaii International Conference on System Sciences  
the lengths of the k shortest keys. (3) Under adaptive chosen plaintext attacks, this security level remains intact until at least k algorithms are compromised. (4) Under adaptive chosen chipertext attacks  ...  , the security level decreases with each compromised algorithm at most by the corresponding key length. (5) The scheme increases the effective key lengths of repeatedly applied encryption algorithms.  ...  Due to the ideal cipher model, exhaustive key search is the only possible attack on the ciphers.  ... 
doi:10.1109/hicss.2013.426 dblp:conf/hicss/0001WB13 fatcat:daqngz2p25cb3ptzraillzmica

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers [chapter]

Shahram Khazaei, Willi Meier
2008 Lecture Notes in Computer Science  
First we show how to model these primitives in the above-mentioned general problem by relating appropriate functions F to the underlying ciphers.  ...  In this work we focus on self-synchronizing stream ciphers.  ...  Attack Models on Self-Synchronizing Stream Ciphers There are two kinds of attack on synchronizing stream ciphers: distinguishing attacks and key recovery attacks 1 .  ... 
doi:10.1007/978-3-540-89754-5_2 fatcat:ryki6ajp3bd7pbcwxcpp4ixbzi
« Previous Showing results 1 — 15 out of 6,966 results