Filters








843 Hits in 3.0 sec

Practical Algebraic Attack on DAGS [article]

Magali Bardet, Manon Bertin, Alain Couvreur, Ayoub Otmani
2019 arXiv   pre-print
It shows that DAGS can be totally cryptanalysed by solving a system of bilinear polynomial equations. However, some sets of DAGS parameters were not broken in practice.  ...  Recently an algebraic attack was devised by Barelli and Couvreur (Asiacrypt 2018) that efficiently recovers the private key.  ...  In Table 1 we report the average running times of our attack and that of [8] performed on the same machine. For DAGS-1 and DAGS-5, the linear algebra part of the attack is the dominant cost.  ... 
arXiv:1905.03635v1 fatcat:vfqp46khkrcqhdszvi5iqmaxw4

DAGS: Key encapsulation using dyadic GS codes

Gustavo Banegas, Paulo S. L. M. Barreto, Brice Odilon Boidje, Pierre-Louis Cayrel, Gilbert Ndollane Dione, Kris Gaj, Cheikh Thiécoumba Gueye, Richard Haeussler, Jean Belo Klamti, Ousmane N'diaye, Duc Tri Nguyen, Edoardo Persichetti (+1 others)
2018 Journal of Mathematical Cryptology  
In this paper, we introduce DAGS, a Key Encapsulation Mechanism (KEM) based on quasi-dyadic generalized Srivastava codes.  ...  Code-based cryptography is one of the main areas of interest for NIST's Post-Quantum Cryptography Standardization call.  ...  There is a one-to-one correspondence between these roots and the error positions: in fact, there is an error in position i if and only if σ(1/x i ) = 0.  ... 
doi:10.1515/jmc-2018-0027 fatcat:grjhydflwffnrjsv62viehvsmi

Improvement of algebraic attacks for solving superdetermined MinRank instances [article]

Magali Bardet, Manon Bertin
2022 arXiv   pre-print
We show that the algebraic attack from Barelli and Couvreur (Asiacrypt 2018), improved in Bardet et al.  ...  They use linear algebra on specific Macaulay matrices, considering only multiples of the initial equations by one block of variables, the so called "kernel" variables. Later, Bardet et al.  ...  It suffered from an algebraic attack [8] that efficiently recovers the private key, and was improved in [5] . Here, we show that the DAGS algebraic modeling is in fact a MinRank problem.  ... 
arXiv:2208.01442v1 fatcat:hdgnajo5wnbs5pkzxwaqq4u56m

An efficient structural attack on NIST submission DAGS [article]

Elise Barelli, Alain Couvreur
2018 arXiv   pre-print
This attack permits to break the proposal DAGS recently submitted to NIST.  ...  We present an efficient key recovery attack on code based encryption schemes using some quasi-dyadic alternant codes with extension degree 2.  ...  In terms of security with respect to key recovery attacks, DAGS parameters are chosen to be out of reach of the algebraic attacks [16, 15] .  ... 
arXiv:1805.05429v2 fatcat:zv22tzetzrce3jqmvtgtkwvmn4

Automatic Search of Attacks on Round-Reduced AES and Applications [chapter]

Charles Bouillaguet, Patrick Derbez, Pierre-Alain Fouque
2011 Lecture Notes in Computer Science  
When the attack found by the tool are practical, they have been implemented and validated.  ...  Finally, the tools can be used in the context of fault attacks. These algorithms exploit the algebraically simple byte-oriented structure of the AES.  ...  We implemented this attack and validated it in practice. It terminates in a couple of seconds on a laptop.  ... 
doi:10.1007/978-3-642-22792-9_10 fatcat:z6qimqnvv5agnd5njvk5wropw4

Cryptanalysis of the Chor-Rivest cryptosystem [chapter]

Serge Vaudenay
1998 Lecture Notes in Computer Science  
In this paper, we show how to break this one with its suggested parameters: GF(p 24) and GF(25625). We also give direction on possible extensions of our attack.  ...  In this paper, we present a new attack on it which definitely breaks the system for all the proposed parameters in Chor-Rivest's final paper [3] .  ...  We can thus start the attack with the field GF(256) and then obtain g16 from g162 as illustrated by the (generalized) factoring DAG of GF(2565) illustrated on Fig.  ... 
doi:10.1007/bfb0055732 fatcat:4ol52jwt25gtnldodxzaswwz2i

Protocol insecurity with a finite number of sessions and composed keys is NP-complete

Michaël Rusinowitch, Mathieu Turuani
2003 Theoretical Computer Science  
We also prove that in order to build an attack with a ÿxed number of sessions the intruder needs only to forge messages of linear size, provided that they are represented as dags. (M.  ...  The result does not assume a limit on the size of messages and supports non-atomic symmetric encryption keys.  ...  This result has crucial practical implications since it means that when searching for an attack we can give a simple a priori bound on the DAG-size of the messages needed to be forged by the intruder:  ... 
doi:10.1016/s0304-3975(02)00490-5 fatcat:tfob6dmzevfypogzneix5247tq

Integral Cryptanalysis of WARP based on Monomial Prediction

Hosein Hadipour, Maria Eichlseder
2022 IACR Transactions on Symmetric Cryptology  
Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds.  ...  In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially.  ...  Table 4 : 4 Algebraic Normal Form (ANF) of the WARP S-box S. Table 6 : 6 Practical integral distinguishers for 10 to 15 rounds of WARP.  ... 
doi:10.46586/tosc.v2022.i2.92-112 dblp:journals/tosc/HadipourE22 fatcat:3z3glz7m75e2la26cyej44c6we

Efficient Algorithms for Quantitative Attack Tree Analysis [article]

Carlos E. Budde, Mariëlle Stoelinga
2021 arXiv   pre-print
For each class, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics.  ...  These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is, such as the most likely attack, the cheapest, or the most damaging one  ...  COMPUTATIONS FOR DAG-STRUCTURED SATS Attack trees with shared subtrees cannot be analysed via a bottom-up procedure on its (DAG) structure, as we illustrate next in Example 5.  ... 
arXiv:2105.07511v2 fatcat:3nujt2rnz5akndemljglxgy5fq

Efficient Decision Procedures for Message Deducibility and Static Equivalence [chapter]

Bruno Conchinha, David Basin, Carlos Caleiro
2011 Lecture Notes in Computer Science  
As an application, we use our algorithm for static equivalence to discover off-line guessing attacks on the Kerberos protocol when implemented using a symmetric encryption scheme for which the prefix property  ...  Only Attack 4 relies on the fact that we use version IV instead of version V and exchange the order of the messages of the original Kerberos protocol. How feasible are these attacks in practice?  ...  Off-Line Guessing Attacks on a Version of Kerberos We now present multiple off-line guessing attacks on a version of Kerberos.  ... 
doi:10.1007/978-3-642-19751-2_3 fatcat:fdm7xyx6xjh3hktgth2qdsmloi

The Marriage Between Safety and Cybersecurity: Still Practicing [chapter]

Marielle Stoelinga, Christina Kolb, Stefano M. Nicoletti, Carlos E. Budde, Ernst Moritz Hahn
2021 Lecture Notes in Computer Science  
Finally, we report on early results in these directions. Keywords: Safety This work was partially funded by ERC Consolidator Grant 864075 (CAESAR).  ...  Emerging technologies, like self-driving cars, drones, and the Internet-of-Things must not impose threats to people, neither due to accidental failures (safety), nor due to malicious attacks (security)  ...  In particular, the BDD size heavily depends on the order for the variables. In practice good heuristics are available, making BDD-computations efficient in practice.  ... 
doi:10.1007/978-3-030-84629-9_1 fatcat:lgvs47nbazhg3jyh4hymug7blm

Neural Network Approximations of Compositional Functions With Applications to Dynamical Systems [article]

Wei Kang, Qi Gong
2020 arXiv   pre-print
Towards the goal of revealing the underlying reason why neural networks are capable of solving some high dimensional problems, we develop an algebraic framework and an approximation theory for compositional  ...  Finding compositional function representations of these problems may lead to innovative and practical solutions based on deep learning.  ...  This property enables the capability for one to compose complicated deep neural networks based on simple networks and algebraic operations.  ... 
arXiv:2012.01698v1 fatcat:2pbpgmsmfjaprcvo2f4pyjdtkq

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees [article]

Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer
2013 arXiv   pre-print
This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs).  ...  The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs.  ...  Acknowledgments The authors would like to thank Sjouke Mauw and Pieter Hartel for their comments on a preliminary version of this survey, which helped them to improve the paper.  ... 
arXiv:1303.7397v1 fatcat:fiebxymrd5dcnmnufddaoaqlaa

The Provable Security of Graph-Based One-Time Signatures and Extensions to Algebraic Signature Schemes [chapter]

Alejandro Hevia, Daniele Micciancio
2002 Lecture Notes in Computer Science  
The techniques used to prove the security of graph based one-time signatures are then applied to the construction of a new class of algebraic signature schemes, i.e., schemes where signatures can be combined  ...  Essentially all known one-time signature schemes can be described as special instances of a general scheme suggested by Bleichenbacher and Maurer based on "graphs of one-way functions".  ...  Conclusions In this paper, we analyze graph based signatures from a security viewpoint and give sufficient conditions, namely the existence of one-way permutations, under which the signature scheme is  ... 
doi:10.1007/3-540-36178-2_24 fatcat:dp4it5ildbc2fhmcr5pxjxkpci

Attack-defense trees

B. Kordy, S. Mauw, S. Radomirovic, P. Schweitzer
2012 Journal of Logic and Computation  
This enlarges the modeling capabilities of attack trees and makes the new formalism suitable for representing interactions between an attacker and a defender.  ...  Attack-defense trees are a novel methodology for graphical security modeling and assessment.  ...  In the future, we plan to extend our framework from attack-defense trees to attack-defense DAGs. Using DAGs we can model dependencies between the sub-goals.  ... 
doi:10.1093/logcom/exs029 fatcat:v6yk7vyllrcz7pxmiayq5ssjsm
« Previous Showing results 1 — 15 out of 843 results