84 Hits in 2.2 sec

Further Analysis of a Proposed Hash-Based Signature Standard [article]

Scott R. Fluhrer
2017 IACR Cryptology ePrint Archive  
We analyze the concrete security of a hash-based signature scheme described in the most recent Internet Draft by McGrew, Fluhrer and Curcio.  ...  Version 07 of the McGrew-Fluhrer-Curcio draft In analyzing the most recent version of the McGrew-Fluhrer-Curcio proposal, we begin by showing the security of a hash compression function in an abstract  ...  For r = 2 h , ..., 2 h+1 − 1, set T [r] := H(I, [r] 4 , [8282] 2 , pk r−2 h ) 3.  ... 
dblp:journals/iacr/Fluhrer17 fatcat:kkaxmcvwb5auxkkiymbw4sduoi

Multiple forgery attacks against Message Authentication Codes [article]

David A. McGrew, Scott R. Fluhrer
2005 IACR Cryptology ePrint Archive  
(1−r n ) 1−r .  ...  Multiple forgery attacks on GCM GCM's message authentication tag can be computed as T = MSB t (r(K, IV ) ⊕ s(A, C)) ( 6 ) where r is a pseudorandom function and s is a universal hash.  ... 
dblp:journals/iacr/McGrewF05 fatcat:xvidstet5fgv7fy4dqxo4ubwsm

Cryptanalysis of the SEAL 3.0 Pseudorandom Function Family [chapter]

Scott R. Fluhrer
2002 Lecture Notes in Computer Science  
SEAL expands the 160-bit keys into 3 secret tables R, S, T, which contain respectively 256, 256, and 512 32-bit values. These tables are fixed once the key has been defined.  ...  , SEAL takes the 32-bit input string n and 6 bits of submessage index 1 and expands it into 256 bits of state (the 32 bit A, B, C, D variables and the 32 bit n 1 , n 2 , n 3 , n 4 variables using the R  ... 
doi:10.1007/3-540-45473-x_11 fatcat:lmbkdb65mfckbdd5ucrvll5qdy

Statistical Analysis of the Alleged RC4 Keystream Generator [chapter]

Scott R. Fluhrer, David A. McGrew
2001 Lecture Notes in Computer Science  
These rates can be related to the discrimination between the probability distribution p r generated by a truly random process and the distribution p RC4 generated by n-bit RC4 (with a randomly selected  ...  From [1] , the discrimination is related to α and β by the inequality L(p r , p RC4 ) ≥ β lg β 1 − α + (1 − β) lg 1 − β α . (1) Equality can be met by using an information-theoretic optimal test, such  ... 
doi:10.1007/3-540-44706-7_2 fatcat:6lzaw3fsmbfpfkud6ntwb22su4

Cryptanalysis of ring-LWE based key exchange with key share reuse [article]

Scott R. Fluhrer
2016 IACR Cryptology ePrint Archive  
This paper shows how several ring-LWE based key exchange protocols can be broken, under the assumption that the same key share is used for multiple exchanges. This indicates that, if these key exchange protocols are used, then it will be necessary for a fresh key share be generated for each exchange, and that these key exchange protocols cannot be used as a drop in replacement for designs which use Diffie-Hellman static key shares.
dblp:journals/iacr/Fluhrer16 fatcat:5dfxmisihbdl5dvle3tbxrekni

Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security [chapter]

David A. McGrew, Scott R. Fluhrer
2001 Lecture Notes in Computer Science  
In the precomputation stage, define the function f (x) = R(S(x)), and compute the set T = {(f t (x), x) : x ∈ R}, where R is a random N -element subset of F n 2 , and sort the elements of T so that their  ...  In the precomputation stage, compute the set V = {(v(k), k) : k ∈ R} of known keys and their hallmarks , where R is a set of N arbitrary distinct keys, and sort the vectors so that their first components  ... 
doi:10.1007/3-540-44983-3_2 fatcat:vjcms7l5bvcdpltjwwuff65jqi

Leakage of signal function with reused keys in RLWE key exchange

Jintai Ding, Saed Alsayigh, R V Saraswathy, Scott Fluhrer, Xiaodong Lin
2017 2017 IEEE International Conference on Communications (ICC)  
Previous Work An attack on RLWE key exchange for reused public keys was described by Fluhrer in [10] .  ...  Let R q , χ α be defined as above, and let s ← R q be uniformly chosen.  ... 
doi:10.1109/icc.2017.7996806 dblp:conf/icc/DingASFL17 fatcat:e5qdg3v25jehdp5dbqgbiyd6de

The Security of the Extended Codebook (XCB) Mode of Operation [chapter]

David A. McGrew, Scott R. Fluhrer
Selected Areas in Cryptography  
We let D i and D i be the coefficients defined as in Equation 17, then we define the polynomials R 1 and R 2 as R 1 (H) = E ⊕ m+n+1 i=1, D i · H m+n−i+2 (20) and R 2 (H) = E ⊕ m+n+1 i=1, D i · H m+n−i+  ...  H) = 0, where the polynomial R of degree at most m + n + 1 over GF (2 w ) is defined by R(H) = a ⊕ m+n+1 i=1, (D i ⊕ D i ) · H m+n−i+2 . (19) The polynomial R must be nonzero, that is, at least one of  ... 
doi:10.1007/978-3-540-77360-3_20 dblp:conf/sacrypt/McGrewF07 fatcat:vb2m5vz4nbdodk2wihzk6u6jde

Page 9499 of Mathematical Reviews Vol. , Issue 2004k [page]

2004 Mathematical Reviews  
Contents: Scott Fluhrer, Itsik Mantin and Adi Shamir, Weak- nesses in the key scheduling algorithm of RC4 (1-24); Philip Hawkes, Frank Quick and Gregory G.  ...  Rose, A practical cryptanal- ysis of SSC2 (25-37); Scott Fluhrer and Stefan Lucks, Analysis of the Ep encryption system (38-48); Amr Youssef and Guang Gong, Boolean functions with large distance to all  ... 

Page 236 of College and University Vol. 9, Issue 3 [page]

1934 College and University  
R. Sage. Iowa State TEacHERS Couuece, Cedar Falls, Charles S. Cory. *Iowa WESLEYAN Co.LiecE, Mt. Pleasant, George E. King. *JoHN FLETCHER COLLEGE, University Park, Earl H. Fluhrer.  ...  Scott. EaGue GROVE JuNIoR CouueGcE, Eagle Grove, Bryan Boatman, Dean. ELKADER JuNnioR Co.uecs, Elkader, J. Dale Welsch, Superintendent. ELLswortH JUNIOR CoLLEeGE, Jowa Falls, Sheridan R. Jones.  ... 

Page 10573 of Mathematical Reviews Vol. , Issue 2004m [page]

2004 Mathematical Reviews  
{For the entire collection see MR 2004k:94066. } 2004m:94050 94A60 Fluhrer, Scott; Lucks, Stefan (D-MNHM; Mannheim) Analysis of the Ey encryption system.  ...  {For the entire collection see MR 2004j:94027. } 2004m:94049 94A60 Fluhrer, Scott; Mantin, Itsik (IL-WEIZ-CS; Rehovot) ; Shamir, Adi (IL-WEIZ-CS; Rehovot) Weaknesses in the key scheduling algorithm of  ... 

Page 41 of Theatre Journal Vol. 2, Issue 4 [page]

1950 Theatre Journal  
Fluhrer; Immaculate Conception Academy, Sistex Mary Angelita, B.V.M. DES MOINES—Drake University, Portia Boynton, James J. Fiderlick, Charles R. Lown, Jr.. Wuanita Taylor Shaw, Margie L.  ...  Gaiser, R. Lyle Hagan, Richard Moody, Theta Alpha Phi, (Lee Nor- velle). BRAZIL—Senior High School, Juanita H. Shearer. CRAWFORDSVILLE — Wabash College, Charles E. Scott.  ... 

Page 476 of National Union Catalog Vol. 44, Issue [page]

1958 National Union Catalog  
Fluhrer , 1956, 255 p. illus., port, 20 cm. Bibliography, p. 247-255. 1. Schubart, Christian Friedrich Daniel—Fiction. 1. Title.  ...  PZA: T493Fu 61-22649 { Thorn, Ronald Scott, 1920- Second opinion. London, Heinemann 1961, 2387p. 19cm. 1. Title. PZA.T493Se 62-52552 Thorn, Ronald Scott, 1920- Upstairs and downstairs. London, N.  ... 

FNR: Arbitrary Length Small Domain Block Cipher Proposal [chapter]

Sashank Dara, Scott Fluhrer
2014 Lecture Notes in Computer Science  
The reference implementation is written by Scott Fluhrer and demo applications were written by Kaushal Bhandankar.  ...  One round of Feistel is a 2n bit permutation δ, with an n bit round function as defined below δ f (L, R) = (R, L ⊗ f (R)) where|L| = |R| = n (6) An r round Feistel network is simply the composition of  ...  r one round Feistel structures, transforming r n-bit functions f 1 , f 2 ...f r into a 2n bit permutation. δ f1, (L, R) = δ(f 1 ) • δ(f 2 ) • ....δ(f r ) (7) The security of PRP constructed by  ... 
doi:10.1007/978-3-319-12060-7_10 fatcat:boihyihjs5b55llhnm4e4ijudq

Attacking Predictable IPsec ESP Initialization Vectors [chapter]

Sami Vaarala, Antti Nuopponen, Teemupekka Virtanen
2002 Lecture Notes in Computer Science  
Previous Work The attack studied in this paper was clearly outlined by Scott Fluhrer in an e-mail to the IPsec mailing list 1 .  ...  The use of predictable initialization vectors leads to an adaptive chosen plaintext attack, which was pointed out by Scott Fluhrer on the IPsec working group mailing list.  ... 
doi:10.1007/3-540-36159-6_14 fatcat:qrtggxvoffddtgijlkcq2bwnfq
« Previous Showing results 1 — 15 out of 84 results