-
Chapter and Conference Paper
Improving Linear Key Recovery Attacks Using Walsh Spectrum Puncturing
In some linear key recovery attacks, the function which determines the value of the linear approximation from the plaintext, ciphertext and key is replaced by a similar map in order to improve the time or memo...
-
Chapter and Conference Paper
Keyed Sum of Permutations: A Simpler RP-Based PRF
Idealized constructions in cryptography prove the security of a primitive based on the security of another primitive. The challenge of building a pseudorandom function (PRF) from a random permutation (RP) has ...
-
Chapter and Conference Paper
A Modular Approach to the Incompressibility of Block-Cipher-Based AEADs
Incompressibility is one of the most fundamental security goals in white-box cryptography. Given recent advances in the design of efficient and incompressible block ciphers such as SPACE, SPNbox and WhiteBlock, w...
-
Chapter and Conference Paper
New Attacks from Old Distinguishers Improved Attacks on Serpent
Serpent was originally proposed in 1998 and is one of the most studied block ciphers. In this paper we improve knowledge of its security by providing the current best attack on this cipher, which is a 12-round...
-
Chapter and Conference Paper
Designing S-Boxes Providing Stronger Security Against Differential Cryptanalysis for Ciphers Using Byte-Wise XOR
In this paper, we develop an S-box designing method by considering an interplay between an S-box and a linear layer, which enhances security against differential cryptanalysis. The basic idea can be found in b...
-
Chapter and Conference Paper
PRINCEv2
In this work, we propose tweaks to the PRINCE block cipher that help us to increase its security without changing the number of rounds or round operations. We get substantially higher security for the same comple...
-
Chapter and Conference Paper
Massive Superpoly Recovery with Nested Monomial Predictions
Determining the exact algebraic structure or some partial information of the superpoly for a given cube is a necessary step in the cube attack – a generic cryptanalytic technique for symmetric-key primitives ...
-
Chapter and Conference Paper
Strong and Tight Security Guarantees Against Integral Distinguishers
Integral attacks belong to the classical attack vectors against any given block ciphers. However, providing arguments that a given cipher is resistant against those attacks is notoriously difficult. In this p...
-
Chapter and Conference Paper
Lower Bounds on the Degree of Block Ciphers
Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower...
-
Chapter and Conference Paper
Modeling for Three-Subset Division Property Without Unknown Subset
A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers,...
-
Chapter and Conference Paper
Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems
The security and performance of many integrity proof systems like SNARKs, STARKs and Bulletproofs highly depend on the underlying hash function. For this reason several new proposals have recently been develop...
-
Chapter and Conference Paper
Improved Differential-Linear Attacks with Applications to ARX Ciphers
We present several improvements to the framework of differential-linear attacks with a special focus on ARX ciphers. As a demonstration of their impact, we apply them to Chaskey and ChaCha and we are able to s...
-
Chapter and Conference Paper
Programming the Demirci-Selçuk Meet-in-the-Middle Attack with Constraints
Cryptanalysis with SAT/SMT, MILP and CP has increased in popularity among symmetric-key cryptanalysts and designers due to its high degree of automation. So far, this approach covers differential, linear, impo...
-
Chapter and Conference Paper
Several MILP-Aided Attacks Against SNOW 2.0
SNOW 2.0 is a software-oriented stream cipher and internationally standardized by ISO/IEC 18033-4. In this paper, we present three attacks on SNOW 2.0 by MILP-aided automatic search algorithms. First, we prese...
-
Chapter and Conference Paper
Fast Correlation Attack Revisited
A fast correlation attack (FCA) is a well-known cryptanalysis technique for LFSR-based stream ciphers. The correlation between the initial state of an LFSR and corresponding key stream is exploited, and the go...
-
Chapter and Conference Paper
Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly
The cube attack is an important technique for the cryptanalysis of symmetric key primitives, especially for stream ciphers. Aiming at recovering some secret key bits, the adversary reconstructs a superpoly wit...
-
Chapter and Conference Paper
Low-Data Complexity Attacks on Camellia
In this paper, we propose low-data complexity attacks on reduced-round Camellia. Our attacks are based on deterministic truncated differential characteristics exploiting properties of binaries matrices and dif...
-
Chapter and Conference Paper
Improved Integral Attack on HIGHT
HIGHT is a lightweight block cipher with 64-bit block length and 128-bit security, and it is based on the ARX-based generalized Feistel network. HIGHT became a standard encryption algorithm in South Korea and ...
-
Chapter and Conference Paper
Division Property: Efficient Method to Estimate Upper Bound of Algebraic Degree
We proposed the division property, which is a new method to find integral characteristics, at EUROCRYPT2015. Then, we applied this technique to analyze the full MISTY1 at CRYPTO2015. After the proposal of the ...
-
Chapter and Conference Paper
Gimli : A Cross-Platform Permutation
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32-bit ARM smartphone...