23 Result(s)
within
**aoyang Dong
Cryptology
-
Chapter and Conference Paper
Quantum Attacks: A View of Data Complexity on Offline Simon’s Algorithm
Simon’s algorithm has shown a threat to block ciphers in the quantum setting, especially accelerating attacks with superposition queries. Sometimes it is difficult for attackers to make superposition queries, ...
-
Article
Improved attacks against reduced-round Whirlwind
The Whirlwind hash function was proposed by Barreto et al. (Des Codes Cryptogr 56(2–3):141–162, 2010, https://doi.org/10.1007/s10623-010-9391-y). In this paper, we...
-
Chapter and Conference Paper
Quantum Attacks on Hash Constructions with Low Quantum Random Access Memory
At ASIACRYPT 2022, Benedikt, Fischlin, and Huppert proposed the quantum herding attacks on iterative hash functions for the first time. Their attack needs exponential quantum random access memory (qRAM), more ...
-
Chapter and Conference Paper
Automated Meet-in-the-Middle Attack Goes to Feistel
Feistel network and its generalizations (GFN) are another important building blocks for constructing hash functions, e.g., Simpira v2, Areion, and the ISO standard Lesamnta-LW. The Meet-in-the-Middle (MitM) is a ...
-
Chapter and Conference Paper
Meet-in-the-Middle Preimage Attacks on Sponge-Based Hashing
The Meet-in-the-Middle (MitM) attack has been widely applied to preimage attacks on Merkle-Damgård (MD) hashing. In this paper, we introduce a generic framework of the MitM attack on sponge-based hashing. We f...
-
Chapter and Conference Paper
Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256
Designing symmetric ciphers for particular applications becomes a hot topic. At EUROCRYPT 2020, Naito, Sasaki and Sugawara invented the threshold implementation friendly cipher SKINNYe-64-256 to meet the requirem...
-
Chapter and Conference Paper
Key Guessing Strategies for Linear Key-Schedule Algorithms in Rectangle Attacks
When generating quartets for the rectangle attacks on ciphers with linear key-schedule, we find the right quartets which may suggest key candidates have to satisfy some nonlinear relations. However, some quart...
-
Chapter and Conference Paper
Triangulating Rebound Attack on AES-like Hashing
The rebound attack was introduced by Mendel et al. at FSE 2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rou...
-
Chapter and Conference Paper
Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key Differentials
Collision attacks on AES-like hashing (hash functions constructed by plugging AES-like ciphers or permutations into the famous PGV modes or their variants) can be reduced to the problem of finding a pair of in...
-
Chapter and Conference Paper
Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks
At EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based frame...
-
Chapter and Conference Paper
Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing
The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the preimage resistance of many hash functions, including but not limited to the full MD5, HAVAL, and Tiger, and reduced SHA-0/1/2. It...
-
Article
Quantum attacks on some feistel block ciphers
Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor’s attack on RSA and ECC ciphers. At CRYPTO 2...
-
Article
Generalized related-key rectangle attacks on block ciphers with linear key schedule: applications to SKINNY and GIFT
This paper gives a new generalized key-recovery model of related-key rectangle attacks on block ciphers with linear key schedules. The model is quite optimized and applicable to various block ciphers with line...
-
Chapter and Conference Paper
Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories
At EUROCRYPT 2020, Hosoyamada and Sasaki proposed the first dedicated quantum attack on hash functions—a quantum version of the rebound attack exploiting differentials whose probabilities are too low to be use...
-
Article
MILP-aided cube-attack-like cryptanalysis on Keccak Keyed modes
Cube-attack-like cryptanalysis was proposed by Dinur et al. at EUROCRYPT 2015, which recovers the key of Keccak keyed modes in a divide-and-conquer manner. In their attack, one selects cube variables manually,...
-
Chapter and Conference Paper
Quantum Attacks Against Type-1 Generalized Feistel Ciphers and Applications to CAST-256
Generalized Feistel Schemes (GFSs) are important components of symmetric ciphers, which have been extensively studied in the classical setting. However, detailed security evaluations of GFS in the quantum sett...
-
Chapter and Conference Paper
Improved Related-Tweakey Rectangle Attacks on Reduced-Round Deoxys-BC-384 and Deoxys-I-256-128
Deoxys-BC is the core internal tweakable block cipher of the authenticated encryption schemes Deoxys-I and Deoxys-II. Deoxys-II is one of the six schemes in the final portfolio of the CAESAR competition, while...
-
Chapter and Conference Paper
MILP-Based Differential Attack on Round-Reduced GIFT
At Asiacrypt 2014, Sun et al. proposed a MILP model [20] to search for differential characteristics of bit-oriented block ciphers. In this paper, we improve this model to search for differential characteristics o...
-
Article
Conditional cube attack on round-reduced River Keyak
This paper evaluates the security level of the River Keyak against the cube-like attack. River Keyak is the only lightweight scheme of the Keccak-permutation-based authenticated encryption cipher Keyak, which ...
-
Chapter and Conference Paper
A Key-Recovery Attack on 855-round Trivium
In this paper, we propose a key-recovery attack on Trivium reduced to 855 rounds. As the output is a complex Boolean polynomial over secret key and IV bits and it is hard to find the solution of the secret key...
