-
Article
Open AccessTrims and extensions of quadratic APN functions
In this work, we study functions that can be obtained by restricting a vectorial Boolean function $$F :\mathbb {F}_{2}^n \rightarrow \mathbb {...
-
Chapter and Conference Paper
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, we show that the initial state of GEA-1 can be recovered from a...
-
Article
Open Access4-uniform permutations with null nonlinearity
We consider n-bit permutations with differential uniformity of 4 and null nonlinearity. We first show that the inverses of Gold functions have the interesting property that one component can be replaced by a line...
-
Chapter and Conference Paper
Lower Bounds on the Degree of Block Ciphers
Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower...
-
Chapter and Conference Paper
Modeling for Three-Subset Division Property Without Unknown Subset
A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers,...
-
Chapter and Conference Paper
Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems
The security and performance of many integrity proof systems like SNARKs, STARKs and Bulletproofs highly depend on the underlying hash function. For this reason several new proposals have recently been develop...
-
Chapter and Conference Paper
Improved Differential-Linear Attacks with Applications to ARX Ciphers
We present several improvements to the framework of differential-linear attacks with a special focus on ARX ciphers. As a demonstration of their impact, we apply them to Chaskey and ChaCha and we are able to s...
-
Article
Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64
In this paper, we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers...
-
Chapter and Conference Paper
Rasta: A Cipher with Low ANDdepth and Few ANDs per Bit
Recent developments in multi party computation (MPC) and fully homomorphic encryption (FHE) promoted the design and analysis of symmetric cryptographic schemes that minimize multiplications in one way or anoth...
-
Article
Differential-Linear Cryptanalysis Revisited
The two main classes of statistical cryptanalysis are the linear and differential attacks. They have many variants and enhancements such as the multidimensional linear attacks and the truncated differential at...
-
Chapter and Conference Paper
Proving Resistance Against Invariant Attacks: How to Choose the Round Constants
Many lightweight block ciphers apply a very simple key schedule in which the round keys only differ by addition of a round-specific constant. Generally, there is not much theory on how to choose appropriate co...
-
Chapter and Conference Paper
Grover Meets Simon – Quantumly Attacking the FX-construction
Using whitening keys is a well understood mean of increasing the key-length of any given cipher. Especially as it is known ever since Grover’s seminal work that the effective key-length is reduced by a factor ...
-
Chapter and Conference Paper
Nonlinear Invariant Attack
In this paper we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers
-
Chapter and Conference Paper
Strong 8-bit Sboxes with Efficient Masking in Hardware
Block ciphers are arguably the most important cryptographic primitive in practice. While their security against mathematical attacks is rather well understood, physical threats such as side-channel analysis (S...
-
Chapter and Conference Paper
Lightweight Multiplication in \(GF(2^n)\) with Applications to MDS Matrices
In this paper we consider the fundamental question of optimizing finite field multiplications with one fixed element. Surprisingly, this question did not receive much attention previously. We investigate which...
-
Chapter and Conference Paper
The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS
We present a new tweakable block cipher family SKINNY, whose goal is to compete with NSA recent design SIMON in terms of hardware/software performances, while proving in addition much stronger security guarantees...
-
Chapter and Conference Paper
A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro
Invariant subspace attacks were introduced at CRYPTO 2011 to cryptanalyze PRINTcipher. The invariant subspaces for PRINTcipher were discovered in an ad hoc fashion, leaving a generic technique to discover invaria...
-
Chapter and Conference Paper
Observations on the SIMON Block Cipher Family
In this paper we analyse the general class of functions underlying the Simon block cipher. In particular, we derive efficiently computable and easily implementable expressions for the exact differential and linea...
-
Chapter and Conference Paper
Differential-Linear Cryptanalysis Revisited
Block ciphers are arguably the most widely used type of cryptographic primitives. We are not able to assess the security of a block cipher as such, but only its security against known attacks. The two main cla...
-
Chapter and Conference Paper
Block Ciphers – Focus on the Linear Layer (feat. PRIDE)
The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, ...
