![Loading...](https://link.springer.com/static/c4a417b97a76cc2980e3c25e2271af3129e08bbe/images/pdf-preview/spacer.gif)
-
Chapter and Conference Paper
Implicit Key-Stretching Security of Encryption Schemes
When keys are small or parts thereof leak, key-recovery attacks on symmetric-key primitives still pose a plausible threat. Key stretching is one well-known means to throttle potential adversaries, where stretc...
-
Chapter and Conference Paper
On the Post-quantum Security of Classical Authenticated Encryption Schemes
We study the post-quantum security of authenticated encryption (AE) schemes, designed with classical security in mind. Under superposition attacks, many CBC-MAC variants have been broken, and AE modes employin...
-
Chapter and Conference Paper
Pholkos – Efficient Large-State Tweakable Block Ciphers from the AES Round Function
This paper proposes Pholkos, a family of heavyweight tweakable block ciphers with state and key sizes of \({\ge }256\) ...
-
Chapter and Conference Paper
Is RCB a Leakage Resilient Authenticated Encryption Scheme?
Leakage resilient cryptography wants to provide security against side channel attacks. In this paper, we present several issues of the ...
-
Chapter and Conference Paper
New Second Preimage Attacks on Dithered Hash Functions with Low Memory Complexity
Dithered hash functions were proposed by Rivest as a method to mitigate second preimage attacks on Merkle-Damgård hash functions. Despite that, second preimage attacks against dithered hash functions were prop...
-
Chapter and Conference Paper
Gimli : A Cross-Platform Permutation
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32-bit ARM smartphone...
-
Chapter and Conference Paper
Reforgeability of Authenticated Encryption Schemes
This work pursues the idea of multi-forgery attacks as introduced by Ferguson in 2002. We recoin reforgeability for the complexity of obtaining further forgeries once a first forgery has succeeded. First, we i...
-
Chapter and Conference Paper
Efficient Beyond-Birthday-Bound-Secure Deterministic Authenticated Encryption with Minimal Stretch
Block-cipher-based authenticated encryption has obtained considerable attention from the ongoing CAESAR competition. While the focus of CAESAR resides primarily on nonce-based authenticated encryption, Determi...
-
Chapter and Conference Paper
RIV for Robust Authenticated Encryption
Typical AE schemes are supposed to be secure when used as specified. However, they can – and often do – fail miserably when used improperly. As a partial remedy, Rogaway and Shrimpton proposed (nonce-)misuse-r...
-
Chapter and Conference Paper
Catena Variants
Catena is a password-scrambling framework characterized by its high flexibility. The user (defender) can simply adapt the underlying (cryptographic) primitives, the underlying memory-hard function, and the time (
-
Chapter and Conference Paper
Passphone: Outsourcing Phone-Based Web Authentication While Protecting User Privacy
This work introduces Passphone, a new smartphone-based authentication scheme that outsources user verification to a trusted third party without sacrificing privacy: neither can the trusted third party learn the r...
-
Chapter and Conference Paper
Hash Functions from Defective Ideal Ciphers
Cryptographic constructions are often designed and analyzed in idealized frameworks such as the random-oracle or ideal-cipher models. When the underlying primitives are instantiated in the real world, however,...
-
Chapter and Conference Paper
Pipelineable On-line Encryption
Correct authenticated decryption requires the receiver to buffer the decrypted message until the authenticity check has been performed. In high-speed networks, which must handle large message frames at low lat...
-
Chapter and Conference Paper
Overview of the Candidates for the Password Hashing Competition
In this work we provide an overview of the candidates of the Password Hashing Competition (PHC) regarding to their functionality, e.g., client-independent update and server relief, their security, e.g., memory...
-
Chapter and Conference Paper
Differential Cryptanalysis of Round-Reduced Simon and Speck
This paper presents differential attacks on Simon and Speck, two families of lightweight block ciphers that were presented by the U.S. National Security Agency in June 2013. We describe attacks on up to slightly ...
-
Chapter and Conference Paper
A Framework for Automated Independent-Biclique Cryptanalysis
In this paper we introduce Janus, a software framework – written in Java – which is built to provide assistance in finding independent-biclique attacks for a user-chosen set of parameters, e.g., the number of rou...
-
Chapter and Conference Paper
Memory-Demanding Password Scrambling
Most of the common password scramblers hinder password-guessing attacks by “key stretching”, e.g., by iterating a cryptographic hash function many times. With the increasing availability of cheap and massively...
-
Chapter and Conference Paper
Counter-bDM: A Provably Secure Family of Multi-Block-Length Compression Functions
Block-cipher-based compression functions serve an important purpose in cryptography since they allow to turn a given block cipher into a one-way hash function. While there are a number of secure double-block-l...
-
Chapter and Conference Paper
Attacks and Security Proofs of EAX-Prime
\(\text {EAX}'\) (or EAX-prime) is an authenticated encryption (AE) specified by ANSI C12.22 as a ...
-
Chapter and Conference Paper
Improved Authenticity Bound of EAX, and Refinements
EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to O(2 n/2) data with one verification ...