-
Chapter and Conference Paper
Implicit Key-Stretching Security of Encryption Schemes
When keys are small or parts thereof leak, key-recovery attacks on symmetric-key primitives still pose a plausible threat. Key stretching is one well-known means to throttle potential adversaries, where stretc...
-
Chapter and Conference Paper
Cryptanalysis of ForkAES
Forkciphers are a new kind of primitive proposed recently by Andreeva et al. for efficient encryption and authentication of small messages. They fork the middle state of a cipher and encrypt it twice under two...
-
Article
POEx: A beyond-birthday-bound-secure on-line cipher
On-line ciphers are convenient building blocks for realizing efficient single- pass encryption. In particular, the trend to limit the consequences of nonce reuses rendered them popular in recent authenticated ...
-
Chapter and Conference Paper
The Collision Security of MDC-4
There are four somewhat classical double length block cipher based compression functions known: MDC-2, MDC-4, Abreast-DM, and Tandem-DM. They all have been developed over 20 years ago. In recent years, cryptograp...
-
Chapter and Conference Paper
Related-Key Rectangle Attack of the Full HAS-160 Encryption Mode
In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korean industry. The structure of HAS-160 is similar to ...
-
Chapter and Conference Paper
On the Security of Tandem-DM
We provide the first proof of security for Tandem-DM, one of the oldest and most well-known constructions for turning a block cipher with n-bit block length and 2n-bit key length into a 2n-bit cryptographic hash ...
-
Chapter and Conference Paper
Security of Cyclic Double Block Length Hash Functions
We provide a proof of security for a huge class of double block length hash function that we will call Cyclic-DM. Using this result, we are able to give a collision resistance bound for Abreast-DM, one of the old...
-
Chapter and Conference Paper
Improved Generic Algorithms for 3-Collisions
An r-collision for a function is a set of r distinct inputs with identical outputs. Actually finding r-collisions for a random map over a finite set of cardinality N requires at least about N (r −...
-
Article
Auf dem Weg zu neuen Hashfunktionen
Die Jahre 2004 bis 2006 waren in Bezug auf kryptographische Hashfunktionen dramatisch: Angriffe auf die leider immer noch weithin genutzte Hashfunktion MD5 wurden so verbessert, dass sie sich auf einem PC binn...
-
Chapter and Conference Paper
How to turn a PIN into an Iron Beam
It is a hazardous fact of life that users are hardly ever willing and able to memorise strong passwords or long personal identification numbers (PINs). This paper describes a variant of the “open key exchange”...
-
Chapter and Conference Paper
On the Minimal Hardware Complexity of Pseudorandom Function Generators
A set F of Boolean functions is called a pseudorandom function gen- erator(PRFG) if communicating with a randomly chosen secret function from F cannot be efficiently distinguished from communicating with a tru...
-
Chapter
Combining Authentication and Lightweight Payment for Active Networks
Security functions are of critical importance for the acceptance of Active Networks in practice: network nodes must be protected from malicious code, and they should account for the cost of executing code; thi...
-
Chapter
How to Make DES-Based Smartcards Fit for the 21-St Century
With its 56-bit key size, the data encryption standard (DES) seems to be at end of its useful lifetime. Also, the 64-bit DES block size is dangerously small for some applications. We discuss techniques such as...
-
Chapter and Conference Paper
Fast Multimedia Encryption in JAVA
Multimedia applications often serve high-bandwidth channels. Thus, if encryption is required, cryptographic security often conflicts with efficiency. In the current paper, we consider the effciency of unbalanced ...