-
Article
Combining MILP modeling with algebraic bias evaluation for linear mask search: improved fast correlation attacks on SNOW
The Mixed Integer Linear Programming (MILP) technique has been widely applied in the realm of symmetric-key cryptanalysis. In this paper, we propose a new bitwise breakdown MILP modeling strategy for describin...
-
Article
Guess-and-determine attacks on SNOW-Vi stream cipher
Recently, a faster variant of SNOW-V, called SNOW-Vi, was proposed for fast enough performance not only in cloud settings but also on low grade CPUs, in response to the requirements of confidentiality and inte...
-
Chapter and Conference Paper
Horst Meets Fluid-SPN: Griffin for Zero-Knowledge Applications
Zero-knowledge (ZK) applications form a large group of use cases in modern cryptography, and recently gained in popularity due to novel proof systems. For many of these applications, cryptographic hash functio...
-
Chapter and Conference Paper
Key Filtering in Cube Attacks from the Implementation Aspect
In cube attacks, key filtering is a basic step of identifying the correct key candidates by referring to the truth tables of superpolies. When terms of superpolies get massive, the truth table lookup complexit...
-
Article
Modeling for Three-Subset Division Property without Unknown Subset
A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers, ...
-
Chapter and Conference Paper
Revisit Two Memoryless State-Recovery Cryptanalysis Methods on A5/1
At ASIACRYPT 2019, Zhang proposes a near collision attack on A5/1. He claims that such an attack method can recover the 64-bit A5/1 state with a time complexity around
-
Chapter and Conference Paper
FAN: A Lightweight Authenticated Cryptographic Algorithm
The wide application of the low-end embedded devices has largely stimulated the development of lightweight ciphers. In this paper, we propose a new lightweight authenticated encryption with additional data (AE...
-
Article
Stream cipher designs: a review
Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advantages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or ...
-
Chapter and Conference Paper
Modeling for Three-Subset Division Property Without Unknown Subset
A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers,...
-
Chapter and Conference Paper
Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly
The cube attack is an important technique for the cryptanalysis of symmetric key primitives, especially for stream ciphers. Aiming at recovering some secret key bits, the adversary reconstructs a superpoly wit...
-
Article
Truncated differential based known-key attacks on round-reduced SIMON
At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight block cipher with an SPN structure. The truncated difference th...
-
Chapter and Conference Paper
Cube Attacks on Non-Blackbox Polynomials Based on Division Property
The cube attack is a powerful cryptanalytic technique and is especially powerful against stream ciphers. Since we need to analyze the complicated structure of a stream cipher in the cube attack, the cube attac...
-
Article
Evaluate the security margins of SHA-512, SHA-256 and DHA-256 against the boomerang attack
For an n-bit random permutation, there are three types of boomerang distinguishers, denoted as Type I, II and III, with generic complexities 2 n , 2 ...
-
Chapter and Conference Paper
The Boomerang Attacks on BLAKE and BLAKE2
In this paper, we study the security margins of hash functions BLAKE and BLAKE2 against the boomerang attack. We launch boomerang attacks on all four members of BLAKE and BLAKE2, and compare their complexities...
-
Chapter and Conference Paper
A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique
This paper describes a meet-in-the-middle (MITM) attack against the round reduced versions of the block cipher mCrypton-64/96/ 128. We construct a 4-round distinguisher and lower the memory requirement from 2100 ...