-
Chapter and Conference Paper
Lower Bounds on the Degree of Block Ciphers
Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower...
-
Chapter and Conference Paper
Modeling for Three-Subset Division Property Without Unknown Subset
A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers,...
-
Chapter and Conference Paper
Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems
The security and performance of many integrity proof systems like SNARKs, STARKs and Bulletproofs highly depend on the underlying hash function. For this reason several new proposals have recently been develop...
-
Chapter and Conference Paper
Improved Differential-Linear Attacks with Applications to ARX Ciphers
We present several improvements to the framework of differential-linear attacks with a special focus on ARX ciphers. As a demonstration of their impact, we apply them to Chaskey and ChaCha and we are able to s...
-
Article
Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64
In this paper, we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers...
-
Chapter and Conference Paper
Programming the Demirci-Selçuk Meet-in-the-Middle Attack with Constraints
Cryptanalysis with SAT/SMT, MILP and CP has increased in popularity among symmetric-key cryptanalysts and designers due to its high degree of automation. So far, this approach covers differential, linear, impo...
-
Chapter and Conference Paper
Fast Correlation Attack Revisited
A fast correlation attack (FCA) is a well-known cryptanalysis technique for LFSR-based stream ciphers. The correlation between the initial state of an LFSR and corresponding key stream is exploited, and the go...
-
Chapter and Conference Paper
Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly
The cube attack is an important technique for the cryptanalysis of symmetric key primitives, especially for stream ciphers. Aiming at recovering some secret key bits, the adversary reconstructs a superpoly wit...
-
Article
Integral Cryptanalysis on Full MISTY1
MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY...
-
Chapter and Conference Paper
Gimli : A Cross-Platform Permutation
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32-bit ARM smartphone...
-
Chapter and Conference Paper
Cube Attacks on Non-Blackbox Polynomials Based on Division Property
The cube attack is a powerful cryptanalytic technique and is especially powerful against stream ciphers. Since we need to analyze the complicated structure of a stream cipher in the cube attack, the cube attac...
-
Chapter and Conference Paper
New Differential Bounds and Division Property of Lilliput: Block Cipher with Extended Generalized Feistel Network
This paper provides security analysis of lightweight block cipher Lilliput, which is an instantiation of extended generalized Feistel network (EGFN) developed by Berger et al. at SAC 2013. Its round function upda...
-
Chapter and Conference Paper
GIFT: A Small Present
In this article, we revisit the design strategy of PRESENT, leveraging all the advances provided by the research community in construction and cryptanalysis since its publication, to push the design up to its lim...
-
Chapter and Conference Paper
New Impossible Differential Search Tool from Design and Cryptanalysis Aspects
In this paper, a new tool searching for impossible differentials is presented. Our tool can detect any contradiction between input and output differences. It can also take into account the property inside the ...
-
Chapter and Conference Paper
Nonlinear Invariant Attack
In this paper we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers
-
Chapter and Conference Paper
Bit-Based Division Property and Application to Simon Family
Ciphers that do not use S-boxes have been discussed for the demand on lightweight cryptosystems, and their round functions consist of and, rotation, and xor. Especially, the Simon family is one of the most famous...
-
Chapter and Conference Paper
Wide Trail Design Strategy for Binary MixColumns
AES is one of the most common block ciphers and many AES-like primitives have been proposed. Recently, many lightweight symmetric-key cryptographic primitives have also been proposed. Some such primitives requ...
-
Chapter and Conference Paper
Integral Cryptanalysis on Full MISTY1
MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY...
-
Chapter and Conference Paper
Structural Evaluation by Generalized Integral Property
In this paper, we show structural cryptanalyses against two popular networks, i.e., the Feistel Network and the Substitute-Permutation Network (SPN). Our cryptanalyses are distinguishing attacks by an improved...
-
Chapter and Conference Paper
Practical Cryptanalysis of a Public-Key Encryption Scheme Based on New Multivariate Quadratic Assumptions
In this paper, we investigate the security of a public-key encryption scheme introduced by Huang, Liu and Yang (HLY) at PKC’12. This new scheme can be provably reduced to the hardness of solving a set of quadr...
