Differential and linear cryptanalysis using mixed-integer linear programming
Differential and linear cryptanalysis are two of the most powerful techniques to analyze
symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a …
symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a …
Truncated boomerang attacks and application to AES-based ciphers
The boomerang attack is a cryptanalysis technique that combines two short differentials
instead of using a single long differential. It has been applied to many primitives, and results …
instead of using a single long differential. It has been applied to many primitives, and results …
[PDF][PDF] New techniques for trail bounds and application to differential trails in Keccak
We present new techniques to efficiently scan the space of high-probability differential trails
in bit-oriented ciphers. Differential trails consist in sequences of state patterns that we …
in bit-oriented ciphers. Differential trails consist in sequences of state patterns that we …
[PDF][PDF] A Proof that the ARX Cipher Salsa20 is Secure against Differential Cryptanalysis.
An increasing number of cryptographic primitives are built using the ARX operations:
addition modulo 2n, bit rotation and XOR. Because of their very fast performance in software …
addition modulo 2n, bit rotation and XOR. Because of their very fast performance in software …
Security Analysis of BLAKE2's Modes of Operation
BLAKE2 is a hash function introduced at ACNS 2013, which has been adopted in many
constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received …
constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received …
On the impact of known-key attacks on hash functions
Hash functions are often constructed based on permutations or blockciphers, and security
proofs are typically done in the ideal permutation or cipher model. However, once these …
proofs are typically done in the ideal permutation or cipher model. However, once these …
Boomerang distinguisher for the SIMD-512 compression function
In this paper, we present a distinguisher for the permutation of SIMD-512 with complexity 2
226.52. We extend the attack to a distinguisher for the compression function with complexity …
226.52. We extend the attack to a distinguisher for the compression function with complexity …
[PDF][PDF] Automated techniques for hash function and block cipher cryptanalysis
N Mouha - Belgium: Khatolieke Universiteit Leuven, 2012 - mouha.be
When is a system secure? Although the question may seem easy, the answer turns out to be
very difficult. Take a mobile phone for example. It's quite straightforward to test if the device …
very difficult. Take a mobile phone for example. It's quite straightforward to test if the device …
A unified indifferentiability proof for permutation-or block cipher-based hash functions
In the recent years, several hash constructions have been introduced that aim at achieving
enhanced security margins by strengthening the Merkle-Damgård mode. However, their …
enhanced security margins by strengthening the Merkle-Damgård mode. However, their …
Grøstl distinguishing attack: a new rebound attack of an AES-like permutation
V Cauchois, C Gomez, R Lercier - IACR Transactions on Symmetric …, 2017 - tosc.iacr.org
We consider highly structured truncated differential paths to mount a new rebound attack on
Grøstl-512, a hash functions based on two AES-like permutations, P 1024 and Q 1024, with …
Grøstl-512, a hash functions based on two AES-like permutations, P 1024 and Q 1024, with …