Publicaties
Gekozen filters:
Gekozen filters:
White-box Design and Black-box Cryptanalysis of ARX Ciphers KU Leuven
As cryptography is becoming ubiquitous in our digital systems, cryptographic implementations are being deployed in unprotected devices that might get compromised by malicious parties. However, cryptographic primitives are designed to provide security in the black-box model, where attackers can only tamper with the inputs and outputs of the primitive, but they do not offer protection against white-box attackers, who can gain full control over the ...
Parallelizable and Authenticated Online Ciphers KU Leuven
Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware.We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per ...
On the Indifferentiability of Key-Alternating Ciphers KU Leuven
The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KAtconsists of a small number t of fixed permutations Pion n bits, separated by key addition: KAt(K, m) = kt⊕ Pt(...k2⊕ P2(k1⊕ P1(k0⊕ m))...), where, (k0..., kt) are obtained from the master key K using some key derivation function. For t = 1, ...
Fault Analysis of the ChaCha and Salsa Families of Stream Ciphers KU Leuven
© Springer International Publishing AG, part of Springer Nature 2018. We present a fault analysis study of the ChaCha and Salsa families of stream ciphers. We first show that attacks like differential fault analysis that are common in the block cipher setting are not applicable against these families of stream ciphers. Then we propose two novel fault attacks that can be used against any variant of the ciphers. We base our attacks on two ...
New Insights on AES-Like SPN Ciphers KU Leuven
© International Association for Cryptologic Research 2016. It has been proved in Eurocrypt 2016 by Sun et al. that if the details of the S-boxes are not exploited, an impossible differential and a zero-correlation linear hull can extend over at most 4 rounds of the AES. This paper concentrates on distinguishing properties of AES-like SPN ciphers by investigating the details of both the underlying S-boxes and the MDS matrices, and illustrates ...
New criteria for linear maps in AES-like ciphers KU Leuven
In this paper, we study a class of linear transformations that are used as mixing maps in block ciphers. We address the question which properties of the linear transformation affect the probability of differentials and characteristics over Super boxes. Besides the expected differential probability (EDP), we also study the fixed-key probability of characteristics, denoted by DP[k]. We define plateau characteristics, where the dependency on the ...
Optimal Collision Security in Double Block Length Hashing with Single Length Key KU Leuven
© 2016, Springer Science+Business Media New York. The idea of double block length hashing is to construct a compression function on 2n bits using a block cipher with an n-bit block size. All optimally secure double block length hash functions known in the literature employ a cipher with a key space of double block size, 2n-bit. On the other hand, no optimally secure compression functions built from a cipher with an n-bit key space are known. Our ...
Optimal Collision Security in Double Block Length Hashing with Single Length Key KU Leuven
The idea of double block length hashing is to construct a compression function on 2n bits using a block cipher with an n-bit block size. All optimally secure double length hash functions known in the literature employ a cipher with a key space of double block size, 2n-bit. On the other hand, no optimally secure compression functions built from a cipher with an n-bit key space are known. Our work deals with this problem. Firstly, we prove that ...