Results 1  10
of
17
A Fast New DES Implementation in Software
, 1997
"... . In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses ..."
Abstract

Cited by 70 (2 self)
 Add to MetaCart
(Show Context)
. In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses a nonstandard representation, and view the processor as a SIMD computer, i.e., as 64 parallel onebit processors computing the same instruction. We also discuss the application of this implementation to other ciphers. We describe a new optimized standard implementation of DES on 64bit processors, which is about twice faster than the fastest known standard DES implementation on the same processor. Our implementations can also be used for fast exhaustive search in software, which can find a key in only a few days or a few weeks on existing parallel computers and computer networks. 1 Introduction In this paper we describe a new implementation of DES[4], which can be very efficiently executed ...
Linear cryptanalysis of substitutionpermutation networks
, 2003
"... The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of al ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of all bijective n × n sboxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this expression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with randomly selected sboxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds.
A Generalised Testbed for Analysing Block and Stream Ciphers
 in Information Security
, 1991
"... ..."
(Show Context)
Cryptanalysis of substitutionpermutation networks using keydependent degeneracy
 Cryptologia
, 1996
"... Abstract — This paper presents a novel cryptanalysis of SubstitutionPermutation Networks using a chosen plaintext approach. The attack is based on the highly probable occurrence of keydependent degeneracies within the network and is applicable regardless of the method of Sbox keying. It is shown ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract — This paper presents a novel cryptanalysis of SubstitutionPermutation Networks using a chosen plaintext approach. The attack is based on the highly probable occurrence of keydependent degeneracies within the network and is applicable regardless of the method of Sbox keying. It is shown that a large number of rounds are required before a network is resistant to the attack. Experimental results have found 64bit networks to be cryptanalyzable for as many as 8 to 12 rounds depending on the Sbox properties.
Applying Conditional Linear Cryptanalysis to Ciphers with Key Dependant Operations
"... Abstract: Linear cryptanalysis has been proven to be a powerful attack that can be applied to a number of symmetric block ciphers. However, conventional linear cryptanalysis is ineffective in attacking ciphers that use keydependent operations, such as ICE, Lucifer and SAFER. In this paper conditio ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract: Linear cryptanalysis has been proven to be a powerful attack that can be applied to a number of symmetric block ciphers. However, conventional linear cryptanalysis is ineffective in attacking ciphers that use keydependent operations, such as ICE, Lucifer and SAFER. In this paper conditional linear cryptanalysis, which uses characteristics that depend on some keybit values, is introduced. This technique and its application to symmetric ciphers are analysed. The consequences of using keydependent characteristics are explained and a formal notation of conditional linear cryptanalysis is presented. As a case study, conditional linear cryptanalysis is applied to the ICE cipher, which uses keydependant operations to improve resistance against cryptanalysis. A successful attack on ThinICE using the new technique is presented. Further, experimental work supporting the effectiveness of conditional linear cryptanalysis is also detailed.,
TWEAKABLE BLOCKCIPHERS SECURE AGAINST GENERIC EXPONENTIAL ATTACKS
, 2007
"... ii To my best friend and my parents. iii Table of Contents Acknowledgments vi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
ii To my best friend and my parents. iii Table of Contents Acknowledgments vi
Cryptographic analysis of all 4 x 4  bit sboxes
 SAC 2011. LNCS
, 2011
"... Abstract. We present cryptanalytic results of an exhaustive search of all 16! bijective 4bit SBoxes. Previously affine equivalence classes have been exhaustively analyzed in 2007 work by Leander and Poschmann. We extend on this work by giving further properties of the optimal SBox linear equivale ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present cryptanalytic results of an exhaustive search of all 16! bijective 4bit SBoxes. Previously affine equivalence classes have been exhaustively analyzed in 2007 work by Leander and Poschmann. We extend on this work by giving further properties of the optimal SBox linear equivalence classes. In our main analysis we consider two SBoxes to be cryptanalytically equivalent if they are isomorphic up to the permutation of input and output bits and a XOR of a constant in the input and output. We have enumerated all such equivalence classes with respect to their differential and linear properties. These equivalence classes are equivalent not only in their differential and linear bounds but also have equivalent algebraic properties, branch number and circuit complexity. We describe a “golden ” set of Sboxes that have ideal cryptographic properties. We also present a comparison table of SBoxes from a dozen published cryptographic algorithms.
Networks Using KeyDependent Degeneracy
"... aCryptanalysis of SubstitutionPermutation ..."
(Show Context)
Abstract RaPiDAES: Developing EncryptionSpecific FPGA Architectures
, 2002
"... Although conventional FPGAs have become indispensable tools due to their versatility and quick design cycles, their logical density, operating frequency and power requirements have limited their use. Domainspecific FPGAs attempt to improve performance over generalpurpose reconfigurable devices by i ..."
Abstract
 Add to MetaCart
(Show Context)
Although conventional FPGAs have become indispensable tools due to their versatility and quick design cycles, their logical density, operating frequency and power requirements have limited their use. Domainspecific FPGAs attempt to improve performance over generalpurpose reconfigurable devices by identifying common sets of operations and providing only the necessary flexibility needed for a range of applications. One typical optimization is the replacement of more universal finegrain logic elements with a specialized set of coarsegrain functional units. While this improves computation speed and reduces routing complexity, this also introduces a unique design problem. It is not clear how to simultaneously consider all applications in a domain and determine the most appropriate overall number and ratio of different functional units. In this paper we show how this problem manifests itself during the development of RaPiDAES, a coarsegrain, domainspecific FPGA architecture and design compiler intended to efficiently implement the fifteen candidate algorithms of the Advanced Encryption Standard competition. While we investigate the functional unit selection problem in an encryptionspecific domain, we do not believe that the causes of the problem are unique to the set of AES candidate algorithms. In order for domainspecific reconfigurable devices to performance competitively over large domain spaces in the future, we will need CAD tools that address this issue. In this paper we introduce three algorithms that