Results 1 
5 of
5
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
MARS Attacks! Preliminary Cryptanalysis of ReducedRound MARS Variants
 Variants, in The Third AES Candidate Conference, printed by the National Institute of Standards and Technology
"... . In this paper, we discuss ways to attack various reducedround variants of MARS. We consider cryptanalysis of two reducedround variants of MARS: MARS with the full mixing layers but fewer core rounds, and MARS with each of the four kinds of rounds reduced by the same amount. We develop some new ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
. In this paper, we discuss ways to attack various reducedround variants of MARS. We consider cryptanalysis of two reducedround variants of MARS: MARS with the full mixing layers but fewer core rounds, and MARS with each of the four kinds of rounds reduced by the same amount. We develop some new techniques for attacking both of these MARS variants. Our best attacks break MARS with full mixing and five core rounds (21 rounds total), and MARS symmetrically reduced to twelve rounds (3 of each kind of round). 1 Introduction MARS [BCD+98] is a block cipher submitted by IBM to the AES [NIST97a] [NIST97b], and one of the five finalists for AES. The cipher has an unconventional structure, consisting of a cryptographic "core" in the middle, and a "wrapper" surrounding the core to protect it from various kinds of attack. As with all ciphers, the only way we know to determine the strength of MARS is to try to cryptanalyze various weakened versions of it. In this paper, we discuss attack...
TRAFFIC STREAM CHARACTERISTICS 4
"... k density of a traffic stream in a specified length of road L length of vehicles of uniform length c constant of proportionality between occupancy and k density, under certain simplifying assumptions k the (average) density of vehicles in substream I i q the average rate of flow of vehicles in subst ..."
Abstract
 Add to MetaCart
k density of a traffic stream in a specified length of road L length of vehicles of uniform length c constant of proportionality between occupancy and k density, under certain simplifying assumptions k the (average) density of vehicles in substream I i q the average rate of flow of vehicles in substream I i � average speed of a set of vehicles A A(x,t) the cumulative vehicle arrival function over space and time k jam density, i.e. the density when traffic is so heavy that j it is at a complete standstill
Cryptanalysis of FROG
, 1999
"... We examine some attacks on the FROG cipher. First we give a differential attack which uses about 2 chosen plaintexts and very little time for the analysis; it works for about 2 of the keyspace. Then we describe a linear attack which uses 2 known texts and works for of the keyspace. Th ..."
Abstract
 Add to MetaCart
We examine some attacks on the FROG cipher. First we give a differential attack which uses about 2 chosen plaintexts and very little time for the analysis; it works for about 2 of the keyspace. Then we describe a linear attack which uses 2 known texts and works for of the keyspace. The linear attack can also be converted to a ciphertextonly attack using 2 known ciphertexts. Also, the decryption function of FROG is a lot weaker than the encryption function. We show
yCounterpane Systems zCounterpane Systems
, 1999
"... Abstract We examine some attacks on the FROG cipher. First we give a differential attack which uses about 258 chosen plaintexts and very little time for the analysis; it works for about 2 \Gamma 33:0 of the keyspace. Then we describe a linear attack which uses 256 known texts and works for 2 \Gamma ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We examine some attacks on the FROG cipher. First we give a differential attack which uses about 258 chosen plaintexts and very little time for the analysis; it works for about 2 \Gamma 33:0 of the keyspace. Then we describe a linear attack which uses 256 known texts and works for 2 \Gamma 31:8 of the keyspace. The linear attack can also be converted to a ciphertextonly attack using 264 known ciphertexts. Also, the decryption function of FROG is a lot weaker than the encryption function. We show a differential attack on the decryption function that requires 236 chosen ciphertexts and works on 2 \Gamma 29:3 of the keyspace. Using our best attack an attacker with a sufficient number of cryptanalytical targets can expect to recover his first key material after 256:7 work.