Results 1  10
of
20
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 72 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
The wide trail design strategy
 in Proceedings of the 8th IMA International Conference on Cryptography and Coding (IMA ’01
, 2001
"... Abstract. We explain the theoretical background of the wide trail design strategy, which was used to design Rijndael, the Advanced Encryption Standard (AES). In order to facilitate the discussion, we introduce our own notation to describe differential and linear cryptanalysis. We present a block cip ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We explain the theoretical background of the wide trail design strategy, which was used to design Rijndael, the Advanced Encryption Standard (AES). In order to facilitate the discussion, we introduce our own notation to describe differential and linear cryptanalysis. We present a block cipher structure and prove bounds on the resistance against differential and linear cryptanalysis. 1
The Cipher SHARK
 FAST SOFTWARE ENCRYPTION, THIRD INTERNATIONAL WORKSHOP
, 1996
"... We present the new block cipher SHARK. This cipher combines highly nonlinear substitution boxes and maximum distance separable error correcting codes (MDScodes) to guarantee a good diffusion. The cipher is resistant against differential and linear cryptanalysis after a small number of rounds ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
We present the new block cipher SHARK. This cipher combines highly nonlinear substitution boxes and maximum distance separable error correcting codes (MDScodes) to guarantee a good diffusion. The cipher is resistant against differential and linear cryptanalysis after a small number of rounds. The structure of SHARK is such that a fast software implementation is possible, both for the encryption and the decryption. Our Cimplementation of SHARK runs more than four times faster than SAFER and IDEA on a 64bit architecture.
Recent Developments in the Design of Conventional Cryptographic Algorithms
 Computer Security and Industrial Cryptography  State of the Art and Evolution, LNCS
, 1998
"... This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.
RelatedKey Cryptanalysis of 3WAY, BihamDES,CAST, DESX, NewDES, RC2, and TEA
 DES, RC2, and TEA, Proceedings of the 1997 International Conference on Information and Communications Security
, 1997
"... We present new relatedkey attacks on the block ciphers 3WAY, BihamDES, CAST, DESX, NewDES, RC2, and TEA. Dierential relatedkey attacks allow both keys and plaintexts to be chosen with speci c dierences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
We present new relatedkey attacks on the block ciphers 3WAY, BihamDES, CAST, DESX, NewDES, RC2, and TEA. Dierential relatedkey attacks allow both keys and plaintexts to be chosen with speci c dierences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the diculties of the individual algorithms. We also give speci c design principles to protect against these attacks.
Performance of block ciphers and hash functions—one year later, Fast Software Encryption
 Lecture Notes in Computer Science
, 1994
"... ..."
(Show Context)
On random pattern testability of cryptographic VLSI cores
 Proc. of IEEE European Test Workshop
, 1999
"... In this paper we show, that the statistical qualities of cryptographic basic operations are the reason for the excellent pseudorandom testability of cryptographic processor cores. For the examination typical basic operations of modern cryptographic algorithms are categorized in classes and analyzed ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
In this paper we show, that the statistical qualities of cryptographic basic operations are the reason for the excellent pseudorandom testability of cryptographic processor cores. For the examination typical basic operations of modern cryptographic algorithms are categorized in classes and analyzed regarding their pseudorandom properties. Exemplary, a global BIST for a cryptographic processor core based on the symmetric block encryption algorithm 3WAY is developed and analyzed. Finally, the quality of the proposed test architecture is determined by fault simulations. 1.
Cryptographic Hash Functions
 In Handbook of Information and Communication Security. Peter Stavroulakis, Mark Stamp, Editors. Springer First edition
"... Abstract. 1 This paper presents a new hash function design, which is different from the popular designs of the MD4family. Seen in the light of recent attacks on MD4, MD5, SHA0, SHA1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concre ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract. 1 This paper presents a new hash function design, which is different from the popular designs of the MD4family. Seen in the light of recent attacks on MD4, MD5, SHA0, SHA1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concrete hash function design named SMASH. One version has a hash code of 256 bits and appears to be at least as fast as SHA256. 1