Choosing the most storage- and energy-e#cient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. In this paper, we have identified the candidates of block ciphers suitable for WSNs based on existing literature.

Abstract. This paper examines the security of AES-192 and AES-256 against a related-key rectangle attack. We find the following new attacks: 8-round reduced AES-192 with 2 related keys, 10-round reduced AES-192 with 64 or 256 related keys and 9-round reduced AES-256 with 4 related keys. Our attacks reduce the complexity of earlier attacks presented at FSE 2005 and Eurocrypt 2005: for reduced AES-192 with 8 rounds, we decrease the required number of related keys from 4 to 2 at the cost of a higher data and time complexity; we present the first shortcut attack on AES-192 reduced to 10 rounds; for reduced AES-256 with 9 rounds, we decrease the required number of related keys from 256 to 4 and both the data and time complexity at the cost of a smaller number of attacked rounds. Furthermore, we point out some flaw in the 9-round AES-192 attack presented at Eurocrypt 2005, show how to fix it and enhance the attack in terms of the number of related keys.

Abstract. In this paper we examine the strength of AES-256 against the related-key impossible differential attack, following the work in [1] and [2]. Firstly, we present a carefully chosen relation between the related keys, which can be extended to 8-round(even more rounds) subkey differences. Then, we construct a 5.5-round related-key impossible differential. Using the differential, we present an attack on 7-round AES-256 and four attacks on 8-round AES-256. Key words: AES-256, cryptanalysis, related-key differentials, impossible differentials 1

Abstract not found

Abstract. We present a 5-round distinguisher for AES. We exploit this distinguisher to develop a meet-in-the-middle attack on 7 rounds of AES-192 and 8 rounds of AES-256. We also give a time-memory tradeoff generalization of the basic attack which gives a better balancing between different costs of the attack. As an additional note, we state a new squarelike property of the AES algorithm.

University Amsterdam are required to do an internship in a company as final part of their studies. This master thesis is the result of the research I conducted during my internship at Capgemini Nederland B.V. on the topic “end-to-end encryption ” in the context of Jericho Project. My real experience in the field of information security began with my internship at Capgemini Nederland B.V. For this, I firstly, want to thank my thesis supervisor at Capgemini Nederland B.V., Marco Plas for offering me the opportunity to work in his research team and for introducing me into the exploration of this interesting subject. I am grateful for the support, objective comments, motivation and encouragements that he provided me during the internship period. Further, I would like to thank my academic supervisors, Evert Wattel and Rene Swarttouw for their guidance, support, comments, advice and encouragements they offered me in the process of writing this thesis. Moreover, I express my gratitude to Annemieke van Goor, for her support and assistance throughout all the internship period. At Capgemini Nederland B.V., I worked in the research group for Jericho Project of 5 persons, including me. I want to thank also to my colleagues from the research

ABSTRACT: Impossible differential cryptanalysis is one of the cryptanalysis methods that are applicable to the new Advanced Encryption Standard (AES). In this paper, we present an introduction to the method by applying it on Mini-AES, the mini version of the AES published in Cryptologia recently.

This paper1 analyses all 24 possible round constructions using different combinations of the four round components of the AES cipher: SubBytes, ShiftRows, AddRoundKey and MixColumns. We investigate how the different round orderings affect the security of AES against differential, linear, multiset, impossible differential and boomerang attacks. The cryptographic strenght of each cipher variant was measured by the size of each distinguisher, their probability or correlation value and the number of active S-boxes. Our analyses indicate that all these permutations of the AES components have similar cryptographic strength (concerning these five attacks), although there are implementation advantages for certain permutations. Keywords: Active S-box, AES, cryptanalysis 1

Abstract. In this paper we apply impossible differential attacks to reduced round AES. Using various techniques, including the early abort approach and key schedule considerations, we significantly improve previously known attacks due to Bahrak-Aref and Phan. The improvement of these attacks leads to the best known impossible differential attacks on 7-round AES-128 and AES-192, as well as to the best known impossible differential attacks on 8-round AES-256.

This paper describes impossible differential (ID) attacks on an AES variant designed by Venkaiah et al.. They claim that their cipher has improved resistance to ID attacks due to a new MixColumns matrix with a branch number 4, which is smaller than that of the original AES. We argue against this statement. The contributions of this paper include ID distinguishers for Venkaiah et al.’s cipher, and a discussion of the susceptibility of such variants to impossible differential and other modern cryptanalytic techniques.