Results 1  10
of
12
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
A HighPerformance Flexible Architecture for Cryptography
 1717 in Lecture Notes in Computer Science
, 1999
"... . Cryptographic algorithms are more efficiently implemented in custom hardware than in software running on generalpurpose processors. However, systems which use hardware implementations have significant drawbacks: they are unable to respond to flaws discovered in the implemented algorithm or to cha ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
. Cryptographic algorithms are more efficiently implemented in custom hardware than in software running on generalpurpose processors. However, systems which use hardware implementations have significant drawbacks: they are unable to respond to flaws discovered in the implemented algorithm or to changes in standards. In this paper we show how reconfigurable computing offers high performance yet flexible solutions for cryptographic algorithms. We focus on PipeRench, a reconfigurable fabric that supports implementations which can yield better than customhardware performance and yet maintains all the flexibility of software based systems. PipeRench is a pipelined reconfigurable fabric which virtualizes hardware, enabling large circuits to be run on limited physical hardware. We present implementations for Crypton, IDEA, RC6, and Twofish on PipeRench and an extension of PipeRench, PipeRench . We also describe how various proposed AES algorithms could be implemented on PipeRe...
Energy, Performance, Area Versus Security Tradeoffs for Stream Ciphers
 In The State of the Art of Stream Ciphers, Workshop Record (2004), ECRYPT
, 2004
"... The goal of this submission is to provide a framework and platform to compare stream ciphers not only on their security level but also based on their energy consumption, performance and area cost. We describe the basic hardware assumptions, give the area, delay and power consumption values of some e ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The goal of this submission is to provide a framework and platform to compare stream ciphers not only on their security level but also based on their energy consumption, performance and area cost. We describe the basic hardware assumptions, give the area, delay and power consumption values of some existing stream ciphers and give guidelines for the designs of future algorithms. Keywords: E0, A5/1, RC4, hardware implementation, power consumption 1
Cryptanalysis of SPEED
"... . The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper cryptanalyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
. The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper cryptanalyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing mode using differential relatedkey techniques, and propose a differential attack on 48round SPEED. These results raise some significant questions about the security of the SPEED design. 1 Introduction In Financial Cryptography '97, Zheng proposed a new family of block ciphers, called SPEED [12]. One specifies a particular SPEED cipher by choosing parameters such as the block size and number of rounds; the variations are otherwise alike in their key schedule and round structure. Under the hood, SPEED is built out of an unbalanced Feistel network. Zheng also proposed a hash function based on running a SPEED block cipher in a slightly modified DaviesMeyer mode. One of the main contributions of t...
Improved Collision and Preimage Resistance Bounds on PGV Schemes
"... most basic ways to construct a hash function from a block cipher, and regarded 12 of those 64 schemes as secure. Black, Pogaway and Shrimpton[3](BRS) provided a formal and quantitative treatment of those 64 constructions and proved that, in blackbox model, the 12 schemes ( group − 1) that PGV singl ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
most basic ways to construct a hash function from a block cipher, and regarded 12 of those 64 schemes as secure. Black, Pogaway and Shrimpton[3](BRS) provided a formal and quantitative treatment of those 64 constructions and proved that, in blackbox model, the 12 schemes ( group − 1) that PGV singled out as secure really are secure. By stepping outside of the MerkleDamg˚ard[4] approach to analysis, an additional 8 (group − 2) of the 64 schemes are just as collision resistant as the first group of schemes. Tight upper and lower bounds on collision resistance of those 20 schemes were given. In this paper, those collision resistance and preimage resistance bounds are improved, which shows that, in black box model, collision bounds of those 20 schemes are same. In Group − 1 schemes, 8 out of 12 can find fixed point easily. Bounds on second preimage, multicollisions of Joux[6], fixedpoint multicollisons[8] and combine of the two kinds multicollisions are also given. From those bound, Group − 1 schemes can also be deviled into two group. Key Words: Hash Function, Block Cipher, MD Construction 1
New Integrated proof method on Iterated Hash Structure and New Structures
, 2006
"... A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepipe hash and 3c hash and know the requirement of true design on compression function, and give a new recommend structure. At last, we give new hash structure, MAC structure, encryption model, which use same block cipher round function and key schedule algorithm, the security proofs on those structures are given.
FHASH: Securing Hash Functions Using Feistel Chaining”, Cryptology ePrint Archive
"... Abstract. The Feistel structure is wellknown as a good structure for building block ciphers, due to its property of invertibility. It can be made noninvertible by fixing the left half of the input to 0, and by discarding the left half of the output bits. It then becomes suitable as a hash function ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. The Feistel structure is wellknown as a good structure for building block ciphers, due to its property of invertibility. It can be made noninvertible by fixing the left half of the input to 0, and by discarding the left half of the output bits. It then becomes suitable as a hash function construction. This paper uses the structure to build a hash function called FHash, which is immune to recent attack styles. Generally the security of such structures is discussed using Random Oracle Models. In this paper, a more precise evaluation method, based upon conditional probability, is given.
An FPGABased Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists
"... The technical analysis used in determining which ofthe potential Advanced Encryption Standard candidates was selected as the Advanced Encryption Algorithm includes efciency testing of both hardware and software implementations of candidate algorithms. Reprogrammable devices such as Field Programmabl ..."
Abstract
 Add to MetaCart
The technical analysis used in determining which ofthe potential Advanced Encryption Standard candidates was selected as the Advanced Encryption Algorithm includes efciency testing of both hardware and software implementations of candidate algorithms. Reprogrammable devices such as Field Programmable Gate Arrays (FPGAs) are highly attractive optionsfor hardware implementations of encryption algorithms as they provide cryptographic algorithm agility, physical security, and potentially much higher performance than software solutions. This contribution investigates the signi cance of FPGA implementations of the Advanced Encryption Standard candidate algorithms. Multiple architectural implementation options are explored for each algorithm. A strong focus is placed on high throughput implementations, which are required to support security for current and future high bandwidth applications. Finally,the implementations of each algorithm will be compared in an e ort to determine the most suitable candidate for hardware implementation within commercially available FPGAs. Keywords: cryptography, algorithmagility, FPGA, block cipher, VHDL
An Approach to full User Data Integrity Protection in UMTS Access Networks
"... During development of the UMTS security standard, 3GPP had to take various constraining aspects, like bandwidth and limited hardware, into account, so there were compromises made in security. One such compromise is the absence of a full userdata integrity protection mechanism. In this paper an appro ..."
Abstract
 Add to MetaCart
During development of the UMTS security standard, 3GPP had to take various constraining aspects, like bandwidth and limited hardware, into account, so there were compromises made in security. One such compromise is the absence of a full userdata integrity protection mechanism. In this paper an approach is made to a full user data integrity protection mechanism in the UMTS access network. The current integrity threats and existing solutions are examined for both typical networks as well as for the UMTS standard. The abovementioned solutions are compared on their relevant characteristics (security level and performance). With the requirements of UMTS networking in mind, the most suitable solution is selected and the consequences for performance and security in the UMTS access network are assessed.
Revised: Block Cipher Based Hash Function Construction From PGV
"... Abstract. Preneel, Govaerts, and Vandewalle[12] considered the 64 most basic ways to construct a hash function from a block cipher, and regarded 12 of these 64 schemes as secure. Black, Pogaway and Shrimpton[3] proved that, in blackbox model, the 12 schemes that PGV singled out as secure really are ..."
Abstract
 Add to MetaCart
Abstract. Preneel, Govaerts, and Vandewalle[12] considered the 64 most basic ways to construct a hash function from a block cipher, and regarded 12 of these 64 schemes as secure. Black, Pogaway and Shrimpton[3] proved that, in blackbox model, the 12 schemes that PGV singled out as secure really are secure and given tight upper and lower bounds on their collision resistance. And also they pointed out, by stepping outside of the MerkleDamgard[5] approach to analysis, an additional 8 of the 64 schemes are just as collision resistant as the first group of schemes. In this paper we point out that the 12 compression functions that PGV singled out are free start collision resistant and others are not, the additional 8 compression functions are only fix start collision resistant as singled out by BRS, the hash functions based on those 20 schemes are fix start collision resistant, the upper bound of collision resistance and preimage resistant are given based on conditional probability of P  ( y), YK  = k 1 YX = x P ( y) of compression function, not based on assumption of random oracle model, the bounds have more practical value than the bounds given by BRS. In view point of collision resistant, the best 4 schemes are not among the 12 schemes singled by PGV, and among the 8 schemes point out by BRS, and block cipher E itself is the best compression to build a collision resistant hash function. At the end of the paper, two recommend structure of block cipher based hash function are given, and a prove of their securities are also given.