Results 1  10
of
12
RIPEMD160: A Strengthened Version of RIPEMD
, 1996
"... Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the des ..."
Abstract

Cited by 131 (18 self)
 Add to MetaCart
Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the design principles of Ron Rivest’s MD4. One such proposal was RIPEMD, which was developed in the framework of the EU project RIPE (Race Integrity Primitives Evaluation). Because of recent progress in the cryptanalysis of these hash functions, we propose a new version of RIPEMD with a 160bit result, as well as a plugin substitute for RIPEMD with a 128bit result. We also compare the software performance of several MD4based algorithms, which is of independent interest. 1
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
How to Enrich the Message Space of a Cipher
 Fast Software Encryption – FSE ’07, LNCS
, 2007
"... Abstract. Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l+ s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a str ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l+ s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a strong pseudorandom permutation as long as E and E are. Our construction works even in the tweakable and VIL (variableinputlength) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provablesecurity result.
A Generalized Birthday Problem (extended abstract)
 In Advances in Cryptology – CRYPTO 2002
, 2002
"... We study a kdimensional generalization of the birthday problem: given k lists of nbit values, and some way to choose one element from each list so that the resulting k values xor to zero. For k = 2, this is just the extremely wellknown birthday problem, which has a squareroot time algorithm with ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We study a kdimensional generalization of the birthday problem: given k lists of nbit values, and some way to choose one element from each list so that the resulting k values xor to zero. For k = 2, this is just the extremely wellknown birthday problem, which has a squareroot time algorithm with many applications in cryptography. In this paper, we show new algorithms for the case k > 2: we show a cuberoot time algorithm for the case of k = 4 lists, and we give an algorithm with subexponential running time when k is unrestricted.
A Universal Encryption Standard
, 2000
"... DES and tripleDES are two wellknown and popular encryption algorithms, but they both have the same drawback: their block size is limited to 64 bits. While the cryptographic community is working hard to select and evaluate candidates and finalists for the AES (Advanced Encryption Standard) cont ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
DES and tripleDES are two wellknown and popular encryption algorithms, but they both have the same drawback: their block size is limited to 64 bits. While the cryptographic community is working hard to select and evaluate candidates and finalists for the AES (Advanced Encryption Standard) contest launched by NIST in 1997, it might be of interest to propose a secure and simple double blocklength encryption algorithm. More than in terms of key length and block size, our Universal Encryption Standard is a new construction that remains totally compliant with DES and tripleDES specifications as well as with AES requirements.
Direct Exponent and Scalar Multiplication Classes of an MDS Matrix
"... Abstract. An MDS matrix is an important building block adopted by different algorithms that provides diffusion and therefore, has been an area of active research. In this paper, we present an idea of direct exponent and direct square of a matrix. We prove that direct square of an MDS matrix results ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. An MDS matrix is an important building block adopted by different algorithms that provides diffusion and therefore, has been an area of active research. In this paper, we present an idea of direct exponent and direct square of a matrix. We prove that direct square of an MDS matrix results in an MDS matrix whereas direct exponent may not be an MDS matrix. We also delineate direct exponent class and scalar multiplication class of an MDS matrix and determine the number of elements in these classes. In the end, we discuss the standing of design properties of a cryptographic primitive by replacing MDS matrix by dynamic one.
1 The Cryptographic Hash Function RIPEMD160
"... RIPEMD160 is a fast cryptographic hash function that is tuned towards software implementations on 32bit architectures. It has evolved from the 256bit extension of MD4, which was introduced in 1990 by Ron Rivest [20, 21]. Its main design feature are two different and independent parallel chains, t ..."
Abstract
 Add to MetaCart
RIPEMD160 is a fast cryptographic hash function that is tuned towards software implementations on 32bit architectures. It has evolved from the 256bit extension of MD4, which was introduced in 1990 by Ron Rivest [20, 21]. Its main design feature are two different and independent parallel chains, the result of
Turbo SHA2
"... Abstract. In this paper we describe the construction of Turbo SHA2 family of cryptographic hash functions. They are built with design components from the SHA2 family, but the new hash function has three times more chaining variables, it is more robust and resistant against generic multiblock coll ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this paper we describe the construction of Turbo SHA2 family of cryptographic hash functions. They are built with design components from the SHA2 family, but the new hash function has three times more chaining variables, it is more robust and resistant against generic multiblock collision attacks, its design is resistant against generic length extension attacks and it is 2 8 times faster than the original SHA2. It uses two novel design principles in the design of hash functions: 1. Computations in the iterative part of the compression function start by using variables produced in the message expansion part that have the complexity level of a random Boolean function, 2. Variables produced in the message expansion part are not discarded after the processing of the current message block, but are used for the construction of the three times wider chain for the next message block. These two novel principles combined with the already robust design principles present in SHA2 (such as the nonlinear message expansion part), enabled us to build the compression function of Turbo SHA2 that has just 16 new variables in the message expansion part (compared to 48 for SHA256 and 64 for SHA512) and just 8 rounds in the iterative part (compared to 64 for SHA256 and 80 for SHA512). Key words: Cryptographic hash function, SHA2, Turbo SHA2 1
Contents
, 2007
"... Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l + s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a strong pseudo ..."
Abstract
 Add to MetaCart
Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l + s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a strong pseudorandom permutation as long as E and E are. Our construction works even in the tweakable and VIL (variableinputlength) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provablesecurity result.