Results 1 
7 of
7
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 50 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Relationships among nonlinearity criteria
 In Advances in Cryptology  EUROCRYPT'94, volume 950, Lecture Notes in Computer Science
, 1995
"... Abstract. An important question in designing cryptographic functions including substitution boxes (Sboxes) is the relationships among the various nonlinearity criteria each of which indicates the strength or weakness of a cryptographic function against a particular type of cryptanalytic attacks. In ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
Abstract. An important question in designing cryptographic functions including substitution boxes (Sboxes) is the relationships among the various nonlinearity criteria each of which indicates the strength or weakness of a cryptographic function against a particular type of cryptanalytic attacks. In this paper we reveal, for the rst time, interesting connections among the strict avalanche characteristics, di erential characteristics, linear structures and nonlinearity of quadratic Sboxes. In addition, we show that our proof techniques allow us to treat in a uni ed fashion all quadratic permutations, regardless of the underlying construction methods. This greatly simpli es the proofs for a number of known results on nonlinearity characteristics of quadratic permutations. As a byproduct, we obtain a negative answer to an open problem regarding the existence of di erentially 2uniform quadratic permutations on an even dimensional vector space. 1 Nonlinearity Criteria
Improving the strict avalanche characteristics of cryptographic functions
 Information Processing Letters
, 1994
"... This paper presents a simple yet e ective method for transforming Boolean functions that do not satisfy the strict avalanche criterion (SAC) into ones that satisfy the criterion. Such a method has a wide range of applications in designing cryptographically strong functions, including substitution bo ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
This paper presents a simple yet e ective method for transforming Boolean functions that do not satisfy the strict avalanche criterion (SAC) into ones that satisfy the criterion. Such a method has a wide range of applications in designing cryptographically strong functions, including substitution boxes (Sboxes) employed by common key block encryption algorithms.
Cheating Prevention in Secret Sharing over ...
 In Indocrypt 2001, volume 2247 of LNCS, pages 79 – 90
, 2001
"... The work investigates cheating prevention in secret sharing. It is argued that cheating is immune against cheating if the cheaters gain no advantage over honest participants by submitting invalid shares to the combiner. This work addresses the case when shares and the secret are taken from GF (p t ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The work investigates cheating prevention in secret sharing. It is argued that cheating is immune against cheating if the cheaters gain no advantage over honest participants by submitting invalid shares to the combiner. This work addresses the case when shares and the secret are taken from GF (p t ). Two models are considered. The rst one examines the case when cheaters consistently submit always invalid shares. The second model deals with cheaters who submit a mixture of valid and invalid shares. For these two models, cheating immunity is dened, properties of cheating immune secret sharing are investigated and their constructions are given.
Constructions of Cheating Immune Secret Sharing
 Discrete Mathematics and Theoretical Computer Science, 6:253 – 264
, 2001
"... The work addresses the problem of cheating prevention in secret sharing. Two cheating scenarios are considered. In the rst one, the cheaters always submit invalid shares to the combiner. In the second one, the cheaters collectively decide which shares are to be modied so the combiner gets a mixt ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The work addresses the problem of cheating prevention in secret sharing. Two cheating scenarios are considered. In the rst one, the cheaters always submit invalid shares to the combiner. In the second one, the cheaters collectively decide which shares are to be modied so the combiner gets a mixture of valid and invalid shares from the cheaters.
DFCv2
, 2000
"... The development process of the Advanced Encryption Standard (AES) was launched in 1997 by the US government through NIST. The Decorrelated Fast Cipher (DFC) was the CNRS proposal for the AES, among 14 other candidates in 1998. It was based on the recent decorrelation theory, to obtain certain securi ..."
Abstract
 Add to MetaCart
The development process of the Advanced Encryption Standard (AES) was launched in 1997 by the US government through NIST. The Decorrelated Fast Cipher (DFC) was the CNRS proposal for the AES, among 14 other candidates in 1998. It was based on the recent decorrelation theory, to obtain certain security proofs covering linear and differential cryptanalysis. DFC received numerous comments. In particular, Coppersmith discovered a weakness in the key schedule. We address this weakness by a slight modification on DFC. This paper presents the specifications and rationales of DFC version 2, and discusses issues raised during the AES process.