Results 1 
7 of
7
New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru
"... Abstract. In 1989–1990, two new hash functions were presented, Snefru and MD4. Snefru was soon broken by the newly introduced differential cryptanalysis, while MD4 remained unbroken for several more years. As a result, newer functions based on MD4, e.g., MD5 and SHA1, became the defacto and intern ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In 1989–1990, two new hash functions were presented, Snefru and MD4. Snefru was soon broken by the newly introduced differential cryptanalysis, while MD4 remained unbroken for several more years. As a result, newer functions based on MD4, e.g., MD5 and SHA1, became the defacto and international standards. Following recent techniques of differential cryptanalysis for hash function, today we know that MD4 is even weaker than Snefru. In this paper we apply recent differential cryptanalysis techniques to Snefru, and devise new techniques that improve the attacks on Snefru further, including using generic attacks with differential cryptanalysis, and using virtual messages with second preimage attacks for finding preimages. Our results reduce the memory requirements of prior attacks to a negligible memory, and present a preimage of 2pass Snefru. Finally, some observations on the padding schemes of Snefru and MD4 are discussed. 1
XMX: A Firmwareoriented Block Cipher Based on Modular Multiplications
, 1997
"... This paper presents xmx, a new symmetric block cipher optimized for publickey libraries and microcontrollers with arithmetic coprocessors. xmx has no Sboxes and uses only modular multiplications and xors. The complete scheme can be described by a couple of compact formulae that o#er several inter ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This paper presents xmx, a new symmetric block cipher optimized for publickey libraries and microcontrollers with arithmetic coprocessors. xmx has no Sboxes and uses only modular multiplications and xors. The complete scheme can be described by a couple of compact formulae that o#er several interesting timespace tradeo#s (number of rounds/keysize for constant security). In practice, xmx appears to be tiny and fast: 136 code bytes and a 121 kilobits/second throughput on a Siemens SLE44CR80s smartcard (5 MHz oscillator). 1
A new random mapping model
, 2006
"... In this paper we introduce a new random mapping model, T ˆ D n, which maps the set {1, 2,..., n} into itself. The random mapping T ˆ D n is constructed using a collection of exchangeable random variables ˆD1,...., ˆ Dn which satisfy � n i=1 ˆ Di = n. In the random digraph, G ˆ D n, which represents ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
In this paper we introduce a new random mapping model, T ˆ D n, which maps the set {1, 2,..., n} into itself. The random mapping T ˆ D n is constructed using a collection of exchangeable random variables ˆD1,...., ˆ Dn which satisfy � n i=1 ˆ Di = n. In the random digraph, G ˆ D n, which represents the mapping T ˆ D n, the indegree sequence for the vertices is given by the variables ˆ D1, ˆ D2,..., ˆ Dn, and, in some sense, G ˆ D n can be viewed as an analogue of the general independent degree models from random graph theory. We show that the distribution of the number of cyclic points, the number of components, and the size of a typical component can be expressed in terms of expectations of various functions of ˆ D1, ˆ D2,..., ˆ Dn. We also consider two special examples of T ˆ D n which correspond to random mappings with preferential and antipreferential attachment, respectively, and determine, for these examples, exact and asymptotic distributions for the statistics mentioned above. Results for the distribution of the number of successors and predecessors of a typical vertex in G ˆ D n in terms of expectations of various functions of ˆ D1, ˆ D2,..., ˆ Dn are obtained in a companion paper [23].
A Cryptanalytic TimeMemory Tradeoff
 First FPGA Implementation, in the proceedings of FPL 2002, Lecture Notes in Computer Sciences, vol 2438, pp 780789
, 2002
"... Many searching problems allow timememory tradeoffs. That is, if there are K possible solutions to search over, the timememory tradeoff allows the solution to be found with high probability, in T operations (time) with M words of memory, provided the timememory product T ×M is larger than K. Crypt ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Many searching problems allow timememory tradeoffs. That is, if there are K possible solutions to search over, the timememory tradeoff allows the solution to be found with high probability, in T operations (time) with M words of memory, provided the timememory product T ×M is larger than K. Cryptanalytic attacks based on exhaustive key search are the typical context where timememory tradeoffs are applicable. Due to large key sizes, exhaustive key search usually needs unrealistic computing powers and corresponds to a situation where T = K and M = 1. However, if the same attack has to be carried out numerous times, it may be possible to execute the exhaustive search in advance and store all the results in a memory. Once this precomputation is done, the attack could be performed almost instantaneously, although in practice, the method is not realistic because of the huge amount of memory needed: T = 1, M = K. The aim of a timememory tradeoff is to mount an attack that has a lower online processing complexity than exhaustive key search and lower memory complexity than a table lookup, neglecting the precomputations (hence, it only makes sense if the attack has to be performed multiple times). The method can be used to invert any
Local properties of a random mapping model
, 2007
"... In this paper we investigate the ‘local ’ properties of a random mapping model, T D̂n, which maps the set {1, 2,..., n} into itself. The random mapping T D̂n was introduced in a companion paper [?] is constructed using a collection of exchangeable random variables D̂1,...., D̂n which satisfy ∑n i=1 ..."
Abstract
 Add to MetaCart
In this paper we investigate the ‘local ’ properties of a random mapping model, T D̂n, which maps the set {1, 2,..., n} into itself. The random mapping T D̂n was introduced in a companion paper [?] is constructed using a collection of exchangeable random variables D̂1,...., D̂n which satisfy ∑n i=1 D̂i = n. In the random digraph, G
The Design Space of Lightweight Cryptography
"... Abstract. For constrained devices, standard cryptographic algorithms can be too big, too slow or too energyconsuming. The area of lightweight cryptography studies new algorithms to overcome these problems. In this paper, we will focus on symmetrickey encryption, authentication and hashing. Instead ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. For constrained devices, standard cryptographic algorithms can be too big, too slow or too energyconsuming. The area of lightweight cryptography studies new algorithms to overcome these problems. In this paper, we will focus on symmetrickey encryption, authentication and hashing. Instead of providing a full overview of this area of research, we will highlight three interesting topics. Firstly, we will explore the generic security of lightweight constructions. In particular, we will discuss considerations for key, block and tag sizes, and explore the topic of instantiating a pseudorandom permutation (PRP) with a nonideal block cipher construction. This is inspired by the increasing prevalence of lightweight designs that are not secure against relatedkey attacks, such as PRINCE, PRIDE or Chaskey. Secondly, we explore the efficiency of cryptographic primitives. In particular, we investigate the impact on efficiency when the input size of a primitive doubles. Lastly, we provide some considerations for cryptographic design. We observe that applications do not always use cryptographic algorithms as they were intended, which negatively impacts the security and/or efficiency of the resulting implementations.