Results 11  20
of
34
Cryptanalysis of a Hash Function Based on QuasiCyclic Codes
"... Abstract. At the ECRYPT Hash Workshop 2007, Finiasz, Gaborit, and Sendrier proposed an improved version of a previous provably secure syndromebased hash function. The main innovation of the new design is the use of a quasicyclic code in order to have a shorter description and to lower the memory u ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. At the ECRYPT Hash Workshop 2007, Finiasz, Gaborit, and Sendrier proposed an improved version of a previous provably secure syndromebased hash function. The main innovation of the new design is the use of a quasicyclic code in order to have a shorter description and to lower the memory usage. In this paper, we look at the security implications of using a quasicyclic code. We show that this very rich structure can be used to build a highly efficient attack: with most parameters, our collision attack is faster than the compression function! Key words: hash function, provable security, cryptanalysis, quasicyclic code, syndrome decoding. 1
Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems
 In WCC 2011, LNCS
, 2011
"... Abstract. Codebased cryptographic schemes are promising candidates for postquantum cryptography since they are fast, require only basic arithmetic, and because their security is well understood. Due to their main drawback of large public key sizes, there have been many proposals on how to reduce t ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Codebased cryptographic schemes are promising candidates for postquantum cryptography since they are fast, require only basic arithmetic, and because their security is well understood. Due to their main drawback of large public key sizes, there have been many proposals on how to reduce the key sizes. Many of these use highly structured matrices which can be stored more efficiently. In this paper, we show how a broad class of such structures can be exploited to increase the time and memory efficiency of a Generalized Birthday Attack (GBA), which is one of the best generic attacks against codebased cryptosystems. For example, this improves the best attack against QDCFS (with n = 30924) and FSB512 by a factor of 180 and 1984, respectively. In general, for a paritycheck matrix of size r×n, the improvement is a factor of r, which is typically in the order of 28 to 212.
Cryptographic Hash Functions: Recent Design Trends and Security Notions ∗
"... Recent years have witnessed an exceptional research interest in cryptographic hash functions, especially after the popular attacks against MD5 and SHA1 in 2005. In 2007, the U.S. National Institute of Standards and Technology (NIST) has also significantly boosted this interest by announcing a publi ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Recent years have witnessed an exceptional research interest in cryptographic hash functions, especially after the popular attacks against MD5 and SHA1 in 2005. In 2007, the U.S. National Institute of Standards and Technology (NIST) has also significantly boosted this interest by announcing a public competition to select the next hash function standard, to be named SHA3. Not surprisingly, the hash function literature has since been rapidly growing in an extremely fast pace. In this paper, we provide a comprehensive, uptodate discussion of the current state of the art of cryptographic hash functions security and design. We first discuss the various hash functions security properties and notions, then proceed to give an overview of how (and why) hash functions evolved over the years giving raise to the current diverse hash functions design approaches. A short version of this paper is in [1]. This version has been thoroughly extended, revised and updated. This
Faster 2regular informationset decoding
"... Abstract. Fix positive integers B and w. Let C be a linear code over F2 of length Bw. The 2regulardecoding problem is to find a nonzero codeword consisting of w lengthB blocks, each of which has Hamming weight 0 or 2. This problem appears in attacks on the FSB (fast syndromebased) hash function a ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Fix positive integers B and w. Let C be a linear code over F2 of length Bw. The 2regulardecoding problem is to find a nonzero codeword consisting of w lengthB blocks, each of which has Hamming weight 0 or 2. This problem appears in attacks on the FSB (fast syndromebased) hash function and related proposals. This problem differs from the usual informationsetdecoding problems in that (1) the target codeword is required to have a very regular structure and (2) the target weight can be rather high, so that there are many possible codewords of that weight. Augot, Finiasz, and Sendrier, in the paper that introduced FSB, presented a variant of informationset decoding tuned for 2regular decoding. This paper improves the Augot–Finiasz–Sendrier algorithm in a way that is analogous to Stern’s improvement upon basic informationset decoding. The resulting algorithm achieves an exponential speedup over the previous algorithm. Keywords: Informationset decoding, 2regular decoding, FSB, binary codes.
Efficient Constructions of Deterministic Encryption from Hybrid Encryption and CodeBased PKE∗
"... We present efficient constructions of deterministic encryption (DE) satisfying the new notion – security against privacy adversary (PRIV security), in the random oracle model. Our work includes: 1) A generic construction of deterministic lengthpreserving hybrid encryption, which is an improvement o ..."
Abstract
 Add to MetaCart
(Show Context)
We present efficient constructions of deterministic encryption (DE) satisfying the new notion – security against privacy adversary (PRIV security), in the random oracle model. Our work includes: 1) A generic construction of deterministic lengthpreserving hybrid encryption, which is an improvement over the paper by Bellare et al. in Crypto’07; to our best knowledge, this is the first example of lengthpreserving deterministic hybrid encryption (DHE); 2) postquantum deterministic encryption, using the codebased encryption, which enjoys a simplified construction since its public key is reused as a hash function; 3) deterministic encryption with high message rate from witnessrecovering encryption.
Computational aspects of retrieving a
"... representation of an algebraic geometry code ..."
(Show Context)
ProjectTeam Codes Codage et cryptographie
"... c t i v it y e p o r t 2007 Table of contents ..."
(Show Context)
ProjectTeam Secret Security, Cryptology and Transmissions
"... c t i v it y e p o r t ..."
(Show Context)
Improving the Performance of the SYND Stream Cipher
"... Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the se ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.