Results 1  10
of
13
Improved fast syndrome based cryptographic hash functions
 in Proceedings of ECRYPT Hash Workshop 2007 (2007). URL: http://wwwroc.inria.fr/secret/Matthieu.Finiasz
"... Abstract. Recently, some collisions have been exposed for a variety of cryptographic hash functions [19] including some of the most widely used today. Many other hash functions using similar constrcutions can however still be considered secure. Nevertheless, this has drawn attention on the need for ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Recently, some collisions have been exposed for a variety of cryptographic hash functions [19] including some of the most widely used today. Many other hash functions using similar constrcutions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. In this article is presented a familly of secure hash functions, whose security is directly related to the syndrome decoding problem from the theory of errorcorrecting codes. Taking into account the analysis by Coron and Joux [4] based on Wagner’s generalized birthday algorithm [18] we study the asymptotical security of our functions. We demonstrate that this attack is always exponential in terms of the length of the hash value. We also study the workfactor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter desciption for the function. Key Words: cryptographic hash functions, provable security, syndrome decoding, NPcompleteness, Wagner’s generalized birthday problem.
Lightweight codebased identification and signature
"... We revisit the codebased identification protocol proposed by Stern at Crypto’93, and give evidence that the size of public keys can be dramatically reduced while preserving a high and wellunderstood level of security. More precisely, the public keys can be made even shorter than RSA ones (typicall ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We revisit the codebased identification protocol proposed by Stern at Crypto’93, and give evidence that the size of public keys can be dramatically reduced while preserving a high and wellunderstood level of security. More precisely, the public keys can be made even shorter than RSA ones (typically 347 bits), while their size is around 150 Kbits in the original scheme. This is achieved by using matrices which are double circulant, rather than purely random. On the whole, this provides a very practical identification (and possibly signature) scheme which is mostly attractive for lightweight cryptography.
SYND: a fast codebased stream cipher with a security reduction
"... In this note we reconsider the codebased pseudorandom generator proposed by Fischer and Stern. This generator is proven as secure as the syndrome decoding problem but has two main drawbacks: it is slow (3000 bits/s) and a large size of memory is needed (88 kiloBytes). We propose a variation on the ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
In this note we reconsider the codebased pseudorandom generator proposed by Fischer and Stern. This generator is proven as secure as the syndrome decoding problem but has two main drawbacks: it is slow (3000 bits/s) and a large size of memory is needed (88 kiloBytes). We propose a variation on the scheme which avoid them: the use of regular words speeds the system up and the use of quasicyclic codes allows a decrease of the memory requirements. We eventually obtain a generator as fast as AES in counter mode using only about 8000 bits of memory. We also give a more precise security reduction.
Syndrome based collision resistant hashing
"... Abstract. Hash functions are a hot topic at the moment in cryptography. Many proposals are going to be made for SHA3, and among them, some provably collision resistant hash functions might also be proposed. These do not really compete with “standard ” designs as they are usually much slower and not ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Hash functions are a hot topic at the moment in cryptography. Many proposals are going to be made for SHA3, and among them, some provably collision resistant hash functions might also be proposed. These do not really compete with “standard ” designs as they are usually much slower and not well suited for constrained environments. However, they present an interesting alternative when speed is not the main objective. As always when dealing with provable security, hard problems are involved, and the fast syndromebased cryptographic hash function proposed by Augot, Finiasz and Sendrier at Mycrypt 2005 relies on the problem of Syndrome Decoding, a well known “Post Quantum ” problem from coding theory. In this article we review the different variants and attacks against it so as to clearly point out which choices are secure and which are not.
Improving the Performance of the SYND Stream Cipher
"... Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the se ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.
SELECTED TOPICS IN INFORMATION AND CODING THEORY Editors
"... Vol. 3 Advances in Coding Theory and Cryptography eds. T. Shaska et al. Vol. 4 Coding and Cryptology eds. Yongqing Li et al. ..."
Abstract
 Add to MetaCart
(Show Context)
Vol. 3 Advances in Coding Theory and Cryptography eds. T. Shaska et al. Vol. 4 Coding and Cryptology eds. Yongqing Li et al.
Some notes on the binary GilbertVarshamov bound
"... Abstract. Given a linear code [n, k, d] with parity check matrix H, we provide inequality that supports existence of a code with parameters [n+ l + 1, k + l, d]. We show that this inequality is stronger than the GilbertVarshamov (GV) bound even if the existence of the code [n, k, d] is guaranteed b ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Given a linear code [n, k, d] with parity check matrix H, we provide inequality that supports existence of a code with parameters [n+ l + 1, k + l, d]. We show that this inequality is stronger than the GilbertVarshamov (GV) bound even if the existence of the code [n, k, d] is guaranteed by the GV bound itself. 1
Minimum Distance Bounds for Expander Codes
"... Abstract — Several expander code constructions and their parameters are surveyed. New generalized expander codes are introduced and their properties are compared with the properties of the existing constructions. Finally, some possible directions to extend the current research on expander codes are ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract — Several expander code constructions and their parameters are surveyed. New generalized expander codes are introduced and their properties are compared with the properties of the existing constructions. Finally, some possible directions to extend the current research on expander codes are discussed. I. INTRODUCTION AND NOTATION The interest in the field of coding theory has emerged with the classical work of Shannon back in 1948. A lot of research has been done since then in the framework of a ‘classical’ coding theory. In the recent years, however, the field has
Course Outline for CS 236610: Recent Advances in Algebraic and Combinatorial Coding Theory
"... ..."
(Show Context)
unknown title
, 2013
"... Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the sec ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the socalled regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.