Results 1  10
of
25
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Cryptanalysis of stream ciphers with linear masking
 Proc. of CRYPTO’02
, 2002
"... Abstract. We describe a cryptanalytical technique for distinguishing some stream ciphers from a truly random process. Roughly, the ciphers to which this method applies consist of a “nonlinear process ” (say, akin to a round function in block ciphers), and a “linear process ” such as an LFSR (or eve ..."
Abstract

Cited by 39 (1 self)
 Add to MetaCart
Abstract. We describe a cryptanalytical technique for distinguishing some stream ciphers from a truly random process. Roughly, the ciphers to which this method applies consist of a “nonlinear process ” (say, akin to a round function in block ciphers), and a “linear process ” such as an LFSR (or even fixed tables). The output of the cipher can be the linear sum of both processes. To attack such ciphers, we look for any property of the “nonlinear process ” that can be distinguished from random. In addition, we look for a linear combination of the linear process that vanishes. We then consider the same linear combination applied to the cipher’s output, and try to find traces of the distinguishing property. In this report we analyze two specific “distinguishing properties”. One is a linear approximation of the nonlinear process, which we demonstrate on the stream cipher SNOW. This attack needs roughly 2 95 words of output, with workload of about 2 100. The other is a “lowdiffusion” attack, that we apply to the cipher Scream0. The latter attack needs only about 2 43 bytes of output, using roughly 2 50 space and 2 80 time.
Trivium  A Stream Cipher Construction Inspired by Block Cipher Design Principles. eSTREAM, ECRYPT Stream Cipher
, 2005
"... Abstract. In this paper, we propose a new stream cipher construction based on block cipher design principles. The main idea is to replace the building blocks used in block ciphers by equivalent stream cipher components. In order to illustrate this approach, we construct a very simple synchronous str ..."
Abstract

Cited by 35 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a new stream cipher construction based on block cipher design principles. The main idea is to replace the building blocks used in block ciphers by equivalent stream cipher components. In order to illustrate this approach, we construct a very simple synchronous stream cipher which provides a lot of flexibility for hardware implementations, and seems to have a number of desirable cryptographic properties. 1
Mercy: A fast large block cipher for disk sector encryption
 Proc. Fast Software Encryption 2000, LNCS 1978
, 2000
"... Abstract. We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative measure of avalanche. To address these needs, we present Mercy, a new block cipher accepting large (4096bit) blocks, which uses a keydependent state machine to build a bijective F function for a Feistel cipher. Mercy achieves 9 cycles/byte on a Pentium compatible processor.
Assche. Sponge functions
, 2007
"... XProofpointVirusVersion: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=20070427_05:20070427,20070427,20070427 signatures=0 XPPSpamDetails: rule=spampolicy2_notspam policy=spampolicy2 score=0 spamscore=0 ipscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 rea ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
(Show Context)
XProofpointVirusVersion: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=20070427_05:20070427,20070427,20070427 signatures=0 XPPSpamDetails: rule=spampolicy2_notspam policy=spampolicy2 score=0 spamscore=0 ipscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=3.1.00703060001 definitions=main0704270063 XPPSpamScore: 0 XNISTMailScanner: Found to be clean
IDEA: A Cipher for Multimedia Architectures?
 In Selected Areas in Cryptography ’98
, 1998
"... MMX is a new technology to accelerate multimedia applications on Pentium processors. We report an implementation of IDEA on a Pentium MMX that is $1.65$ times faster than any previously known implementation on the Pentium. By parallelizing four IDEA's we reach an unprecedented $78$ Mbits/s thro ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
MMX is a new technology to accelerate multimedia applications on Pentium processors. We report an implementation of IDEA on a Pentium MMX that is $1.65$ times faster than any previously known implementation on the Pentium. By parallelizing four IDEA's we reach an unprecedented $78$ Mbits/s throughput per output block on a 166MHz MMX. In the light of rapidly increasing popularity of multimedia applications, causing more dedicated hardware to be built, and observing that most of the current block ciphers do not benefit from MMX, we raise the problem of designing block ciphers (and encryption modes) fully utilizing the basic operations of multimedia.
The Grindahl hash functions
 In FSE’07, volume 4593 of LNCS
, 2007
"... Abstract. In this paper we propose the Grindahl hash functions, which are based on components of the Rijndael algorithm. To make collision search sufficiently difficult, this design has the important feature that no lowweight characteristics form collisions, and at the same time it limits access t ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we propose the Grindahl hash functions, which are based on components of the Rijndael algorithm. To make collision search sufficiently difficult, this design has the important feature that no lowweight characteristics form collisions, and at the same time it limits access to the state. We propose two concrete hash functions, Grindahl256 and Grindahl512 with claimed security levels with respect to collision, preimage and second preimage attacks of 2128 and 2256, respectively. Both proposals have lower memory requirements than other hash functions at comparable speeds and security levels.
G.V.: Permutationbased encryption, authentication and authenticated encryption
, 2012
"... Abstract. While mainstream symmetric cryptography has been dominated by block ciphers, we have proposed an alternative based on fixedwidth permutations with modes built on top of the sponge and duplex construction, and our concrete proposal K�����. Our permutationbased approach is scalable and suit ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Abstract. While mainstream symmetric cryptography has been dominated by block ciphers, we have proposed an alternative based on fixedwidth permutations with modes built on top of the sponge and duplex construction, and our concrete proposal K�����. Our permutationbased approach is scalable and suitable for highend CPUs as well as resourceconstrained platforms. The la�er is illustrated by the small K���� � instances and the sponge functions Quark, Photon and Spongent, all addressing lightweight applications. We have proven that the sponge and duplex construction resist against generic a�acks with complexity up to 2 c/2, where c is the capacity. This provides a lower bound on the width of the underlying permutation. However, for keyed modes and bounded data complexity, a security strength level above c/2 can be proven. For MAC computation, encryption and even authenticated encryption with a passive adversary, a security strength level of almost c against generic a�acks can be a�ained. This increase in security allows reducing the capacity leading to a be�er efficiency. We argue that for keyed modes of the sponge and duplex constructions the requirements on the underlying permutation can be relaxed, allowing to significantly reduce its number of rounds. Finally, we present two generalizations of the sponge and duplex constructions that allow more freedom in tuning the parameters leading to even higher efficiency. We illustrate our generic constructions with proposals for concrete instantiations calling reducedround versions of the K����� f [1600] and K����� f [200] permutations. 1
Attack the Dragon
 Progress in Cryptology  INDOCRYPT 2005, Lecture Notes in Computer Science
, 2005
"... Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NL ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NLFSR and produce the keystream. The internal state of the cipher is 1088 bits, i.e., any kinds of TMD attacks are not applicable. In this paper we present two statistical distinguishers that distinguish Dragon from a random source both requiring around O(2 ) words of the keystream. In the first scenario the time complexity is around O(2 ) with the memory complexity O(2 ), whereas the second scenario needs only O(2 ) of time, but O(2 ) of memory. The attack is based on a statistical weakness introduced into the keystream by the filter function F . This is the first paper presenting an attack on Dragon, and it shows that the cipher does not provide full security when the key of size 256 bits is used.
Hijibijbij: A New Stream Cipher with SelfSynchronizing and MAC Modes Of Operation
 Progress in Cryptology – Indocrypt 2003, LNCS 2904
, 2003
"... In this paper, we present a new stream cipher called Hijibijbij (HBB). The basic design principle of HBB is to mix a linear and a nonlinear map. Our innovation is in the design of the linear and the nonlinear maps. The linear map is realised using two 256bit maximal period 90/150 cellular autom ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
In this paper, we present a new stream cipher called Hijibijbij (HBB). The basic design principle of HBB is to mix a linear and a nonlinear map. Our innovation is in the design of the linear and the nonlinear maps. The linear map is realised using two 256bit maximal period 90/150 cellular automata.