This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) resisting rich and relevant forms of related-key attacks (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversary-specified ways. Based on the Naor-Reingold PRF we obtain an RKA-PRF whose keyspace is a group and that is proven, under DDH, to resist attacks in which the key may be operated on by arbitrary adversary-specified group elements. Previous work was able only to provide schemes in idealized models (ideal cipher, random oracle), under new, non-standard assumptions, or for limited classes of attacks. The reason was technical difficulties that we resolve via a new approach and framework that, in addition to the above, yields other RKA-PRFs including a DLIN-based one derived from the Lewko-Waters PRF. Over the last 15 years cryptanalysts and blockcipher designers have routinely and consistently targeted RKA-security; it is visibly important for abuse-resistant cryptography; and it helps protect against fault-injection sidechannel attacks. Yet ours are the first significant proofs of existence of secure constructs. We warn that our constructs are proofs-of-concept

Abstract. We present a 5-round distinguisher for AES. We exploit this distinguisher to develop a meet-in-the-middle attack on 7 rounds of AES-192 and 8 rounds of AES-256. We also give a time-memory tradeoff generalization of the basic attack which gives a better balancing between different costs of the attack. As an additional note, we state a new squarelike property of the AES algorithm.

Abstract: Problem statement: Image encryption needs to be secure by resisting statistical attacks and other types of attacks. Approach: The new algorithm, call it the Shuffle Encryption Algorithm (SEA), applies nonlinear s-box byte substitution. Then, it performed a shuffling operation partially dependent on the input data and uses the given key. Results: SEA was implemented and tested with different data, mainly consisting of images. Results confirmed its security, shown through statistical analysis using histograms, correlation and covariance. Conclusion: New algorithm was suited for encrypting images and other types of data.

The HB problem first introduced by Blum and Hopper has been the basis for extremely lightweight authentication protocols for RFID tags [18, 19]. In this paper we introduce a variant of this problem which we call the strong HB problem. We analyze the strong HB problem and give some arguments that support its hardness. We then use the strong HB assumption in two applications of independent interest. First, while the HB problem has been the basis of several lightweight protocols for RFID authentication, none of these protocols have proofs of security against fully adaptive man-inthe-middle attacks. We improve on the HB # protocol [15] using the strong HB assumption. Our protocol is two rounds less than HB #, with similar efficiency otherwise, and can be proven secure against man-in-the-middle attacks. In addition, we create a related-key secure nonadaptive MAC based on our improved version of the HB #. 1

Abstract: Hummingbird is a lightweight encryption and message authentication primitive published in RISC’09 and WLC’10. In FSE’11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by 2 64 operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16 combining with key loading algorithm and we propose a related-key chosen-IV attack which can recover the full secret key. Under 24 pairs of related keys, the 128 bit initial key can be recovered, with the computational complexity of O(2 32.6) and data complexity of O(2 32.6). The result shows that the Hummingbird-2 cipher can’t resist related key attack.