Results 1  10
of
10
Pseudorandom Functions and Permutations Provably Secure Against RelatedKey Attacks
, 2010
"... This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) resisting rich and relevant forms of relatedkey attacks (RKA). An RKA allows the adversa ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) resisting rich and relevant forms of relatedkey attacks (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversaryspecified ways. Based on the NaorReingold PRF we obtain an RKAPRF whose keyspace is a group and that is proven, under DDH, to resist attacks in which the key may be operated on by arbitrary adversaryspecified group elements. Previous work was able only to provide schemes in idealized models (ideal cipher, random oracle), under new, nonstandard assumptions, or for limited classes of attacks. The reason was technical difficulties that we resolve via a new approach and framework that, in addition to the above, yields other RKAPRFs including a DLINbased one derived from the LewkoWaters PRF. Over the last 15 years cryptanalysts and blockcipher designers have routinely and consistently targeted RKAsecurity; it is visibly important for abuseresistant cryptography; and it helps protect against faultinjection sidechannel attacks. Yet ours are the first significant proofs of existence of secure constructs. We warn that our constructs are proofsofconcept
Semantic security under relatedkey attacks and applications
 Cited on page 4.) 16 M. Bellare. New proofs for NMAC and HMAC: Security without collisionresistance. In C. Dwork, editor, CRYPTO 2006, volume 4117 of LNCS
, 2011
"... In a relatedkey attack (RKA) an adversary attempts to break a cryptographic primitive by invoking the primitive with several secret keys which satisfy some known, or even chosen, relation. We initiate a formal study of RKA security for randomized encryption schemes. We begin by providing general de ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
In a relatedkey attack (RKA) an adversary attempts to break a cryptographic primitive by invoking the primitive with several secret keys which satisfy some known, or even chosen, relation. We initiate a formal study of RKA security for randomized encryption schemes. We begin by providing general definitions for semantic security under passive and active RKAs. We then focus on RKAs in which the keys satisfy known linear relations over some Abelian group. We construct simple and efficient schemes which resist such RKAs even when the adversary can choose the linear relation adaptively during the attack. More concretely, we present two approaches for constructing RKAsecure encryption schemes. The first is based on standard randomized encryption schemes which additionally satisfy a natural “keyhomomorphism” property. We instantiate this approach under numbertheoretic or latticebased assumptions such as the Decisional DiffieHellman (DDH) assumption and the Learning Noisy Linear Equations assumption. Our second approach is based on RKAsecure pseudorandom generators. This approach can yield either deterministic, onetime use schemes with optimal ciphertext size or randomized unlimited use schemes. We instantiate this approach by constructing a simple RKAsecure pseurodandom generator
Relatedkey rectangle attacks on reduced AES192 and AES256
 of Lecture Notes in Computer Science
"... against a relatedkey rectangle attack. We find the following new attacks: ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
against a relatedkey rectangle attack. We find the following new attacks:
A MeetintheMiddle Attack on 8Round AES
"... Abstract. We present a 5round distinguisher for AES. We exploit this distinguisher to develop a meetinthemiddle attack on 7 rounds of AES192 and 8 rounds of AES256. We also give a timememory tradeoff generalization of the basic attack which gives a better balancing between different costs of ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present a 5round distinguisher for AES. We exploit this distinguisher to develop a meetinthemiddle attack on 7 rounds of AES192 and 8 rounds of AES256. We also give a timememory tradeoff generalization of the basic attack which gives a better balancing between different costs of the attack. As an additional note, we state a new squarelike property of the AES algorithm.
Differential and invertibility properties of blake (full version). Cryptology ePrint Archive, Report 2010/043
, 2010
"... Abstract. BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA3 Competition. In this paper, we follow a bottomup approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA3 Competition. In this paper, we follow a bottomup approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1.5 rounds we present an algorithm that finds preimages faster than in previous attacks. Discovered properties lead us to describe large classes of impossible differentials for two rounds of BLAKE’s internal permutation, and particular impossible differentials for five and six rounds, respectively for BLAKE32 and BLAKE64. Then, using a linear and rotationfree model, we describe nearcollisions for four rounds of the compression function. Finally, we discuss the problem of establishing upper bounds on the probability of differential characteristics for BLAKE. Keywords: BLAKE, cryptanalysis, hash functions, SHA3 1
A related key attack on the feistel type block ciphers
 International Journal of Network Security
, 2009
"... ..."
© 2008 Science Publications A Shuffle ImageEncryption Algorithm
"... Abstract: Problem statement: Image encryption needs to be secure by resisting statistical attacks and other types of attacks. Approach: The new algorithm, call it the Shuffle Encryption Algorithm (SEA), applies nonlinear sbox byte substitution. Then, it performed a shuffling operation partially dep ..."
Abstract
 Add to MetaCart
Abstract: Problem statement: Image encryption needs to be secure by resisting statistical attacks and other types of attacks. Approach: The new algorithm, call it the Shuffle Encryption Algorithm (SEA), applies nonlinear sbox byte substitution. Then, it performed a shuffling operation partially dependent on the input data and uses the given key. Results: SEA was implemented and tested with different data, mainly consisting of images. Results confirmed its security, shown through statistical analysis using histograms, correlation and covariance. Conclusion: New algorithm was suited for encrypting images and other types of data.
PRIMITIVES AND SCHEMES FOR NONATOMIC INFORMATION AUTHENTICATION By
"... ii ACKNOWLEDGEMENTS The completion of the dissertation would not have been possible without the support of my family that has blessed my life in ways I cannot repay. I wish to recognize, with profound appreciation, the invaluable academic mentoring I received from my advisors: Professor Yvo Desmedt ..."
Abstract
 Add to MetaCart
(Show Context)
ii ACKNOWLEDGEMENTS The completion of the dissertation would not have been possible without the support of my family that has blessed my life in ways I cannot repay. I wish to recognize, with profound appreciation, the invaluable academic mentoring I received from my advisors: Professor Yvo Desmedt and Professor Mike Burmester. In addition to my advisors, my sincere thanks are due to the members of my advisory committee, Dr. Mark Van Hoeij, Dr. Kyle Gallivan and Dr. Michael Mascagni, whose guidance and encouragement contributed to the completion of this work. I would also like to thank the Department of Computer Science for giving me an opportunity and providing an environment where I can study and conduct my research. My final thanks goes to the National Science Foundation (NSF) for the financial help through a number of grants awarded to my academic advisors. — Goce
unknown title
"... Abstract. BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA3 Competition. In this paper, we follow a bottomup approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA3 Competition. In this paper, we follow a bottomup approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1.5 rounds we present an algorithm that finds preimages faster than in previous attacks. Discovered properties lead us to describe large classes of impossible differentials for two rounds of BLAKE’s internal permutation, and particular impossible differentials for five and six rounds, respectively for BLAKE32 and BLAKE64. Then, using a linear and rotationfree model, we describe nearcollisions for four rounds of the compression function. Finally, we discuss the problem of establishing upper bounds on the probability of differential characteristics for BLAKE.
Repeated Differential Properties
"... Abstract—In this paper, we further study the key schedule of the AES algorithm and present some repeated differential properties of the AES128 and AES256 key schedules. We define the concept of repeated differential pattern for the AES128 key schedule, and the notion of doublesized repeated diff ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—In this paper, we further study the key schedule of the AES algorithm and present some repeated differential properties of the AES128 and AES256 key schedules. We define the concept of repeated differential pattern for the AES128 key schedule, and the notion of doublesized repeated differential pattern for the AES256 key schedule. We show that if we use the key schedule to expand two 128bit (or 256bit) secret keys with the repeated differential pattern (or doublesized repeated differential pattern), the resultant 10round (or 14round) subkeys have a large number of bytes in common and the differential pattern has strong repeated features.