Abstract. With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present. Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today’s leading compact stream ciphers. 1

Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has 2 99.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolić works for a weak key class and has much higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle. 1

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of fifteen candidate algorithms and requested the assistance of the cryptographic research community in analyzing the candidates. This analysis included an initial examination of the security and efficiency characteristics for each algorithm. NIST reviewed the results of this preliminary research and selected MARS, RC6™, Rijndael, Serpent and Twofish as finalists. Having reviewed further public analysis of the finalists, NIST has decided to propose Rijndael as the Advanced Encryption Standard (AES). The research results and rationale for this selection are documented in this report.

Abstract—With the fast evolution of digital data exchange, security information becomes much important in data storage and transmission. Due to the increasing use of images in industrial process, it is essential to protect the confidential image data from unauthorized access. In this paper, we analyze the Advanced Encryption Standard (AES), and we add a key stream generator (A5/1, W7) to AES to ensure improving the encryption performance; mainly for images characterised by reduced entropy. The implementation of both techniques has been realized for experimental purposes. Detailed results in terms of security analysis and implementation are given. Comparative study with traditional encryption algorithms is shown the superiority of the modified algorithm.

ABSTRACT: In this paper, we present a mini version of Rijndael, the symmetric-key block cipher selected as the Advanced Encryption Standard (AES) recently. Mini-AES has all the parameters significantly reduced while at the same time preserving its original structure. It is meant to be a purely educational cipher and is not considered secure for actual applications. The purpose is such that once undergraduate students and amateur cryptanalysts have grasped the basic principles behind how Mini-AES works, it will be easy for them to move on to the real AES. At the same time, an illustration of how the Square attack can be applied to Mini-AES is presented in the hope that Mini-AES would also serve as a testbed for students to begin their cryptanalysis efforts.

Abstract. The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) is omitted from it. Following a statement of the designers, it is widely believed that the omission of the last round MixColumns has no security implications. As a result, the majority of attacks on reduced-round variants of AES assume that the last round of the reduced-round version is free of the MixColumns operation. In this note we refute this belief, showing that the omission of Mix-Columns does affect the security of (reduced-round) AES. First, we consider a simple example of 1-round AES, where we show that the omission reduces the time complexity of an attack with a single known plaintext from 2 48 to 2 16. Then, we examine several previously known attacks on 7-round AES-192 and show that the omission reduces their time complexities by a factor of 2 16. 1

Abstract. We present a 5-round distinguisher for AES. We exploit this distinguisher to develop a meet-in-the-middle attack on 7 rounds of AES-192 and 8 rounds of AES-256. We also give a time-memory tradeoff generalization of the basic attack which gives a better balancing between different costs of the attack. As an additional note, we state a new squarelike property of the AES algorithm.

Abstract — The current encryption standard for wireless networks recommends using the AES cipher in the counter (CTR) mode for confidentiality and the cipher block chaining (CBC) mode for authentication. In the counter mode, a 128 bit counter is encrypted using the AES into 128 bit keystream which is then XORed with 128 bits of plaintext before transmission. This operation is repeated for the entire frame and results in heavy energy consumption for larger frames. In this paper, we propose a novel cipher called High Diffusion (HD) cipher that securely expands a given 128 bit counter value to a larger 288 bit keystream during encryption, thus reducing the number of encryptions per frame compared to the AES. We show that the HD cipher is as secure as the AES under differential, linear cryptanalysis and Square attack. Using an experimental set up consisting of a laptop with 1.8 GHz Pentium 4 processor and an Intrinsyc CerfCube with 233 MHz ARM processor we measure the energy consumption of both the AES and the HD cipher encryption operation. We observe that using HD cipher instead of AES for encryption will result in about 40 % saving in energy consumption on both the laptop and the CerfCube. When HD cipher is used instead of AES in the CCMP, we observe that energy efficiency due to HD cipher is significant for larger frame lengths. I.

Abstract. With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present. Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today’s leading compact stream ciphers. 1 1

In this paper, we propose a new block cipher called BC2 (Block Cipher 2). We make a cipher using components that are believed secure. The structure of BC2 is very simple. We use Feistel network with input-output 128 bits, matrix Maximum Distance Separable (MDS) 8x8 with branch number 9 to give high diffusion, a function affine equivalent to the inverse function in GF(2 8) that we get from Camellia and Hierocrypt S-Box for confusion and we make FN function, based on FL function of Camellia. We use a heuristic method to count the minimum number of active substitution box at Feistel Network. And we also construct a new key schedule that is fast and secure.