Results 1  10
of
36
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
On Predictive Models and UserDrawn Graphical Passwords
 ACM TISSEC
, 2007
"... In commonplace textbased password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to bruteforce dictionary attacks. This leads us to ask whether other types of passwords (e.g., graphical) are also vulnerable to dictionary attack because ..."
Abstract

Cited by 44 (12 self)
 Add to MetaCart
(Show Context)
In commonplace textbased password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to bruteforce dictionary attacks. This leads us to ask whether other types of passwords (e.g., graphical) are also vulnerable to dictionary attack because of users tending to choose memorable passwords. We suggest a method to predict and model a number of such classes for systems where passwords are created solely from a user’s memory. We hypothesize that these classes define weak password subspaces suitable for an attack dictionary. For userdrawn graphical passwords, we apply this method with cognitive studies on visual recall. These cognitive studies motivate us to define a set of password complexity factors (e.g., reflective symmetry and stroke count), which define a set of classes. To better understand the size of these classes and, thus, how weak the password subspaces they define might be, we use the “DrawASecret ” (DAS) graphical password scheme of Jermyn et al. [1999] as an example. We analyze the size of these classes for DAS under convenient parameter choices and show that they can be combined to define apparently popular subspaces that have bit sizes ranging from 31 to 41—a surprisingly small proportion of the full password space (58 bits). Our results quantitatively support suggestions that userdrawn graphical password systems employ measures, such as graphical password rules or guidelines and proactive password checking.
The Cipher SHARK
 FAST SOFTWARE ENCRYPTION, THIRD INTERNATIONAL WORKSHOP
, 1996
"... We present the new block cipher SHARK. This cipher combines highly nonlinear substitution boxes and maximum distance separable error correcting codes (MDScodes) to guarantee a good diffusion. The cipher is resistant against differential and linear cryptanalysis after a small number of rounds ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
We present the new block cipher SHARK. This cipher combines highly nonlinear substitution boxes and maximum distance separable error correcting codes (MDScodes) to guarantee a good diffusion. The cipher is resistant against differential and linear cryptanalysis after a small number of rounds. The structure of SHARK is such that a fast software implementation is possible, both for the encryption and the decryption. Our Cimplementation of SHARK runs more than four times faster than SAFER and IDEA on a 64bit architecture.
IDEA: A Cipher for Multimedia Architectures?
 In Selected Areas in Cryptography ’98
, 1998
"... MMX is a new technology to accelerate multimedia applications on Pentium processors. We report an implementation of IDEA on a Pentium MMX that is $1.65$ times faster than any previously known implementation on the Pentium. By parallelizing four IDEA's we reach an unprecedented $78$ Mbits/s thro ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
(Show Context)
MMX is a new technology to accelerate multimedia applications on Pentium processors. We report an implementation of IDEA on a Pentium MMX that is $1.65$ times faster than any previously known implementation on the Pentium. By parallelizing four IDEA's we reach an unprecedented $78$ Mbits/s throughput per output block on a 166MHz MMX. In the light of rapidly increasing popularity of multimedia applications, causing more dedicated hardware to be built, and observing that most of the current block ciphers do not benefit from MMX, we raise the problem of designing block ciphers (and encryption modes) fully utilizing the basic operations of multimedia.
DifferentialLinear Weak Key Classes of IDEA
 Advances in Cryptology  EUROCRYPT '98 Proceedings
, 1998
"... pmhQmaths.uq.edu.au Abstract. Large weak key classes of IDEA are found for which membership is tested with a differentiallinear test while encrypting with a single key. In particular, one in every 2' ' keys for 8.5round IDEA is weak. A relatedkey differentiallinear attack on 4round I ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
(Show Context)
pmhQmaths.uq.edu.au Abstract. Large weak key classes of IDEA are found for which membership is tested with a differentiallinear test while encrypting with a single key. In particular, one in every 2' ' keys for 8.5round IDEA is weak. A relatedkey differentiallinear attack on 4round IDEA is presented which is successful for all keys. Large weak key classes are found for 4.5 to 6.5round and 8round IDEA for which membership of these classes is tested using similar relatedkey differentiallinear tests.
Bitslice Ciphers and Power Analysis Attacks
 in the preproceedings of the Fast Software Encryption Workshop 2000
, 2000
"... In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed in [14]. We apply the technique to BaseKing, a variant of 3Way[10] that was published in [8]. We introduce an alternative method to protect against p ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed in [14]. We apply the technique to BaseKing, a variant of 3Way[10] that was published in [8]. We introduce an alternative method to protect against power analysis speci c for BaseKing. Finally, we discuss the applicability of the methods to the other known bitslice ciphers 3Way and Serpent [2].
DifferentialLinear Cryptanalysis of IDEA
, 1996
"... In this paper we describe an attack on 3 rounds of IDEA, making use of linear as well as differential cryptanalytic techniques. The attack is independent of the key schedule. The main attack requires at most 2 29 chosen plaintext pairs and a workload of about 2 49 additions modulo 2 16 + 1 to ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In this paper we describe an attack on 3 rounds of IDEA, making use of linear as well as differential cryptanalytic techniques. The attack is independent of the key schedule. The main attack requires at most 2 29 chosen plaintext pairs and a workload of about 2 49 additions modulo 2 16 + 1 to find two subkeys or their additive inverses modulo 2 16 + 1. Further we describe a method, which then can find two more subkeys or their additive inverses modulo 2 16 + 1, which needs less than 10 of the already encrypted pairs and a total workload of at most 2 33 multiplications modulo 2 16 +1. This attack is more powerful than all previously published general attacks on the IDEA structure.