,butsuchprimitivesareusuallyslow.Amorepracticalapproachistousesymmetric-key design techniques which lead to faster schemes, but collision resistance can only be heuristically inferred from the best probability of a single differential characteristic path. We propose a new hash function design with variable hash output sizes of 128, 256, and 512 bits, that reduces this gap. Due

Abstract. JH and Grøstl hash functions are two of the five finalists in NIST SHA-3 competition. JH-s and Grøstl-s are based on a 2n bit compression function and the final output is truncated to s bits, where n is 512 and s can be 224,256,384 and 512. Previous security proofs show that JH

the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company); acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet.

Implementational aspects of code-based cryptography

Digital signatures are an important primitive for building secure systems and are used in most real world security protocols. However, almost all popular signature schemes are either based on the factoring as-sumption (RSA) or the hardness of the discrete logarithm problem (DSA/ECDSA). In the case

I would like to thank my parents for always believing in me. I would also like to thank my supervisors Richard Lindner and Johannes Buchmann for their useful comments and suggestions on how to improve the queality of the thesis. Not on last place I would like to thank Vadim Lyubashevsky and Luis Carlos Coronado Garcia for their kindness and readiness to answer my questions. Warranty I hereby warrant that the content of this thesis is the direct result of my own work and that any use made in it of published or unpublished material is fully and correctly referenced. I also warrant that the presented work has

Algebraic methods in analyzing

the desperation of users. To establish a secure basis for Internet communication, we propose SafeSlinger, a system leveraging the proliferation of smartphones to enable people to securely and privately exchange their public keys. Through the exchanged authentic public key, SafeSlinger establishes a secure channel

Abstract—Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve

The Merkle signature scheme (MSS) is an interesting alternative for well established signature schemes such as RSA, DSA, and ECDSA. The security of MSS only relies on the existence of cryptographically secure hash functions. MSS has a good chance of being quantum computer resistant