Results 1  10
of
3,515
Parallel Collision Search with Cryptanalytic Applications
 Journal of Cryptology
, 1996
"... A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to ad ..."
Abstract

Cited by 190 (3 self)
 Add to MetaCart
collisions in expected time 21 days, and the last recovers a doubleDES key from 2 known plaintexts in expected time 4 years, which is four orders of magnitude faster than the conventional meetinthemiddle attack on doubleDES. Based on this attack, doubleDES offers only 17 more bits of security than
New Directions in Cryptography
, 1976
"... Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper sug ..."
Abstract

Cited by 3499 (7 self)
 Add to MetaCart
Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper
New Types of Cryptanalytic Attacks Using Related Keys
, 1994
"... this paper we described new cryptanalytic attacks which are applicable to the LOKI family of blockciphers and to Lucifer. These new attacks are based on the structure of the key scheduling algorithms. Since we assume that in all the intermediate rounds the data and the subkeys are the same in both e ..."
Abstract

Cited by 200 (13 self)
 Add to MetaCart
this paper we described new cryptanalytic attacks which are applicable to the LOKI family of blockciphers and to Lucifer. These new attacks are based on the structure of the key scheduling algorithms. Since we assume that in all the intermediate rounds the data and the subkeys are the same in both
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1643 (75 self)
 Add to MetaCart
We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R
Encrypted Key Exchange: PasswordBased Protocols Secure Against Dictionary Attacks
 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY
, 1992
"... Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenti ..."
Abstract

Cited by 431 (5 self)
 Add to MetaCart
Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential
The full cost of cryptanalytic attacks
 Journal of Cryptology
"... Abstract. An open question about the asymptotic cost of connecting many processors to a large memory using three dimensions for wiring is answered, and this result is used to find the full cost of several cryptanalytic attacks. In many cases this full cost is higher than the accepted complexity of a ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
of a given algorithm based on the number of processor steps. The full costs of several cryptanalytic attacks are determined, including Shanks ’ method for computing discrete logarithms in cyclic groups of prime order n, which requires n 1/2+o(1) processor steps, but when all factors are taken
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
, 1976
"... Abstract. In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM 2 = N 2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicabl ..."
Abstract

Cited by 118 (5 self)
 Add to MetaCart
Abstract. In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM 2 = N 2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D
New Cryptanalytic Results on IDEA
 of Lecture Notes in Computer Science
, 2006
"... Abstract. IDEA is a 64bit block cipher with 128bit keys introduced by Lai and Massey in 1991. IDEA is one of the most widely used block ciphers, due to its inclusion in several cryptographic packages, such as PGP and SSH. The cryptographic strength of IDEA relies on a combination of three incompat ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
operations of IDEA. Using this relation and other techniques, we devise a linear attack on 5round IDEA that uses 2 19 known plaintexts and has a time complexity of 2 103 encryptions. By transforming the relation into a relatedkey one, a similar attack on 7.5round IDEA can be applied with data complexity
Cryptanalytic Attacks on Pseudorandom Number Generators
 FAST SOFTWARE ENCRYPTION, FIFTH INTERNATIONAL PROCEEDINGS
, 1998
"... In this paper we discuss PRNGs: the mechanisms used by realworld secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analy ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of the model (and our attacks) to four realworld PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions.
Results 1  10
of
3,515