Concept

Format-preserving encryption

Related publications (41)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Breaking the FF3 Format Preserving Encryption

Serge Vaudenay, Fatma Betül Durak

The NIST standard FF3 scheme (also known as BPS scheme) is a tweakable block cipher based on a 8-round Feistel Network. We break it with a practical attack. Our attack exploits the bad domain separation in FF3 design. The attack works with chosen plaintext ...

2017

Breaking The FF3 Format-Preserving Encryption Standard Over Small Domains

Serge Vaudenay, Fatma Betül Durak

The National Institute of Standards and Technology (NIST) recently published a Format-Preserving Encryption standard accepting two Feistel structure based schemes called FF1 and FF3. Particularly, FF3 is a tweakable block cipher based on an 8-round Feistel ...

2017

Seeking Anonymity in an Internet Panopticon

Bryan Alexander Ford

Internet, users often need to assume, by default, that their every statement or action online is monitored and tracked. The Dissent project at Yale University takes a collective approach to online anonymity, based on different algorithmic foundations from ...

Assoc Computing Machinery2015

Resistance against Adaptive Plaintext-Ciphertext Iterated Distinguishers

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C^*. A b ...

2012

Resistance Against Iterated Attacks by Decorrelation Revisited

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Iterated attacks are comprised of iterating adversaries who can make

d

plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher

C

and the ideal random cipher

C^*

based on all bits. In EUROCRYPT '99, ...

Springer2012

Related-Key Attack against Triple Encryption based on Fixed Points

Serge Vaudenay

Triple encryption was proposed to increase the security of single encryption when the key is too short. In the past, there have been several attacks in this encryption mode. When triple encryption is based on two keys, Merkle and Hellman proposed a subtle ...

SciTePress2011

A Related-Key Attack against Multiple Encryption based on Fixed Points

Serge Vaudenay, Atefeh Mashatan, Asli Bay

In order to alleviate the burden of short keys, encrypting a multiple times has been proposed. In the multiple encryption mode, there may be encryptions under the same or different keys. There have been several attacks against this encryption mode. When tr ...

Springer2011

Finite Block-Length Achievable Rates for Queuing Timing Channels

Thomas Riedl

The exponential server timing channel is known to be the simplest, and in some sense canonical, queuing timing channel. The capacity of this infinite-memory channel is known. Here, we discuss practical finite-length restrictions on the codewords and attemp ...

2011

Efficient Cache Attacks on AES, and Countermeasures

Dag Arne Osvik

We describe several software side-channel attacks based on inter-process leakage through the state of the CPU's memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-depe ...

Springer Verlag2010

Fast Software AES Encryption

Joppe Willem Bos, Dag Arne Osvik, Deian Stefan

This paper presents new software speed records for AES-128 encryption for architectures at both ends of the performance spectrum. On the one side we target the low-end 8-bit AVR rnicrocontrollers and 32-bit ARM microprocessors, while on the other side of t ...

Springer-Verlag New York, Ms Ingrid Cunningham, 175 Fifth Ave, New York, Ny 10010 Usa2010

Resistance Against Iterated Attacks by Decorrelation Revisited

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Iterated attacks are comprised of iterating adversaries who can make

d

plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher

C

and the ideal random cipher

C^*

based on all bits. In EUROCRYPT '99, ...

Springer2012