Concept

Attack model

Related publications (31)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Linear Cryptanalysis of Non Binary Ciphers (with an application to SAFER)

Serge Vaudenay, Thomas Baignères, Jacques Stern

In this paper we re-visit distinguishing attacks. We show how to generalize the notion of linear distinguisher to arbitrary sets. Our thesis is that our generalization is the most natural one. We compare it with the one by Granboulan et al. from FSE'06 by ...

Springer2007

When Stream Cipher Analysis Meets Public-Key Cryptography

Serge Vaudenay

Inspired by fast correlation attacks on stream ciphers, we present a stream cipher-like construction for a public-key cryptosystem whose security relies on two problems: finding a low-weight multiple of a given polynomial and a Hidden Correlation problem. ...

Springer2006

New Attacks against Reduced-Round Versions of IDEA

Pascal Junod

In this paper, we describe a sequence of simple, yet e cient chosen-plaintext (or chosen-ciphertext) attacks against reduced-round versions of IDEA (with 2, 2.5, 3, 3.5, and 4 rounds) which compare favourably with the best known attacks: some of them decre ...

2005

Practical Cryptography in High Dimensional Tori

Robert Granger, Martijn Stam

At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori

T_n

in cryptography, and obtained an asymptotically optimal

n/\phi(n)

savings in bandwidth and storage for a number of cryptographic applications. However, the compu ...

Springer Berlin Heidelberg2005

Chaum's Designated Confirmer Signature Revisited

Serge Vaudenay, Jean Monnerat

This article revisits the original designated confirmer signature scheme of Chaum. Following the same spirit we naturally extend the Chaum's construction in a more general setting and analyze its security in a formal way. We prove its security in the rando ...

2005

In many standards, e.g. SSL/TLS, IPSEC, WTLS, messages are first pre-formatted, then encrypted in CBC mode with a block cipher. Decryption needs to check if the format is valid. Validity of the format is easily leaked from communication protocols in a chos ...

2002

On the Complexity of Matsui's Attack

Pascal Junod

Linear cryptanalysis remains the most powerful attack against DES at this time. Given

2^{43}

known plaintext-ciphertext pairs, Matsui expected a complexity of less than

2^{43}

DES evaluations in 85% of the cases for recovering the key. In this paper, w ...

2001

A number of signature schemes and standards have been recently designed, based on the discrete logarithm problem. Examples of standards are the DSA and the KCDSA. Very few formal design/security validations have already been conducted for both the KCDSA an ...

2000

Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness

Serge Vaudenay

In previous work, security results of decorrelation theory was based on the infinity-associated matrix norm. This enables to prove that decorrelation provides security against non-adaptive iterated attacks. In this paper we define a new matrix norm dedicat ...

1999

Comparison of the Randomness Provided by Some AES Candidates

Serge Vaudenay

Using the decorrelation techniques we compare the randomness of three schemes used in the AES candidates. The target schemes are the original Feistel scheme and two modified Feistel schemes: the MARS-like structure and the CAST256-like structure. As a resu ...

1999

Practical Cryptography in High Dimensional Tori

Robert Granger, Martijn Stam

At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori

T_n

in cryptography, and obtained an asymptotically optimal

n/\phi(n)

savings in bandwidth and storage for a number of cryptographic applications. However, the compu ...

Springer Berlin Heidelberg2005

On the Complexity of Matsui's Attack

Pascal Junod

Linear cryptanalysis remains the most powerful attack against DES at this time. Given

2^{43}

known plaintext-ciphertext pairs, Matsui expected a complexity of less than

2^{43}

DES evaluations in 85% of the cases for recovering the key. In this paper, w ...

2001