Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.
DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C* based on all bits. Vaudenay showed that a 2d-dec ...
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose ro ...
We define a new primitive, input-aware equivocable commitment, baring similar hardness assumptions as plaintext-aware encryption and featuring equivocability. We construct an actual input-aware equivocable commitment protocol, based on a flavor of Diffie-H ...
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions a ...
The decorrelation theory provides a different point of view on the security of block cipher primitives. Results on some statistical attacks obtained in this context can support or provide new insight on the security of symmetric cryptographic primitives. I ...
Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C^*. A b ...
This PhD thesis is concerned with authentication protocols using portable lightweight devices such as RFID tags. these devices have lately gained a significant attention for the diversity of the applications that could benefit form their features, ranging ...
The contributions of this paper are new 6-round impossible-differential (ID) and 9.75-round known-key distinguishers for the 3D block cipher. The former was constructed using the miss-in-the-middle technique, while the latter with an inside-out technique. ...
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the ideal random cipher C∗ based on all bits. In EUROCRYPT '99, ...
It is a well known fact that encryption schemes can not hide a plaintext length when it is unbounded. We thus admit that an approximation of it may leak and we focus on hiding its precise value. Some standards such as TLS or SSH offer to do it by applying ...
