Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.
DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.
TCHo is a public-key cryptosystem based on the hardness of finding a multiple polynomial with low weight and on the hardness of distinguishing between the output of an LFSR with noise and some random source. An early version was proposed in 2006 by Finiasz ...
In this article we present a lattice attack done on a NTRU-like scheme introduced by Verkhovsky in [1]. We show how, based on the relation between the public and private key, we can construct an attack which allows any passive adversary to decrypt the encr ...
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the ideal random cipher C∗ based on all bits. In EUROCRYPT '99, ...
The contributions of this paper are new 6-round impossible-differential (ID) and 9.75-round known-key distinguishers for the 3D block cipher. The former was constructed using the miss-in-the-middle technique, while the latter with an inside-out technique. ...
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose ro ...
he Vaudenay model for RFID privacy from Asiacrypt 2007 suffers from the impossibility to address strong privacy. It has however been shown by Ng et al. at ESORICS 2008 that the impossibility result leads to no practical threat, so that the definition from ...
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C* based on all bits. Vaudenay showed that a 2d-dec ...
We define a new primitive, input-aware equivocable commitment, baring similar hardness assumptions as plaintext-aware encryption and featuring equivocability. We construct an actual input-aware equivocable commitment protocol, based on a flavor of Diffie-H ...
Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C^*. A b ...
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions a ...
