Publication

Decorrelation: a theory for block cipher security

Related publications (55)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Improved Linear Cryptanalysis of Reduced-Round MIBS

Serge Vaudenay, Asli Bay, Jialin Huang

MIBS is a 32-round lightweight block cipher with 64-bit block size and two different key sizes, namely 64-bit and 80-bit keys. Bay et al. provided the first impossible differential, differential and linear cryptanalyses of MIBS. Their best attack was a lin ...

Springer2014

Revisiting Iterated Attacks in the Context of Decorrelation Theory

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C* based on all bits. Vaudenay showed that a 2d-dec ...

2014

Breaking the IOC Authenticated Encryption Mode

Serge Vaudenay, Reza Reyhanitabar, Paul Bottinelli

In this paper we cryptanalyse a block cipher mode of operation, called Input Output Chaining (IOC), designed by Recacha and submitted to NIST in 2013 for consideration as a lightweight authenticated encryption mode. We present an existential forgery attack ...

Springer International Publishing2014

Synthetic Linear Analysis with Applications to CubeHash and Rabbit

Serge Vaudenay, Willi Meier, Yi Lu

In linear cryptanalysis, it has been considered most important and difficult to analyze the bias and find a large bias. The demonstration of a large bias will usually imply that the target crypto-system is not strong. Regarding the bias analysis, researche ...

2012

Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-Lightweight Symmetric Primitives

Pouyan Sepehrdad

Symmetric cryptographic primitives such as block and stream ciphers are the building blocks in many cryptographic protocols. Having such blocks which provide provable security against various types of attacks is often hard. On the other hand, if possible, ...

EPFL2012

Recursive Diffusion Layers for Block Ciphers and Hash Functions

Pouyan Sepehrdad

Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions a ...

Springer2012

Synthetic Linear Analysis: Improved Attacks on CubeHash and Rabbit

Serge Vaudenay, Willi Meier, Yi Lu

It has been considered most important and difficult to analyze the bias and find a large bias regarding the security of crypto-systems, since the invention of linear cryptanalysis. The demonstration of a large bias will usually imply that the target crypto ...

Springer2011

Neutrality-Based Symmetric Cryptanalysis

Shahram Khazaei

Cryptographic primitives are the basic components of any cryptographic tool. Block ciphers, stream ciphers and hash functions are the fundamental primitives of symmetric cryptography. In symmetric cryptography, the communicating parties perform essentially ...

EPFL2010

Cryptanalysis of reduced-round MIBS Block cipher

Serge Vaudenay, Jorge Nakahara, Asli Bay

This paper presents the first independent and systematic lin- ear, differential and impossible-differential (ID) cryptanalyses of MIBS, a lightweight block cipher aimed at constrained devices such as RFID tags and sensor networks. Our contributions include ...

Springer2010

The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA

Cihangir Tezcan

In this paper we present a new statistical cryptanalytic technique that we call improbable differential cryptanalysis which uses a differential that is less probable when the correct key is used. We provide data complexity estimates for this kind of attack ...

Springer2010