Publication

Comparison of the Randomness Provided by Some AES Candidates

Related publications (34)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Breaking The FF3 Format-Preserving Encryption Standard Over Small Domains

Serge Vaudenay, Fatma Betül Durak

The National Institute of Standards and Technology (NIST) recently published a Format-Preserving Encryption standard accepting two Feistel structure based schemes called FF1 and FF3. Particularly, FF3 is a tweakable block cipher based on an 8-round Feistel ...

2017

Breaking the FF3 Format Preserving Encryption

Serge Vaudenay, Fatma Betül Durak

The NIST standard FF3 scheme (also known as BPS scheme) is a tweakable block cipher based on a 8-round Feistel Network. We break it with a practical attack. Our attack exploits the bad domain separation in FF3 design. The attack works with chosen plaintext ...

2017

Clever Arbiters Versus Malicious Adversaries

Serge Vaudenay

When moving from known-input security to chosen-input security, some generic attacks sometimes become possible and must be discarded by a specific set of rules in the threat model. Similarly, common practices consist of fixing security systems, once an exp ...

Springer Berlin Heidelberg2016

DES S-box generator

Serge Vaudenay, Lauren De Meyer

The Data Encryption Standard (DES) is a cryptographic algorithm, designed by IBM, that was selected to be the national standard in 1977 by the National Bureau of Standards. The algorithm itself was entirely published but the design criteria were kept secre ...

Taylor & Francis Inc2016

Efficient Recursive Diffusion Layers for Block Ciphers, and Hash Functions

Pouyan Sepehrdad

Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose ro ...

Springer2015

Boosting OMD for Almost Free Authentication of Associated Data

Serge Vaudenay, Damian Vizár, Reza Reyhanitabar

We propose pure OMD (p-OMD) as a new variant of the Offset Merkle-Damgård (OMD) authenticated encryption scheme. Our new scheme inherits all desirable security features of OMD while having a more compact structure and providing higher efficiency. The origi ...

Springer2015

Recursive Diffusion Layers for Block Ciphers and Hash Functions

Pouyan Sepehrdad

Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions a ...

Springer2012

Resistance against Adaptive Plaintext-Ciphertext Iterated Distinguishers

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C^*. A b ...

2012

Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes

Khaled Ouafi

In this paper, we analyze the first known provably secure Radio Frequency Identification (RFID) authentication schemes that are designed to provide forward untraceability and backward untraceability: the L-K and S-M schemes. We show how to trace tags in th ...

Springer Verlag2011

Neutrality-Based Symmetric Cryptanalysis

Shahram Khazaei

Cryptographic primitives are the basic components of any cryptographic tool. Block ciphers, stream ciphers and hash functions are the fundamental primitives of symmetric cryptography. In symmetric cryptography, the communicating parties perform essentially ...

EPFL2010