Personne

Thomas Baignères

Cette personne n’est plus à l’EPFL

Distinguishing Distributions Using Chernoff Information

Serge Vaudenay, Pouyan Sepehrdad, Thomas Baignères

In this paper, we study the soundness amplification by repetition of cryptographic protocols. As a tool, we use the Chernoff Information. We specify the number of attempts or samples required to distinguish two distributions efficiently in various protocol ...

Springer2010

Quantitative security of block ciphers : designs and cryptanalysis tools

Thomas Baignères

Block ciphers probably figure in the list of the most important cryptographic primitives. Although they are used for many different purposes, their essential goal is to ensure confidentiality. This thesis is concerned by their quantitative security, that i ...

EPFL2008

The Complexity of Distinguishing Distributions

Serge Vaudenay, Thomas Baignères

Cryptography often meets the problem of distinguishing distributions. In this paper we review techniques from hypothesis testing to express the advantage of the best distinguisher limited to a given number of samples. We link it with the Chernoff informati ...

Springer2008

Linear Cryptanalysis of Non Binary Ciphers (with an application to SAFER)

Serge Vaudenay, Thomas Baignères, Jacques Stern

In this paper we re-visit distinguishing attacks. We show how to generalize the notion of linear distinguisher to arbitrary sets. Our thesis is that our generalization is the most natural one. We compare it with the one by Granboulan et al. from FSE'06 by ...

Springer2007

Dial C for Cipher

Thomas Baignères

We introduce C, a practical provably secure block cipher with a slow key schedule. C is based on the same structure as AES but uses independent random substitution boxes instead of a fixed one. Its key schedule is based on the Blum-Blum-Shub pseudo-random ...

Springer2007

KFC - The Krazy Feistel Cipher

Thomas Baignères

We introduce KFC, a block cipher based on a three round Feistel scheme. Each of the three round functions has an SPN-like structure for which we can either compute or bound the advantage of the best d-limited adaptive distinguisher, for any value of d. Usi ...

2006

Proving the Security of AES Substitution-Permutation Network

Serge Vaudenay, Thomas Baignères

In this paper we study the substitution-permutation network (SPN) on which Rijndael is based. We introduce Rijndael*, a SPN identical to Rijndael except that fixed S-boxes are replaced by random and independent permutations. We prove that this construction ...

2005