Dagstuhl Seminar Proceedings, Volume 7021



Publication Details

  • published at: 2007-06-06
  • Publisher: Schloss Dagstuhl – Leibniz-Zentrum für Informatik

Access Numbers

Documents

No documents found matching your filter selection.
Document
07021 Abstracts Collection – Symmetric Cryptography

Authors: Eli Biham, Helena Handschuh, Stefan Lucks, and Vincent Rijmen


Abstract
From .. to .., the Dagstuhl Seminar 07021 ``Symmetric Cryptography'' automatically was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available.

Cite as

Eli Biham, Helena Handschuh, Stefan Lucks, and Vincent Rijmen. 07021 Abstracts Collection – Symmetric Cryptography. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{biham_et_al:DagSemProc.07021.1,
  author =	{Biham, Eli and Handschuh, Helena and Lucks, Stefan and Rijmen, Vincent},
  title =	{{07021 Abstracts Collection – Symmetric Cryptography}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--15},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.1},
  URN =		{urn:nbn:de:0030-drops-10373},
  doi =		{10.4230/DagSemProc.07021.1},
  annote =	{Keywords: Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Provable Security, Cryptanalysis}
}
Document
07021 Executive Summary – Symmetric Cryptography

Authors: Eli Biham, Helena Handschuh, Stefan Lucks, and Vincent Rijmen


Abstract
The Seminar brought together about 35 researchers from industry and academia. Most of the participants came from different European countries, but quite a few also came from America and Asia. Almost all the participants gave a presentation. Most of them gave a "regular" talk of 30 to 50 minutes (including discussion time), some gave a "rump session" talk, and a few even gave two presentations, a regular one and another at the rump session.

Cite as

Eli Biham, Helena Handschuh, Stefan Lucks, and Vincent Rijmen. 07021 Executive Summary – Symmetric Cryptography. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{biham_et_al:DagSemProc.07021.2,
  author =	{Biham, Eli and Handschuh, Helena and Lucks, Stefan and Rijmen, Vincent},
  title =	{{07021 Executive Summary – Symmetric Cryptography}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--3},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.2},
  URN =		{urn:nbn:de:0030-drops-10204},
  doi =		{10.4230/DagSemProc.07021.2},
  annote =	{Keywords: Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Provable Security, Cryptanalysis}
}
Document
A Collision-Resistant Rate-1 Double-Block-Length Hash Function

Authors: Stefan Lucks


Abstract
This paper proposes a construction for collision resistant $2n$-bit hash functions, based on $n$-bit block ciphers with $2n$-bit keys. The construction is analysed in the ideal cipher model; for $n=128$ an adversary would need roughly $2^{122}$ units of time to find a collision. The construction employs ``combinatorial'' hashing as an underlying building block (like Universal Hashing for cryptographic message authentication by Wegman and Carter). The construction runs at rate~1, thus improving on a similar rate~1/2 approach by Hirose (FSE 2006).

Cite as

Stefan Lucks. A Collision-Resistant Rate-1 Double-Block-Length Hash Function. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{lucks:DagSemProc.07021.3,
  author =	{Lucks, Stefan},
  title =	{{A Collision-Resistant Rate-1 Double-Block-Length Hash Function}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--14},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.3},
  URN =		{urn:nbn:de:0030-drops-10172},
  doi =		{10.4230/DagSemProc.07021.3},
  annote =	{Keywords: Hash function, provable security, double-block-length}
}
Document
A Key-Recovery Attack on SOBER-128

Authors: Kaisa Nyberg and Risto Hakala


Abstract
In this talk we consider linear approximations of layered cipher constructions with secret key-dependent constants that are inserted between layers, and where the layers have strong interdependency. Then clearly, averaging over the constant would clearly be wrong as it will break the interdependencies, and the Piling Up-lemma cannot be used. We show how to use linear approximations to divide the constants into constant classes, not necessary determined by a linear relation. As an example, a nonlinear filter generator SOBER-128 is considered and we show how to extend Matsui's Algorithm I in this case. Also the possibility of using multiple linear approximations simultaneously is considered.

Cite as

Kaisa Nyberg and Risto Hakala. A Key-Recovery Attack on SOBER-128. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-11, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{nyberg_et_al:DagSemProc.07021.4,
  author =	{Nyberg, Kaisa and Hakala, Risto},
  title =	{{A Key-Recovery Attack on SOBER-128}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--11},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.4},
  URN =		{urn:nbn:de:0030-drops-10188},
  doi =		{10.4230/DagSemProc.07021.4},
  annote =	{Keywords: Linear approximations, correlation, linear cryptanalysis, key recovery attack, piling-up lemma, SOBER-128}
}
Document
Block and Stream Ciphers and the Creatures in Between

Authors: Alex Biryukov


Abstract
In this paper we define a notion of leak extraction from a block cipher. We demonstrate this new concept on an example of AES. A result is LEX: a simple AES-based stream cipher which is at least 2.5 times faster than AES both in software and in hardware.

Cite as

Alex Biryukov. Block and Stream Ciphers and the Creatures in Between. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-9, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{biryukov:DagSemProc.07021.5,
  author =	{Biryukov, Alex},
  title =	{{Block and Stream Ciphers and the Creatures in Between}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--9},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.5},
  URN =		{urn:nbn:de:0030-drops-10387},
  doi =		{10.4230/DagSemProc.07021.5},
  annote =	{Keywords: Stream ciphers, block ciphers}
}
Document
Cryptographic Shuffling of Random and Pseudorandom Sequences

Authors: Markus Dichtl


Abstract
This papers studies methods to improve the cryptographic quality of random or pseudorandom sequences by modifying the order of the original sequence. A new algorithm Cryshu is suggested, which produces its shuffled output data at the rate of the input data.

Cite as

Markus Dichtl. Cryptographic Shuffling of Random and Pseudorandom Sequences. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{dichtl:DagSemProc.07021.6,
  author =	{Dichtl, Markus},
  title =	{{Cryptographic Shuffling of Random and Pseudorandom Sequences}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.6},
  URN =		{urn:nbn:de:0030-drops-10141},
  doi =		{10.4230/DagSemProc.07021.6},
  annote =	{Keywords: Shuffling stream-cipher}
}
Document
Design and Primitive Specification for Shannon

Authors: Gregory G. Rose, Philip Hawkes, Michael Paddon, Cameron McDonald, and Miriam Wiggers de Vries


Abstract
Shannon is a synchronous stream cipher with message authentication functionality, designed according to the ECrypt NoE call for stream cipher primitives, profile 1A (but well after the call). Shannon is named in memory of Claude E. Shannon of Bell Labs and MIT, founder of Information Theory. Shannon is an entirely new design, influenced by members of the SOBER family of stream ciphers, Helix, Trivium, Scream, and SHA-256. It consists of a single 32-bit wide, 16 element nonlinear feedback shift register, which is supplemented for message authentication with 32 parallel CRC-16 registers.

Cite as

Gregory G. Rose, Philip Hawkes, Michael Paddon, Cameron McDonald, and Miriam Wiggers de Vries. Design and Primitive Specification for Shannon. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-19, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{rose_et_al:DagSemProc.07021.7,
  author =	{Rose, Gregory G. and Hawkes, Philip and Paddon, Michael and McDonald, Cameron and Wiggers de Vries, Miriam},
  title =	{{Design and Primitive Specification for Shannon}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--19},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.7},
  URN =		{urn:nbn:de:0030-drops-10198},
  doi =		{10.4230/DagSemProc.07021.7},
  annote =	{Keywords: Stream cipher}
}
Document
How Fast can be Algebraic Attacks on Block Ciphers?

Authors: Nicolas T. Courtois


Abstract
In my talk I did overwiev the area of algebraic attacks on block ciphers, explain what fast algebraic attacks on block cipher are, and what results can already be achieved. This covers a vast amount of work (several papers, most of them not published) that I cannot include here in totality due to the lack of space.

Cite as

Nicolas T. Courtois. How Fast can be Algebraic Attacks on Block Ciphers?. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-6, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{courtois:DagSemProc.07021.8,
  author =	{Courtois, Nicolas T.},
  title =	{{How Fast can be Algebraic Attacks on Block Ciphers?}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--6},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.8},
  URN =		{urn:nbn:de:0030-drops-10130},
  doi =		{10.4230/DagSemProc.07021.8},
  annote =	{Keywords: Algebraic Attacks On Block Ciphers, XSL attacks, AES, DES, SAT Solvers, T' method, Gr\~{A}ƒ\^{A}¶bner bases}
}
Document
QUAD: Overview and Recent Developments

Authors: David Arditti, Côme Berbain, Olivier Billet, Henri Gilbert, and Jacques Patarin


Abstract
We give an outline of the specification and provable security features of the QUAD stream cipher proposed at Eurocrypt 2006. The cipher relies on the iteration of a multivariate system of quadratic equations over a finite field, typically GF(2) or a small extension. In the binary case, the security of the keystream generation can be related, in the concrete security model, to the conjectured intractability of the MQ problem of solving a random system of m equations in n unknowns. We show that this security reduction can be extended to incorporate the key and IV setup and provide a security argument related to the whole stream cipher.We also briefly address software and hardware performance issues and show that if one is willing to pseudorandomly generate the systems of quadratic polynomials underlying the cipher, this leads to suprisingly inexpensive hardware implementations of QUAD.

Cite as

David Arditti, Côme Berbain, Olivier Billet, Henri Gilbert, and Jacques Patarin. QUAD: Overview and Recent Developments. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-20, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{arditti_et_al:DagSemProc.07021.9,
  author =	{Arditti, David and Berbain, C\^{o}me and Billet, Olivier and Gilbert, Henri and Patarin, Jacques},
  title =	{{QUAD: Overview and Recent Developments}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--20},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.9},
  URN =		{urn:nbn:de:0030-drops-10155},
  doi =		{10.4230/DagSemProc.07021.9},
  annote =	{Keywords: MQ problem, stream cipher, provable security, Gr\~{A}ƒ\^{A}¶bner basis}
}
Document
Tightness of the Security Bound of CENC

Authors: Tetsu Iwata


Abstract
This talk presents an overview of recently developed encryption mode for blockciphers, called CENC. CENC has the following advantages: (1) beyond the birthday bound security, (2) security proofs with the standard PRP assumption, (3) highly efficient, (4) single blockcipher key, (5) fully parallelizable, (6) allows precomputation of keystream, and (7) allows random access. Then we discuss the tightness of its security bound, and give a partial answer to the open problem posed at FSE 2006.

Cite as

Tetsu Iwata. Tightness of the Security Bound of CENC. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-6, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{iwata:DagSemProc.07021.10,
  author =	{Iwata, Tetsu},
  title =	{{Tightness of the Security Bound of CENC}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--6},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.10},
  URN =		{urn:nbn:de:0030-drops-10169},
  doi =		{10.4230/DagSemProc.07021.10},
  annote =	{Keywords: Encryption mode, blockcipher, CENC, provable security}
}
Document
Why IV Setup for Stream Ciphers is Difficult

Authors: Erik Zenner


Abstract
In recent years, the initialization vector (IV) setup has proven to be the most vulnerable point when designing secure stream ciphers. In this paper, we take a look at possible reasons why this is the case, identifying numerous open research problems in cryptography.

Cite as

Erik Zenner. Why IV Setup for Stream Ciphers is Difficult. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 7021, pp. 1-14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2007)


Copy BibTex To Clipboard

@InProceedings{zenner:DagSemProc.07021.11,
  author =	{Zenner, Erik},
  title =	{{Why IV Setup for Stream Ciphers is Difficult}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--14},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{7021},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.07021.11},
  URN =		{urn:nbn:de:0030-drops-10126},
  doi =		{10.4230/DagSemProc.07021.11},
  annote =	{Keywords: Stream cipher, IV setup}
}

Filters


Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail