eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
15
10.4230/DagSemProc.07021.1
article
07021 Abstracts Collection – Symmetric Cryptography
Biham, Eli
Handschuh, Helena
Lucks, Stefan
Rijmen, Vincent
From .. to .., the Dagstuhl Seminar 07021 ``Symmetric Cryptography'' automatically
was held in the International Conference and Research Center (IBFI),
Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.1/DagSemProc.07021.1.pdf
Authenticity
Integrity
Privacy
Block Ciphers
Stream Ciphers
Hash Functions
Provable Security
Cryptanalysis
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
3
10.4230/DagSemProc.07021.2
article
07021 Executive Summary – Symmetric Cryptography
Biham, Eli
Handschuh, Helena
Lucks, Stefan
Rijmen, Vincent
The Seminar brought together about 35 researchers from industry and
academia. Most of the participants came from different European countries,
but quite a few also came from America and Asia. Almost all the
participants gave a presentation. Most of them gave a "regular" talk of
30 to 50 minutes (including discussion time), some gave a "rump session"
talk, and a few even gave two presentations, a regular one and another
at the rump session.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.2/DagSemProc.07021.2.pdf
Authenticity
Integrity
Privacy
Block Ciphers
Stream Ciphers
Hash Functions
Provable Security
Cryptanalysis
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
14
10.4230/DagSemProc.07021.3
article
A Collision-Resistant Rate-1 Double-Block-Length Hash Function
Lucks, Stefan
This paper proposes a construction for collision resistant
$2n$-bit hash functions, based
on $n$-bit block ciphers with $2n$-bit keys. The construction is analysed
in the ideal cipher model; for $n=128$ an adversary would need roughly
$2^{122}$ units of time to find a collision.
The construction employs ``combinatorial'' hashing
as an underlying building block (like
Universal Hashing for cryptographic
message authentication by Wegman and Carter).
The construction runs at rate~1, thus improving on a similar
rate~1/2 approach by Hirose (FSE 2006).
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.3/DagSemProc.07021.3.pdf
Hash function
provable security
double-block-length
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
11
10.4230/DagSemProc.07021.4
article
A Key-Recovery Attack on SOBER-128
Nyberg, Kaisa
Hakala, Risto
In this talk we consider linear approximations of layered cipher constructions with secret key-dependent constants that are inserted between layers, and where the layers have strong interdependency. Then clearly, averaging over the constant would clearly be wrong as it will break the interdependencies, and the Piling Up-lemma cannot be used. We show how to use linear approximations to divide the constants into constant classes, not necessary determined by a linear relation. As an example, a nonlinear filter generator SOBER-128 is considered and we show how to extend Matsui's Algorithm I in this case. Also the possibility of using multiple linear approximations simultaneously is considered.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.4/DagSemProc.07021.4.pdf
Linear approximations
correlation
linear cryptanalysis
key recovery attack
piling-up lemma
SOBER-128
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
9
10.4230/DagSemProc.07021.5
article
Block and Stream Ciphers and the Creatures in Between
Biryukov, Alex
In this paper we define a notion of leak extraction from a block cipher. We demonstrate this new concept on an example of AES. A result is LEX: a simple AES-based stream cipher which is at least 2.5 times faster than AES both in software and in hardware.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.5/DagSemProc.07021.5.pdf
Stream ciphers
block ciphers
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
4
10.4230/DagSemProc.07021.6
article
Cryptographic Shuffling of Random and Pseudorandom Sequences
Dichtl, Markus
This papers studies methods to improve the cryptographic quality of
random or pseudorandom sequences by modifying the order of the original
sequence. A new algorithm Cryshu is suggested, which produces its shuffled
output data at the rate of the input data.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.6/DagSemProc.07021.6.pdf
Shuffling stream-cipher
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
19
10.4230/DagSemProc.07021.7
article
Design and Primitive Specification for Shannon
Rose, Gregory G.
Hawkes, Philip
Paddon, Michael
McDonald, Cameron
Wiggers de Vries, Miriam
Shannon is a synchronous stream cipher with message authentication functionality, designed according to the ECrypt NoE call for stream cipher primitives, profile 1A (but well after the call).
Shannon is named in memory of Claude E. Shannon of Bell Labs and MIT, founder of Information Theory. Shannon is an entirely new design, influenced by members of the SOBER family of stream ciphers, Helix, Trivium, Scream, and SHA-256. It consists of a single 32-bit wide, 16 element nonlinear feedback shift register, which is supplemented for message authentication with 32 parallel CRC-16 registers.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.7/DagSemProc.07021.7.pdf
Stream cipher
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
6
10.4230/DagSemProc.07021.8
article
How Fast can be Algebraic Attacks on Block Ciphers?
Courtois, Nicolas T.
In my talk I did overwiev the area of algebraic attacks on block ciphers, explain what fast algebraic attacks on block cipher are, and what results can already be achieved. This covers a vast amount of work (several papers, most of them not published) that I cannot include here in totality due to the lack of space.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.8/DagSemProc.07021.8.pdf
Algebraic Attacks On Block Ciphers
XSL attacks
AES
DES
SAT Solvers
T' method
GrÃƒÂ¶bner bases
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
20
10.4230/DagSemProc.07021.9
article
QUAD: Overview and Recent Developments
Arditti, David
Berbain, Côme
Billet, Olivier
Gilbert, Henri
Patarin, Jacques
We give an outline of the specification and provable security
features of the QUAD stream cipher proposed at Eurocrypt 2006.
The cipher relies on the iteration of a multivariate system of quadratic
equations over a finite field, typically GF(2) or a small extension. In the
binary case, the security of the keystream generation can be related, in
the concrete security model, to the conjectured intractability of the MQ
problem of solving a random system of m equations in n unknowns. We
show that this security reduction can be extended to incorporate the key
and IV setup and provide a security argument related to the whole stream
cipher.We also briefly address software and hardware performance issues
and show that if one is willing to pseudorandomly generate the systems
of quadratic polynomials underlying the cipher, this leads to suprisingly
inexpensive hardware implementations of QUAD.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.9/DagSemProc.07021.9.pdf
MQ problem
stream cipher
provable security
GrÃƒÂ¶bner basis
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
6
10.4230/DagSemProc.07021.10
article
Tightness of the Security Bound of CENC
Iwata, Tetsu
This talk presents an overview of recently developed
encryption mode for blockciphers, called CENC.
CENC has the following advantages:
(1) beyond the birthday bound security,
(2) security proofs with the standard PRP assumption,
(3) highly efficient,
(4) single blockcipher key,
(5) fully parallelizable,
(6) allows precomputation of keystream, and
(7) allows random access.
Then we discuss the tightness of its security bound,
and give a partial answer to the open problem posed
at FSE 2006.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.10/DagSemProc.07021.10.pdf
Encryption mode
blockcipher
CENC
provable security
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2007-06-06
7021
1
14
10.4230/DagSemProc.07021.11
article
Why IV Setup for Stream Ciphers is Difficult
Zenner, Erik
In recent years, the initialization vector (IV) setup has proven to be the most vulnerable point when designing secure stream ciphers. In this paper, we take a look at possible reasons why this is the case, identifying numerous open research problems in cryptography.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol07021/DagSemProc.07021.11/DagSemProc.07021.11.pdf
Stream cipher
IV setup