20 Search Results for "Rogaway, Phillip"


Document
Privacy and Security in an Age of Surveillance (Dagstuhl Perspectives Workshop 14401)

Authors: Bart Preneel, Phillip Rogaway, Mark D. Ryan, and Peter Y. A. Ryan

Published in: Dagstuhl Reports, Volume 4, Issue 9 (2015)


Abstract
The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence agencies are not only pursuing passive surveillance over the world's communication systems, but are also seeking to facilitate such surveillance by undermining the security of the internet and communications technologies. Thus the activities of these agencies threatens not only the rights of individual citizens but also the fabric of democratic society. Intelligence services do have a useful role to play in protecting society and for this need the capabilities and authority to perform targeted surveillance. But the scope of such surveillance must be strictly limited by an understanding of its costs as well as benefits, and it should not impinge on the privacy rights of citizens any more than necessary. Here we report on a recent Dagstuhl Perspectives Workshop addressing these issues - a four-day gathering of experts from multiple disciplines connected with privacy and security. The meeting explored the scope of mass-surveillance and the deliberate undermining of the security of the internet, defined basic principles that should underlie needed reforms, and discussed the potential for technical, legal and regulatory means to help restore the security of the internet and stem infringement of human-rights by ubiquitous electronic surveillance.

Cite as

Bart Preneel, Phillip Rogaway, Mark D. Ryan, and Peter Y. A. Ryan. Privacy and Security in an Age of Surveillance (Dagstuhl Perspectives Workshop 14401). In Dagstuhl Reports, Volume 4, Issue 9, pp. 106-123, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2015)


Copy BibTex To Clipboard

@Article{preneel_et_al:DagRep.4.9.106,
  author =	{Preneel, Bart and Rogaway, Phillip and Ryan, Mark D. and Ryan, Peter Y. A.},
  title =	{{Privacy and Security in an Age of Surveillance (Dagstuhl Perspectives Workshop 14401)}},
  pages =	{106--123},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2015},
  volume =	{4},
  number =	{9},
  editor =	{Preneel, Bart and Rogaway, Phillip and Ryan, Mark D. and Ryan, Peter Y. A.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagRep.4.9.106},
  URN =		{urn:nbn:de:0030-drops-48882},
  doi =		{10.4230/DagRep.4.9.106},
  annote =	{Keywords: Big data, encryption, mass surveillance, privacy}
}
Document
Symmetric Cryptography (Dagstuhl Seminar 12031)

Authors: Frederik Armknecht, Stefan Lucks, Bart Preneel, and Phillip Rogaway

Published in: Dagstuhl Reports, Volume 2, Issue 1 (2012)


Abstract
From 15.01.12 to 20.01.12, the Seminar 12031 in "Symmetric Cryptography" was held in Schloss Dagstuhl -- Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available.

Cite as

Frederik Armknecht, Stefan Lucks, Bart Preneel, and Phillip Rogaway. Symmetric Cryptography (Dagstuhl Seminar 12031). In Dagstuhl Reports, Volume 2, Issue 1, pp. 39-49, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2012)


Copy BibTex To Clipboard

@Article{armknecht_et_al:DagRep.2.1.39,
  author =	{Armknecht, Frederik and Lucks, Stefan and Preneel, Bart and Rogaway, Phillip},
  title =	{{Symmetric Cryptography (Dagstuhl Seminar 12031)}},
  pages =	{39--49},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2012},
  volume =	{2},
  number =	{1},
  editor =	{Armknecht, Frederik and Lucks, Stefan and Preneel, Bart and Rogaway, Phillip},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagRep.2.1.39},
  URN =		{urn:nbn:de:0030-drops-34569},
  doi =		{10.4230/DagRep.2.1.39},
  annote =	{Keywords: Hash functions, Feistel networks, BLAKE, KLEIN, Keccak, IDEA, GCM, EAXprime, TLS, KISS}
}
Document
Mini-ciphers: a reliable testbed for cryptanalysis?

Authors: Jorge Nakahara and Daniel Santana de Freitas

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
This paper reports on higher-order square analysis of the AES cipher. We present experimental results of attack simulations on mini-AES versions with word sizes of 3, 4, 5, 6 and 7 bits and describe the propagation of higher-order Lambda-sets inside some of these distinguishers. A possible explanation of the length of the square distinguishers uses the concept of higher-order derivatives of discrete mappings.

Cite as

Jorge Nakahara and Daniel Santana de Freitas. Mini-ciphers: a reliable testbed for cryptanalysis?. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-13, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{nakahara_et_al:DagSemProc.09031.9,
  author =	{Nakahara, Jorge and Santana de Freitas, Daniel},
  title =	{{Mini-ciphers: a reliable testbed for cryptanalysis?}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--13},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.9},
  URN =		{urn:nbn:de:0030-drops-19614},
  doi =		{10.4230/DagSemProc.09031.9},
  annote =	{Keywords: Mini-ciphers, higher-order square attacks}
}
Document
09031 Abstracts Collection – Symmetric Cryptography

Authors: Helena Handschuh, Stefan Lucks, Bart Preneel, and Phillip Rogaway

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
From 11.01.09 to 16.01.09, the Seminar 09031 in ``Symmetric Cryptography '' was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available.

Cite as

Helena Handschuh, Stefan Lucks, Bart Preneel, and Phillip Rogaway. 09031 Abstracts Collection – Symmetric Cryptography. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-17, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{handschuh_et_al:DagSemProc.09031.1,
  author =	{Handschuh, Helena and Lucks, Stefan and Preneel, Bart and Rogaway, Phillip},
  title =	{{09031 Abstracts Collection – Symmetric Cryptography }},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--17},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.1},
  URN =		{urn:nbn:de:0030-drops-19603},
  doi =		{10.4230/DagSemProc.09031.1},
  annote =	{Keywords: Symmetric cryptography, symmetric primitives and cryptoschemes, hash functions, block ciphers, stream ciphers}
}
Document
09031 Executive Summary – Symmetric Cryptography

Authors: Helena Handschuh, Stefan Lucks, Bart Preneel, and Phillip Rogaway

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
Research in Symmetric Cryptography is quickly evolving. The seminar was the second of its kind, the first one took place in 2007. We observe a steadily increasing interest in Symmetric Cryptography, as well as a growing practical demand for symmetric algorithms and protocols. The seminar was very successful in discussing recent results and sharing new ideas. Furthermore, it inspired the participants to consider how Symmetric Cryptography has evolved in the past, and how they would like it to evolve in the future.

Cite as

Helena Handschuh, Stefan Lucks, Bart Preneel, and Phillip Rogaway. 09031 Executive Summary – Symmetric Cryptography. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{handschuh_et_al:DagSemProc.09031.2,
  author =	{Handschuh, Helena and Lucks, Stefan and Preneel, Bart and Rogaway, Phillip},
  title =	{{09031 Executive Summary – Symmetric Cryptography}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--3},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.2},
  URN =		{urn:nbn:de:0030-drops-19590},
  doi =		{10.4230/DagSemProc.09031.2},
  annote =	{Keywords: Symmetric cryptography, symmetric primitives and cryptoschemes, hash functions, block ciphers, stream ciphers}
}
Document
Algebraic Attacks against Linear RFID Authentication Protocols

Authors: Matthias Krause and Dirk Stegemann

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
The limited computational resources available on RFID tags imply a need for specially designed authentication protocols. The light weight authentication protocol $extsf{HB}^+$ proposed by Juels and Weis seems currently secure for several RFID applications, but is too slow for many practical settings. As a possible alternative, authentication protocols based on choosing random elements from $L$ secret linear $n$-dimensional subspaces of $GF(2)^{n+k}$ (so called linear $(n,k,L)$-protocols), have been considered. We show that to a certain extent, these protocols are vulnerable to algebraic attacks. Particularly, our approach allows to break Cicho'{n}, Klonowski and Kutyl owski's $ extsf{CKK}^2$-protocol, a special linear $(n,k,2)$-protocol, for practically recommended parameters in less than a second on a standard PC. Moreover, we show that even unrestricted $(n,k,L)$-protocols can be efficiently broken if $L$ is too small.

Cite as

Matthias Krause and Dirk Stegemann. Algebraic Attacks against Linear RFID Authentication Protocols. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-18, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{krause_et_al:DagSemProc.09031.3,
  author =	{Krause, Matthias and Stegemann, Dirk},
  title =	{{Algebraic Attacks against Linear RFID Authentication Protocols}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--18},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.3},
  URN =		{urn:nbn:de:0030-drops-19576},
  doi =		{10.4230/DagSemProc.09031.3},
  annote =	{Keywords: RFID Authentication, HB+, CKK, CKK2}
}
Document
Cache Timing Analysis of eStream Finalists

Authors: Erik Zenner

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
Cache Timing Attacks have attracted a lot of cryptographic attention due to their relevance for the AES. However, their applicability to other cryptographic primitives is less well researched. In this talk, we give an overview over our analysis of the stream ciphers that were selected for phase 3 of the eStream project.

Cite as

Erik Zenner. Cache Timing Analysis of eStream Finalists. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-8, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{zenner:DagSemProc.09031.4,
  author =	{Zenner, Erik},
  title =	{{Cache Timing Analysis of eStream Finalists}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--8},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.4},
  URN =		{urn:nbn:de:0030-drops-19437},
  doi =		{10.4230/DagSemProc.09031.4},
  annote =	{Keywords: Cache timing attacks, stream ciphers}
}
Document
Classification of the SHA-3 Candidates

Authors: Ewan Fleischmann, Christian Forler, and Michael Gorski

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
In this note we give an overview on the current state of the SHA-3 candidates. First, we classify all publicly known candidates and, second, we outline and summarize the performance data as given in the candidates documentation for $64$-bit and $32$-bit implementations. We define performance classes and classify the hash algorithms. Note, that this article will be updated as soon as new candidates arrive or new cryptanalytic results get published. Comments to the authors of this article are welcome.

Cite as

Ewan Fleischmann, Christian Forler, and Michael Gorski. Classification of the SHA-3 Candidates. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-11, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{fleischmann_et_al:DagSemProc.09031.5,
  author =	{Fleischmann, Ewan and Forler, Christian and Gorski, Michael},
  title =	{{Classification of the SHA-3 Candidates}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--11},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.5},
  URN =		{urn:nbn:de:0030-drops-19482},
  doi =		{10.4230/DagSemProc.09031.5},
  annote =	{Keywords: Hash function, SHA-3, classification}
}
Document
Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium

Authors: Jean-Philippe Aumasson, Itai Dinur, Willi Meier, and Adi Shamir

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
CRYPTO 2008 saw the introduction of the hash function MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic functions having a low-degree algebraic normal form over GF(2). This paper applies cube attacks to reduced round MD6, finding the full 128-bit key of a 14-round MD6 with complexity 2\^22 (which takes less than a minute on a single PC). This is the best key recovery attack announced so far for MD6. We then introduce a new class of attacks called cube testers, based on efficient property-testing algorithms, and apply them to MD6 and to the stream cipher Trivium. Unlike the standard cube attacks, cube testers detect nonrandom behavior rather than performing key extraction, but they can also attack cryptographic schemes described by nonrandom polynomials of relatively high degree. Applied to MD6, cube testers detect nonrandomness over 18 rounds in 2\^17 complexity; applied to a slightly modified version of the MD6 compression function, they can distinguish 66 rounds from random in 2\^24 complexity. Cube testers give distinguishers on Trivium reduced to 790 rounds from random with 2^30 complexity and detect nonrandomness over 885 rounds in 2\^27, improving on the original 767-round cube attack.

Cite as

Jean-Philippe Aumasson, Itai Dinur, Willi Meier, and Adi Shamir. Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{aumasson_et_al:DagSemProc.09031.6,
  author =	{Aumasson, Jean-Philippe and Dinur, Itai and Meier, Willi and Shamir, Adi},
  title =	{{Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--22},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.6},
  URN =		{urn:nbn:de:0030-drops-19443},
  doi =		{10.4230/DagSemProc.09031.6},
  annote =	{Keywords: Cube attacks, property testing, MD6, Trivium}
}
Document
Grøstl - a SHA-3 candidate

Authors: Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
Grøstl is a SHA-3 candidate proposal. Grøstl is an iterated hash function with a compression function built from two fixed, large, distinct permutations. The design of Grøstl is transparent and based on principles very different from those used in the SHA-family. The two permutations are constructed using the wide trail design strategy, which makes it possible to give strong statements about the resistance of Grøstl against large classes of cryptanalytic attacks. Moreover, if these permutations are assumed to be ideal, there is a proof for the security of the hash function. Grøstl is a byte-oriented SP-network which borrows components from the AES. The S-box used is identical to the one used in the block cipher AES and the diffusion layers are constructed in a similar manner to those of the AES. As a consequence there is a very strong confusion and diffusion in Grøstl. Grøstl is a so-called wide-pipe construction where the size of the internal state is significantly larger than the size of the output. This has the effect that all known, generic attacks on the hash function are made much more difficult. Grøstl has good performance on a wide range of platforms and counter-measures against side-channel attacks are well-understood from similar work on the AES.

Cite as

Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen. Grøstl - a SHA-3 candidate. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-33, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{gauravaram_et_al:DagSemProc.09031.7,
  author =	{Gauravaram, Praveen and Knudsen, Lars R. and Matusiewicz, Krystian and Mendel, Florian and Rechberger, Christian and Schl\"{a}ffer, Martin and Thomsen, S{\o}ren S.},
  title =	{{Gr{\o}stl - a SHA-3 candidate}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--33},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.7},
  URN =		{urn:nbn:de:0030-drops-19554},
  doi =		{10.4230/DagSemProc.09031.7},
  annote =	{Keywords: SHA-3 proposal, hash function}
}
Document
Internal collision attack on Maraca

Authors: Anne Canteaut and Maria Naya-Plasencia

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
We present an internal collision attack against the new hash function Maraca which has been submitted to the SHA-3 competition. This attack requires 2^{237} calls to the round function and its complexity is lower than the complexity of the generic collision attack when the length of the message digest is greater than or equal to 512. It is shown that this cryptanalysis mainly exploits some particular differential properties of the inner permutation, which are in some sense in contradiction with the usual security criterion which guarantees the resistance to differential attacks.

Cite as

Anne Canteaut and Maria Naya-Plasencia. Internal collision attack on Maraca. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{canteaut_et_al:DagSemProc.09031.8,
  author =	{Canteaut, Anne and Naya-Plasencia, Maria},
  title =	{{Internal collision attack on Maraca}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--15},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.8},
  URN =		{urn:nbn:de:0030-drops-19538},
  doi =		{10.4230/DagSemProc.09031.8},
  annote =	{Keywords: Hash function, collision attack, differential cryptanalysis, Boolean function}
}
Document
MutantXL: Solving Multivariate Polynomial Equations for Cryptanalysis

Authors: Johannes A. Buchmann, Jintai Ding, Mohamed Saied Emam Mohamed, and Wael Said Abd Elmageed Mohamed

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
MutantXL is an algorithm for solving systems of polynomial equations that was proposed at SCC 2008 and improved in PQC 2008. This article gives an overview over the MutantXL algorithm. It also presents experimental results comparing the behavior of the MutantXL algorithm to the $F_4$ algorithm on HFE and randomly generated multivariate systems. In both cases MutantXL is faster and uses less memory than the Magma's implementation of $F_4$.

Cite as

Johannes A. Buchmann, Jintai Ding, Mohamed Saied Emam Mohamed, and Wael Said Abd Elmageed Mohamed. MutantXL: Solving Multivariate Polynomial Equations for Cryptanalysis. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-7, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{buchmann_et_al:DagSemProc.09031.10,
  author =	{Buchmann, Johannes A. and Ding, Jintai and Mohamed, Mohamed Saied Emam and Mohamed, Wael Said Abd Elmageed},
  title =	{{MutantXL: Solving Multivariate Polynomial Equations for Cryptanalysis}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--7},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.10},
  URN =		{urn:nbn:de:0030-drops-19456},
  doi =		{10.4230/DagSemProc.09031.10},
  annote =	{Keywords: Multivariate systems, MutantXL}
}
Document
Parallel Generation of l-Sequences

Authors: Andrea Röck and Cédric Lauradoux

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
The generation of pseudo-random sequences at a high rate is an important issue in modern communication schemes. The representation of a sequence can be scaled by decimation to obtain parallelism and more precisely a sub-sequences generator. Sub-sequences generators and therefore decimation have been extensively used in the past for linear feedback shift registers (LFSRs). However, the case of automata with a non linear feedback is still in suspend. In this work, we have studied how to transform of a feedback with carry shift register (FCSR) into a sub-sequences generator. We examine two solutions for this transformation, one based on the decimation properties of $ell$-sequences, extit{i.e.} FCSR sequences with maximal period, and the other one based on multiple steps implementation. We show that the solution based on the decimation properties leads to much more costly results than in the case of LFSRs. For the multiple steps implementation, we show how the propagation of carries affects the design. par This work represents a cooperation with Cédric Lauradoux and was presented at the international conference on SEquences and Their Applications (SETA) 2008.

Cite as

Andrea Röck and Cédric Lauradoux. Parallel Generation of l-Sequences. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-6, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{rock_et_al:DagSemProc.09031.11,
  author =	{R\"{o}ck, Andrea and Lauradoux, C\'{e}dric},
  title =	{{Parallel Generation of l-Sequences}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--6},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.11},
  URN =		{urn:nbn:de:0030-drops-19569},
  doi =		{10.4230/DagSemProc.09031.11},
  annote =	{Keywords: Sequences, synthesis, decimation, parallelism, LFSRs, FCSRs}
}
Document
Practical Collisions for EnRUPT

Authors: Sebastiaan Indesteege and Bart Preneel

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
The EnRUPT hash functions were proposed by O'Neil, Nohl and Henzen as candidates for the SHA-3 competition, organised by NIST. The proposal contains seven hash functions, each having a different digest length. We present a practical collision attack on all of these seven EnRUPT variants. The time complexity of our attack varies from $2^{36}$ to $2^{40}$ round computations, depending on the EnRUPT variant, and the memory requirements are negligible. We demonstrate that our attack is practical by giving an actual collision example for EnRUPT-256.

Cite as

Sebastiaan Indesteege and Bart Preneel. Practical Collisions for EnRUPT. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{indesteege_et_al:DagSemProc.09031.12,
  author =	{Indesteege, Sebastiaan and Preneel, Bart},
  title =	{{Practical Collisions for EnRUPT}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--15},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.12},
  URN =		{urn:nbn:de:0030-drops-19509},
  doi =		{10.4230/DagSemProc.09031.12},
  annote =	{Keywords: EnRUPT, SHA-3 candidate, hash function, collision attack}
}
Document
Practical Preimages for Maraca

Authors: Sebastiaan Indesteege and Bart Preneel

Published in: Dagstuhl Seminar Proceedings, Volume 9031, Symmetric Cryptography (2009)


Abstract
We show a practical preimage attack on the cryptographic hash function Maraca, which was submitted as a candidate to the NIST SHA-3 competition. Our attack has been verified experimentially.

Cite as

Sebastiaan Indesteege and Bart Preneel. Practical Preimages for Maraca. In Symmetric Cryptography. Dagstuhl Seminar Proceedings, Volume 9031, pp. 1-2, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


Copy BibTex To Clipboard

@InProceedings{indesteege_et_al:DagSemProc.09031.13,
  author =	{Indesteege, Sebastiaan and Preneel, Bart},
  title =	{{Practical Preimages for Maraca}},
  booktitle =	{Symmetric Cryptography},
  pages =	{1--2},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2009},
  volume =	{9031},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagSemProc.09031.13},
  URN =		{urn:nbn:de:0030-drops-19512},
  doi =		{10.4230/DagSemProc.09031.13},
  annote =	{Keywords: Maraca, hash function, preimage attack}
}
  • Refine by Author
  • 7 Preneel, Bart
  • 4 Rogaway, Phillip
  • 3 Indesteege, Sebastiaan
  • 3 Lucks, Stefan
  • 2 Bertoni, Guido
  • Show More...

  • Refine by Classification

  • Refine by Keyword
  • 5 hash function
  • 3 Hash function
  • 3 stream ciphers
  • 2 SHA-3
  • 2 SHA-3 candidate
  • Show More...

  • Refine by Type
  • 20 document

  • Refine by Publication Year
  • 18 2009
  • 1 2012
  • 1 2015

Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail