Practical Key-Recovery Attack on MANTIS5
نویسندگان
چکیده
منابع مشابه
Practical Key-Recovery Attack on MANTIS5
MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2 less than 2 chosen plaintexts (or 2 known plaintexts), and computa...
متن کاملA Practical Key Recovery Attack on Basic TCHo
TCHo is a public key encryption scheme based on a stream cipher component, which is particular suitable for low cost devices like RFIDs. In its basic version, TCHo offers no IND-CCA2 security, but the authors suggest to use a generic hybrid construction to achieve this security level. The implementation of this method however, significantly increases the hardware complexity of TCHo and thus ann...
متن کاملKey Recovery Attack on QuiSci
QuiSci is incredible fast, faster than most other ciphers. On modern CPUs it needs only arround 1 clock cycle per byte, so it is 10 times fast than most other well-known algorithm. On the website of QuiSci [1] it is claimed that this algorithm is secure. With this paper I like to show a key recovery attack on QuiSci, exploiting the weak key setup. When you are able to guess the beginning of the...
متن کاملPractical Key Recovery Attack against Secret-IV Edon-
The SHA-3 competition has been organized by NIST to select a new hashing standard. Edon-R was one of the fastest candidates in the first round of the competition. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secretIV or secret-prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 comp...
متن کاملPractical Key Recovery Attack against Secret-prefix Edon-R
Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 computations, negligible memory, and a precomputation of 2. This does not directly contradict the security claims of Edon-R or the NI...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR Transactions on Symmetric Cryptology
سال: 2017
ISSN: 2519-173X
DOI: 10.46586/tosc.v2016.i2.248-260