Comparison of the Randomness Provided by Some Aes Candidates
نویسندگان
چکیده
Using the decorrelation techniques we compare the randomness of three schemes used in the AES candidates. The target schemes are the original Feistel scheme and two modi ed Feistel schemes: the MARS-like structure and the CAST256-like structure. As a result, the required numbers of rounds for Luby-Racko 's randomness (which is related to resistance against chosen plaintext attacks) are 3, 5, and 7, respectively. Moreover, the required numbers of rounds for achieving the decorrelation bias of order two of 2 128 are 9, 25, and 35, respectively. This holds for truly random round functions. Imperfect random round functions can achieve similar decorrelation by using decorrelation modules like in DFC, but need a number of rounds of at least 9, 30 and 42 respectively.
منابع مشابه
Comparison of Randomness Provided by Several Schemes for Block Ciphers
Block ciphers are usually made from one general scheme in which we plug round functions. For analyzing the security, it is important to study the intrinsic security provided by the general scheme from a randomness viewpoint: we study the minimal number of known plaintexts required to break it when the round functions are replaced by ideal random functions. This approach provides comparisons bet...
متن کاملOn the Pseudorandomness of Top-Level Schemes of Block Ciphers
Block ciphers are usually based on one top-level scheme into which we plug “round functions”. To analyze security, it is important to study the intrinsic security provided by the top-level scheme from the viewpoint of randomness: given a block cipher in which we replaced the lower-level schemes by idealized oracles, we measure the security (in terms of best advantage for a distinguisher) depend...
متن کاملEnhanced Flush+Reload Attack on AES
In cloud computing, multiple users can share the same physical machine that can potentially leak secret information, in particular when the memory de-duplication is enabled. Flush+Reload attack is a cache-based attack that makes use of resource sharing. T-table implementation of AES is commonly used in the crypto libraries like OpenSSL. Several Flush+Reload attacks on T-table implementat...
متن کاملComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
COMPARISON OF THE HARDWARE PERFORMANCE OF THE AES CANDIDATES USING RECONFIGURABLE HARDWARE Pawel Chodowiec, Computer Engineering M.S. George Mason University, 2002 Thesis Director: Dr. Kris M. Gaj The results of fast implementations of all five AES final candidates using Virtex Xilinx Field Programmable Gate Arrays are presented and analyzed. Performance of several alternative hardware architec...
متن کاملA Note on Comparing the AES Candidates
The comparison of the AES candidates should take into consideration the security and the e ciency of the ciphers. However, due to di erent design methodology, the ciphers were developed in di erent emphasis of the importance of security and e ciency. In this paper we propose measures to compare the AES candidates under the same security assumptions. These measures reduce the e ect of the di ere...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1999