We propose two systematic methods to describe the differential property of an S-box with linear inequalities based on logical condition modelling and computational geometry respectively. In one method, inequalities are generated according to some conditional differential properties of the S-box; in the other method, inequalities are extracted from the H-representation of the convex hull of all ...

In this paper we propose a new family of very efficient hardware oriented block ciphers. The family contains six block ciphers divided into two flavors. All block ciphers share the 80-bit key size and security level. The first flavor, KATAN, is composed of three block ciphers, with 32, 48, or 64-bit block size. The second flavor, KTANTAN, contains the other three ciphers with the same block siz...

This paper presents a security bound in the standard security model for the Magma cipher CTR encryption mode and the «CryptoPro Key Meshing» ( CPKM ) re-keying method that was previously used with the GOST 28147-89 cipher. We enumerate the main requirements that should be followed during the development of re-keying methods, then we propose a modified method and justify its advantages over CPKM...

this paper proposes a three-step method for solving nonlinear volterra integralequations system. the proposed method convents the system to a (3 × 3)nonlinear block system and then by solving this nonlinear system we ndapproximate solution of nonlinear volterra integral equations system. to showthe advantages of our method some numerical examples are presented.

in this paper, we propose a new method for the numerical solution of two-dimensional linear and nonlinear volterra integral equations of the first and second kinds, which avoids from using starting values. an existence and uniqueness theorem is proved and convergence isverified by using an appropriate variety of the gronwall inequality. application of the method is demonstrated for solving the ...

In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintextciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a ...

This exposition paper suggests a new low-bandwidth publickey encryption paradigm. The construction turns a weak form of key privacy into message privacy as follows: let E be a public-key encryption algorithm. We observe that if the distributions E(pk0, •) and E(pk1, •) are indistinguishable for two public keys pk0, pk1, then a message bit b ∈ {0, 1} can be embedded in the choice of pkb. As the ...

The significance of understanding blockcipher security in the multi-key setting is highlighted by the extensive literature on attacks, and how effective key size can be significantly reduced. Nevertheless, little attention has been paid in formally understanding the design of multi-key secure blockciphers. In this work, we formalize the multi-key security of tweakable blockciphers in case of ge...