VEST is a modern cipher that can be readily deployed to offer increased efficiency and/or improved functionality in smartcards. VEST can also be deployed to assist prevent real world problems such as identity theft and the emulation and cloning of cards. VEST efficiently implements the essential symmetric cryptographic functions in one low-area, highperformance multi-function module. VEST-4 red...

The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide singlepass authenticated encryption. The GHASH authentication component of GCM belongs to a class of WegmanCarter polynomial hashes that operate in the field GF(2). We present message forgery attacks that are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. GCM us...

Abstract This survey presents the rich history of Welch-Gong (WG) Stream cipher family. It has been a long journey that lead WG stream ciphers to become practical. The evolutionary path is combination mathematical endeavour and engineering striving transfer pure functions practical encryption algorithms for various applications. began as pioneering work on transformation sequences with 2-level ...

We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). When using a TBC with n-bit blocks and t-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length n and allows to process n + t bits of inputs ...

This paper proposes a novel construction, calledduplex, closely related to the sponge construction, that acceptsmessage blocks to be hashed and—at no extra cost—provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic a acks. The main application proposed here is an authenticat...

Sophie Germain Counter Mode (SGCM) is an authenticated encryption mode of operation, to be used with 128-bit block ciphers such as AES. SGCM is a variant of the NIST standardized Galois / Counter Mode (GCM) which has been found to be susceptible to weak key / short cycle forgery attacks. The GCM attacks are made possible by its extremely smooth-order multiplicative group which splits into 512 s...

The current paper studies the probability of differential characteristics for an unkeyed (or with a fixed key) construction. Most notably, it focuses on the gap between two probabilities of differential characteristics: probability with independent S-box assumption, pind, and exact probability, pexact. It turns out that pexact is larger than pind in Feistel network with some S-box based inner f...

We introduce CWC, a new block cipher mode of operation for protecting both the privacyand the authenticity of encapsulated data. CWC is currently the only such mode having all fiveof the following properties: provable security, parallelizability, high performance in hardware,high performance in software, and no intellectual property concerns. We believe that havingall five of th...

This note describes a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. It does this using only djM j=ne + 2 block cipher invocations. Here M is the plaintext (an arbitrary bit string) and n is the block length. The scheme refines one recently suggested by Jutla [Ju00].

Tweakable blockcipher (TBC) is a powerful tool to design authenticated encryption schemes as illustrated by Minematsu’s Offset Two Rounds (OTR) construction. It considers an additional input, called tweak, to a standard blockcipher which adds some variability to this primitive. More specifically, each tweak is expected to define a different, independent pseudo-random permutation. In this work w...