We consider the endomorphism ring computation problem for supersingular elliptic curves, constructive versions of Deuring’s correspondence, and the security of Charles-Goren-Lauter’s cryptographic hash function. We show that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction. We also provide a collisi...

In this paper, we point out some weaknesses in the Salsa20 core function that could be exploited to obtain up to 2 collisions for its full (20 rounds) version. We first find an invariant for its main building block, the quarterround function, that is then extended to the rowround and columnround functions. This allows us to find an input subset of size 2 for which the Salsa20 core behaves exact...

Recently, NIST has selected 14 second round candidates of SHA3 competition. One of these candidates will win the competition and eventually become the new hash function standard. In TCC’04, Maurer et al introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two systems. Indifferentiability is the appropriate notion of modeling a random ora...

The hash function ARIRANG is one of the 1st round SHA-3 candidates. In this paper, we present preimage attacks on ARIRANG with step-reduced compression functions. We consider two step-reduced variants of the compression function. First one uses the same feedforward1 as the original algorithm, and the other one has the feedforward1 working at the output of the half steps. Our attack finds a prei...

We propose a new definition of preimage entropy dimension for continuous maps on compact metric spaces, investigate fundamental properties the dimension, and compare with topological dimension. The defined satisfies various basic example, subsystem is bounded by that original system topologically conjugated systems have same Also, we discuss relation between entropy.

Preneel et al. (Crypto 1993) assessed 64 possible ways to construct a compression function out of a blockcipher. They conjectured that 12 out of these 64 so-called PGV constructions achieve optimal security bounds for collision resistance and preimage resistance. This was proven by Black et al. (Journal of Cryptology, 2010), if one assumes that the blockcipher is ideal. This result, however, do...

The preimage of the activities of all the nodes at a certain level of a deep network is the set of inputs that result in the same node activity. For fully connected multi layer rectifier networks we demonstrate how to compute the preimages of activities at arbitrary levels from knowledge of the parameters in a deep rectifying network by disregarding the effects of max-pooling. If the preimage s...

Hamsi is one of the second round candidates of the SHA-3 competition. In this study, we present non-random differential properties for the compression function of the hash function Hamsi-256. Based on these properties, we first demonstrate a distinguishing attack that requires a few evaluations of the compression function and extend the distinguisher to 5 rounds with complexity 2. Then, we pres...