We present improved cryptanalysis of two second-round SHA-3 candidates: the AESbased hash functions ECHO and Grøstl. We explain methods for building better differential trails for ECHO by increasing the granularity of the truncated differential paths previously considered. In the case of Grøstl, we describe a new technique, the internal differential attack, which shows that when using parallel ...

We present a scheme for direct and confidential communication between Alice and Bob, where there is no need for establishing a shared secret key first, and where the key used by Alice even will become known publicly. The communication is based on the exchange of single photons and each and every photon transmits one bit of Alice’s message without revealing any information to a potential eavesdr...

At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers ...

—In recent two years, zero correlation linear cryptanalysis has shown its great potential in cryptanalysis and it has proven to be effective against massive ciphers. LEA is a block cipher proposed by Deukjo Hong, who is the designer of an ISO standard block cipher HIGHT. This paper evaluates the security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we ide...

We present new attacks on the Feistel network, where each round function consists of a subkey XOR, S-boxes, and then a linear transformation (i.e., an SP round function). Our techniques are based largely on what they call the rebound attacks. As a result, our attacks work most effectively when the S-boxes have a “good” differential property (like the inverse function x 7→ x−1 in the finite fiel...

At IEEE GLOBECOM 2008, a lightweight cipher based on a Multiple Recursive Generator (MRG) was proposed for use in resource limited environment such as sensor nodes and RFID tags. This paper proposes two efficient attacks on this MRG cipher. A distinguishing attack is firstly introduced to identify the use of an MRG cipher that has a modulus suggested by its designers. It requires 218 words of c...

In this article, we analyse the known-key security of the standardized PRESENT lightweight block cipher. Namely, we propose a knownkey distinguisher on the full PRESENT, both 80and 128-bit key versions. We first leverage the very latest advances in differential cryptanalysis on PRESENT, which are as strong as the best linear cryptanalysis in terms of number of attacked rounds. Differential prop...

Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur o...

This paper develops several new techniques of cryptanalyzing MACs based on block ciphers, and is divided into two parts. The first part presents new distinguishers of the MAC construction Alred and its specific instance Alpha-MAC based on AES. For the Alred construction, we first describe a general distinguishing attack which leads to a forgery attack directly with the complexity of the birthda...

An attacker or evaluator can detect more information leakages if he improves the Signal-to-Noise Ratio (SNR) of power traces in his tests. For this purpose, pre-processings such as de-noise, distribution-based traces biasing are used. However, the existing traces biasing schemes can’t accurately express the characteristics of power traces with high SNR, making them not ideal for leakage detecti...