We consider a simple power analysis on an 8-bit software implementation of the AES key expansion. Assuming that an attacker is able to observe the Hamming weights of the key bytes generated by the key expansion, previous works from Mangard and from VanLaven et al. showed how to exploit this information to recover the key from unprotected implementations. Our contribution considers several possi...

1 Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, P.O. Box 145, Beijing 100876, China 2 Key Laboratory of Network and Information Attack and Defence Technology of MOE, Beijing University of Posts and Telecommunications, Beijing 100876, China 3 National Engineering Laboratory for Disaster Backup and Rec...

SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2...

In this paper we show that Biham’s chosen key attack can be generalized to include any block cipher and we give a low complexity chosen key attack on any Feistel type cipher. Then we show that the irregularities in the shift pattern of DES key schedule algorithm is not sufficient for the cryptosystem to resist against related key attacks. We have realized our proposition by a counter example in...

Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that gener­ ate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designers introduced Grain-128a having an asymmetric padding. As a result, the existing idea of chosen ...

QuiSci is incredible fast, faster than most other ciphers. On modern CPUs it needs only arround 1 clock cycle per byte, so it is 10 times fast than most other well-known algorithm. On the website of QuiSci [1] it is claimed that this algorithm is secure. With this paper I like to show a key recovery attack on QuiSci, exploiting the weak key setup. When you are able to guess the beginning of the...

A recent framework for chosen IV statistical distinguishing analysis of stream ciphers is exploited and formalized to provide new methods for key recovery attacks. As an application, a key recovery attack on simplified versions of two eSTREAM Phase 3 candidates is given: For Grain-128 with IV initialization reduced to up to 180 of its 256 iterations, and for Trivium with IV initialization reduc...

The vigenere is weak because of key periodicity, but the fake one-time pad based on a random number generator removes that periodicity. This fake one-time pad, however, requires seed-based random number generation and it is therefore a mathematical linear sequence, which lends itself to various flaws as well. I propose that the vigenere can be modified from its base implementation, without rely...

In this paper we show that the related key boomerang attack by E. Fleischmann et al. from the paper mentioned in the title does not allow to recover the master key of the GOST block cipher with complexity less than the complexity of the exhaustive search. Next we present modified attacks. Finally we argue that these attacks and the related key approach itself are of extremely limited practical ...

Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. The Cloud computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure and operational expenditure. In order for this to become reality, however, there are stil...