In this paper we present a variation of the template attack classification process that can be applied to block ciphers when the plaintext and ciphertext used are unknown. In a näıve implementation this attack can be applied to any round of a block cipher. We also show that when a block cipher is implemented with the masking countermeasure a similar attack can be applied to the first round of t...

In this paper, we propose a lightweight authenticated encryption mode JAMBU. It only needs n-bit extra register for a block cipher with 2n-bit block size. It achieves n-bit authentication security when 2 bits are processed under a single key. When nonce (IV) is reused, the encryption security is similar to that of the CFB mode while the message authentication maintains strong security. We insta...

We describe a block-cipher mode of operation, EMD, that builds a strong pseudorandom per-mutation (PRP) on nm bits (m ≥ 2) out of a strong PRP on n bits (i.e., a block cipher). Theconstructed PRP is also tweaked (in the sense of [10]): to determine the nm-bit ciphertext blockC =EK(P ) one provides, besides the key K and the nm-bit plaintext block P , an n-bit tweak T . The<l...

Due to the demand for low-cost cryptosystems from industry, there spring up a lot of lightweight block ciphers which are excellent for some different implementation features. An innovative design is the block cipher PRINCE. To meet the requirement for low-latency and instantaneously encryption, NXP Semiconductors and its academic partners cooperate and design the low-latency block cipher PRINCE...

We revisit meet-in-the-middle attacks on block ciphers and recent developments in meet-in-the-middle preimage attacks on hash functions. Despite the presence of a secret key in the block cipher case, we identify techniques that can also be mounted on block ciphers, thus allowing us to improve the cryptanalysis of the block cipher KTANTAN family. The first and major contribution is that we spot ...

We describe a block cipher mode of operation that implements a ‘tweakable’ (super) pseudorandom permutation with an arbitrary block length. This mode can be used to provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipu...

Let F be some block cipher (eg., DES) with block length l. The Cipher Block Chaining Message Authentication Code (CBC MAC) speci es that an m-block message x = x1 xm be authenticated among parties who share a secret key a for the block cipher by tagging x with a pre x of ym, where y0 = 0 l and yi = Fa(mi yi 1) for i = 1; 2; : : : ;m. This method is a pervasively used international and U.S. stan...

Secret-key block ciphers are the subject of this work. The design and security of block ciphers, together with their application in hashing techniques, are considered.