Due to the severe resource constraints in the Wireless Sensor Networks (WSNs), the security protocols therein, should be designed to optimize the performance maximally. On the other hand a block cipher and the mode of operation in which it operates, play a vital role in determining the overall efficiency of a security protocol. In addition, when an application demands confidentiality and messag...

In this paper we experiment with cube testers on reduced round Trivium that can act as a distinguisher. Using heuristics, we obtain several distinguishers for Trivium running more than 800 rounds (maximum 829) with cube sizes not exceeding 27. In the process, we also exploit state biases that has not been explored before. Further, we apply our techniques to analyse Trivia-SC, a stream cipher pr...

We present an efficient key wrapping scheme that uses a single public permutation as the basic element. As the scheme does not rely on block ciphers, it can be used on a resource-constrained device where such a permutation comes from an implemented hash function, regular (SHA-3/Keccak) or lightweight one (Quark, Photon). The scheme is capable of wrapping keys up to 1400 bits long and processing...

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search ...

This paper explores a new type of MACs called messagerecovery MACs (MRMACs). MRMACs have an additional input R that gets recovered upon verification. Receivers must execute verification in order to recover R, making the verification process unskippable. Such a feature helps avoid mis-implementing verification algorithms. The syntax and security notions of MRMACs are rigorously formulated. In pa...

We describe a new method for authenticated encryption, which uses information from the internal state of the cipher to provide the authentication. This methodology has a number of benefits. The encryption has properties similar to CBC mode, yet the encipherment and authentication mechanisms can be parallelized and/or pipelined. The authentication overhead is minimal, so the computational cost o...

We present a new block cipher mode of operation for authenticated encryption (AE), dubbed $$\textsf{XOCB}$$ , that has the following features: (1) beyond-birthday-bound (BBB) security based on standard pseudorandom assumption internal if maximum length is sufficiently smaller than birthday bound, (2) rate-1 computation, and (3) supporting any with key length. Namely, effectively same efficiency...

We present Marvin, a new parallelizable message authentication code based on the ALRED family. The new algorithm is designed with resource-constrained platforms in mind and explores the structure of an underlying block cipher to provide security at a small cost in terms of memory needs. Also, we show how Marvin can be used as an authentication-only function or else in an Authenticated Encryptio...

Abstract— Multi-secret sharing scheme based on cellular automata have proven to be a secure encrypting algorithm, although it cannot guarantee data integrity and authenticity of shares of the participants, allowing a chosen cipher text attack. In this work, to improve the security of multiple secret sharing scheme (SSS) against adaptive chosen cipher text attack, we introduce an authenticated e...