Security Applications Privacy Enhanced Access Control by Means of Policy Blinding p. 108 PolicyBased Authentication for Mobile Agents p. 123 Lightweight Delegated Subset Test with Privacy Protection p. 138 Post-quantum Cryptography and Side-Channel Attack Improving BDD Cryptosystems in General Lattices p. 152 Kipnis-Shamir Attack on Unbalanced Oil-Vinegar Scheme p. 168 A Novel Group Signature S...

Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two of the most useful cryptanalysis methods in the field of symmetric ciphers. Until now, there are several automatic search tools for impossible differentials such as U-method and UID-method, which are all independent of the non-linear S-boxes. Since the differential and linear properties can also contribute t...

In this paper, inspired from the notion of impossible differentials, we present a model to use differentials that are less probable than a random permutation. We introduce such a distinguisher for 2 rounds of Crypton, and present an attack on 6 rounds of this predecessor AES candidate. As a special case of this idea, we embed parts of the additional rounds around the impossible differential int...

Impossible differential cryptanalysis is a very popular tool for analyzing the security of modern block ciphers and the core of such attack is based on the existence of impossible differentials. Currently, most methods for finding impossible differentials are based on the miss-in-the-middle technique and they are very ad-hoc. In this paper, we concentrate SPN ciphers whose diffusion layer is de...

SKINNY is a new lightweight tweakable block cipher family proposed by Beierle et al. at CRYPTO 2016. SKINNY has 6 main variants where SKINNY-n-t is a block cipher that operates on n-bit blocks using t-bit tweakey (key and tweak) where n = 64 or 128 and t = n, 2n, or 3n. In this paper, we present impossible differential attacks against reduced-round versions of all the 6 members of the SKINNY fa...

TWIS is a 128-bit lightweight block cipher that is proposed by Ojha et al. In this work, we analyze the security of the cipher against differential, impossible differential and linear attacks. For the differential case, we mount a full-round attack on TWIS and recover 12 bits of the 32-bit final subkey with 2 complexity. For the other cases, we present distinguishers which can be extended to ke...

Zero-correlation linear attack is a new method for cryptanalysis of block ciphers developed by Bogdanov et al. in 2012. In this paper we adapt the matrix method to find zerocorrelation linear approximations. Then we present several zero-correlation linear approximations for 14 rounds of LBlock and describe a cryptanalysis for 22 rounds of the reduced LBlock. After biclique attacks on LBlock rev...

Type-I generalized Feistel networks (GFN) are widely used frameworks in symmetric-key primitive designs such as CAST-256 and Lesamnta. Different from the extensive studies focusing on specific block cipher instances, analysis against GFN structures gives generic security evaluation of basic concentrates more effect linear transformation. Currently, works this field mainly evaluate impossible di...