In 2011, prompted by potential U.S. government requirements for lightweight ciphers (e.g., SCADA and logistics applications) and concerns that existing cryptographic solutions were unnecessarily restrictive, a team of cryptographic designers was formed within the National Information Assurance Research Laboratory of NSA’s Research Directorate, with the goal of designing foundational lightweight...

We propose the study of quasi-cryptographic primitives and protocols. These are relaxed versions of standard cryptographic primitives and protocols where the adversary may be given more resources than some of the honest parties. The purpose of this study is to obtain a better understanding of some of the obstacles in basing cryptography on NP-hardness, as well as the relations between various c...

Cryptographic primitives are fundamental for information security: they are used as basic components for cryptographic protocols or public-key cryptosystems. In many cases, their security proofs consist in showing that they are reducible to computationally hard problems. Those reductions can be subtle and tedious, and thus not easily checkable. On top of the proof assistant Coq, we had implemen...

One of the most popular current trends in cryptography is the research for new approaches for designing cryptographic primitives. Using the algebraic structures for constructing such primitives is studied by many researches. Our investigation is focused on finding ternary quasigroups with good properties for designing cryptographic primitives. In this paper we define ternary quasigroup transfor...

The Public Key Infrastructure (PKI) provides services that permit users to communicate in a secure manner on an unsecure network by means of digital certificates and cryptography primitives. However, in order to secure an application through cryptography and PKI, cryptographic primitives need to be implemented in the programming language used to develop the application. This raises scalability ...

We study the composition of security protocols when protocols share secrets such as keys. We show (in a Dolev-Yao model) that if two protocols use disjoint cryptographic primitives, their composition is secure if the individual protocols are secure, even if they share data. Our result holds for any cryptographic primitives that can be modeled using equational theories, such as encryption, signa...

We introduce a probabilistic framework for the automated analysis of security protocols. Our framework provides a general method for expressing properties of cryptographic primitives, modeling an attacker more powerful than conventional Dolev-Yao attackers. It allows modeling equational properties of cryptographic primitives as well as property statements about their weaknesses, e.g. primitives...

Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...