The Experts below are selected from a list of 19113 Experts worldwide ranked by ideXlab platform
Takanori Isobe - One of the best experts on this subject based on the ideXlab platform.
-
A single-key attack on the full GOST Block Cipher
Journal of Cryptology, 2013Co-Authors: Takanori IsobeAbstract:The GOST Block Cipher is the Russian encryption standard published in 1989. In spite of considerable cryptanalytic efforts over the past 20 years, a key recovery attack on the full GOST Block Cipher with-out any key conditions (e.g., weak keys and related keys) has not been published yet. In this paper, we show a first single-key attack, which works for all key classes, on the full GOST Block Cipher. To construct the attack, we develop a new attack framework called Reflection-Meet-in-the-Middle Attack. This approach combines techniques of the reflection attack and the meet-in-the-middle attack. We apply it to the GOST Block Cipher with further novel techniques which are the effective MITM techniques using equivalent keys on short rounds. As a result, a key can be recovered with 2 225 computations and 2 32 known plaintexts.
-
a single key attack on the full gost Block Cipher
Journal of Cryptology, 2013Co-Authors: Takanori IsobeAbstract:The GOST Block Cipher is the Russian encryption standard published in 1989. In spite of considerable cryptanalytic efforts over the past 20 years, a key recovery attack on the full GOST Block Cipher without any key conditions (e.g., weak keys and related keys) has not been published yet. In this paper, we show the first single-key attack, which works for all key classes, on the full GOST Block Cipher. To begin, we develop a new attack framework called Reflection-Meet-in-the-Middle Attack. This approach combines techniques of the reflection attack and the meet-in-the-middle (MITM) attack. Then we apply it to the GOST Block Cipher employing bijective S-boxes. In order to construct the full-round attack, we use additional novel techniques which are the effective MITM techniques using equivalent keys on a small number of rounds. As a result, a key can be recovered with a time complexity of 2225 encryptions and 232 known plaintexts. Moreover, we show that our attack is applicable to the full GOST Block Cipher using any S-boxes, including non-bijective S-boxes.
Matthew J.b. Robshaw - One of the best experts on this subject based on the ideXlab platform.
-
CHES - The LED Block Cipher
Cryptographic Hardware and Embedded Systems – CHES 2011, 2011Co-Authors: Thomas Peyrin, Axel Poschmann, Matthew J.b. RobshawAbstract:We present a new Block Cipher LED. While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable Block Ciphers, the Cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of Ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES-like security proofs for LED regarding related- or single-key attacks. And third, while we provide a Block Cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.
-
The LED Block Cipher
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011Co-Authors: Jian Guo, Thomas Peyrin, Axel Poschmann, Matthew J.b. RobshawAbstract:We present a new Block Cipher LED . While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable Block Ciphers, the Cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of Ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES -like security proofs for LED regarding related- or single-key attacks. And third, while we provide a Block Cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.
-
present an ultra lightweight Block Cipher
Cryptographic Hardware and Embedded Systems, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
-
CHES - PRESENT: An Ultra-Lightweight Block Cipher
Cryptographic Hardware and Embedded Systems - CHES 2007, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
-
The RC6 Block Cipher
NIST AES Proposal, 1998Co-Authors: R. L. Rivest, Matthew J.b. Robshaw, R Sidney, Y L YinAbstract:We introduce the R6C Block Cipher. RC6 is an evolutionary improvement of RC6 designed to meet the requirements of the Advanced Encryption Standard (AES) Like RC5 RC6 makes essential use of data-dependent rotations. New features of RC6 include the use of four working registers instead of two and the inclusion of integer multiplication as an additional primitive operation. The use of multiplication greatly increases the diffusion achieved per round allowing for greater security, fewer rounds, and increased throughput.
Axel Poschmann - One of the best experts on this subject based on the ideXlab platform.
-
CHES - The LED Block Cipher
Cryptographic Hardware and Embedded Systems – CHES 2011, 2011Co-Authors: Thomas Peyrin, Axel Poschmann, Matthew J.b. RobshawAbstract:We present a new Block Cipher LED. While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable Block Ciphers, the Cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of Ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES-like security proofs for LED regarding related- or single-key attacks. And third, while we provide a Block Cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.
-
The LED Block Cipher
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011Co-Authors: Jian Guo, Thomas Peyrin, Axel Poschmann, Matthew J.b. RobshawAbstract:We present a new Block Cipher LED . While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable Block Ciphers, the Cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of Ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES -like security proofs for LED regarding related- or single-key attacks. And third, while we provide a Block Cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.
-
present an ultra lightweight Block Cipher
Cryptographic Hardware and Embedded Systems, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
-
CHES - PRESENT: An Ultra-Lightweight Block Cipher
Cryptographic Hardware and Embedded Systems - CHES 2007, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
C Vikkelsoe - One of the best experts on this subject based on the ideXlab platform.
-
present an ultra lightweight Block Cipher
Cryptographic Hardware and Embedded Systems, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
-
CHES - PRESENT: An Ultra-Lightweight Block Cipher
Cryptographic Hardware and Embedded Systems - CHES 2007, 2007Co-Authors: Andrey Bogdanov, Matthew J.b. Robshaw, Axel Poschmann, Lars R Knudsen, Gregor Leander, Christof Paar, Yannick Seurin, C VikkelsoeAbstract:With the establishment of the AES the need for new Block Ciphers has been greatly diminished; for almost all Block Cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight Block Cipher, present . Both security and hardware efficiency have been equally important during the design of the Cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream Ciphers.
Vincent Rijmen - One of the best experts on this subject based on the ideXlab platform.
-
The Block Cipher BKSQ
Lecture Notes in Computer Science, 2020Co-Authors: Joan Daemen, Vincent RijmenAbstract:In this paper we present a new 96-bit Block Cipher called BKSQ. The Cipher can be implemented efficiently on a wide range of processors (including smartcards) and in hardware.
-
the khazad legacy level Block Cipher
2001Co-Authors: Paulo S L M, Vincent RijmenAbstract:Khazad is a 64-bit (legacy-level) Block Cipher that accepts a 128-bit key. The Cipher is a uniform substitution-permutation network whose inverse only differs from the forward operation in the key schedule. The overall Cipher design follows the Wide Trail strategy, favours component reuse, and permits a wide variety of implementation tradeoffs.
-
the Block Cipher rijndael
Lecture Notes in Computer Science, 2000Co-Authors: Joan Daemen, Vincent RijmenAbstract:In this paper we present the Block Cipher Rijndael, which is one of the fifteen candidate algorithms for the Advanced Encryption Standard (AES). We show that the Cipher can be implemented very efficiently on Smart Cards.
-
The Block Cipher SQUARE
FSE 1997: International Workshop on Fast Software Encryption, 1997Co-Authors: Joan Daemen, Lars Knudsen, Vincent RijmenAbstract:In this paper we present a new 128-bit Block Cipher called Square. The original design of Square concentrates on the resistance against differential and linear cryptanalysis. However, after the initial design a dedicated attack was mounted that forced us to augment the number of rounds. The goal of this paper is the publication of the resulting Cipher for public scrutiny. A C implementation of Square is available that runs at 2.63 MByte/s on a 100 MHz Pentium. Our M68HC05 Smart Card implementation ts in 547 bytes and takes less than 2 msec. (4 MHz Clock). The high degree of parallellism allows hardware implementations in the Gbit/s range today.
