28,522 research outputs found
A Discrete Logarithm-based Approach to Compute Low-Weight Multiples of Binary Polynomials
Being able to compute efficiently a low-weight multiple of a given binary
polynomial is often a key ingredient of correlation attacks to LFSR-based
stream ciphers. The best known general purpose algorithm is based on the
generalized birthday problem. We describe an alternative approach which is
based on discrete logarithms and has much lower memory complexity requirements
with a comparable time complexity.Comment: 12 page
Stopping time signatures for some algorithms in cryptography
We consider the normalized distribution of the overall running times of some
cryptographic algorithms, and what information they reveal about the
algorithms. Recent work of Deift, Menon, Olver, Pfrang, and Trogdon has shown
that certain numerical algorithms applied to large random matrices exhibit a
characteristic distribution of running times, which depends only on the
algorithm but are independent of the choice of probability distributions for
the matrices. Different algorithms often exhibit different running time
distributions, and so the histograms for these running time distributions
provide a time-signature for the algorithms, making it possible, in many cases,
to distinguish one algorithm from another. In this paper we extend this
analysis to cryptographic algorithms, and present examples of such algorithms
with time-signatures that are indistinguishable, and others with
time-signatures that are clearly distinct.Comment: 20 page
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
On the Design of Secure and Fast Double Block Length Hash Functions
In this work the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of n-bit and a key length of 2n-bit, is reconsidered.
Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose uncovered flaws in the necessary conditions given by Satoh et al. and Hirose. Preimage and second preimage attacks are presented on Hirose's two examples which were left as an open problem. Therefore, although all the rate-1 hash functions in this general class are failed to be optimally (second) preimage resistant, the necessary conditions are refined for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the refined conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in
the compression function has the key length is equal to the block length, while the other is doubled
Combinatorics on words in information security: Unavoidable regularities in the construction of multicollision attacks on iterated hash functions
Classically in combinatorics on words one studies unavoidable regularities
that appear in sufficiently long strings of symbols over a fixed size alphabet.
In this paper we take another viewpoint and focus on combinatorial properties
of long words in which the number of occurrences of any symbol is restritced by
a fixed constant. We then demonstrate the connection of these properties to
constructing multicollision attacks on so called generalized iterated hash
functions.Comment: In Proceedings WORDS 2011, arXiv:1108.341
- ā¦