223 research outputs found
Internal collision attack on Maraca
We present an internal collision attack against the new hash
function Maraca which has been submitted to the SHA-3 competition.
This attack requires 2^{237} calls to the round function and its complexity is
lower than the complexity of the generic collision attack when the length
of the message digest is greater than or equal to 512. It is shown that
this cryptanalysis mainly exploits some particular differential properties
of the inner permutation, which are in some sense in contradiction with
the usual security criterion which guarantees the resistance to differential
attacks
Exploiting algebraic properties of block ciphers
COST Training School on Symmetric Cryptography and Blockchain, Torremolinos, Spai
Secure building-blocks against differential and linear attacks
COST Training School on Symmetric Cryptography and Blockchain, Torremolinos, Spai
On the Origin of Trust: Struggle for Secure Cryptography
International audienceCryptographic primitives, like encryption schemes, hash functions... are the core of most security applications. But the trust that users place in these algorithms has been repeatedly violated. There are many examples of attacks which exploit weaknesses of the underlying cryptographic primitives, like the recent Logjam and Sloth attacks against TLS.So when can we trust cryptography? It should be clear that we cannot trust algorithms which do not have public design rationale and which have not been thoroughly studied. Most notably, the primitives recommended by the cryptographic community are those which have been chosen after an international competition.Within such an open contest, like the AES and the SHA-3 selection processes, all proposals have been carefully analyzed by all participants; their security margins have been evaluated. This ongoing cryptanalytic effort is the only reliable security argument to consider when deciding which primitive to trust
A further improvement of the work factor in an attempt at breaking McEliece's cryptosystem
Résumé disponible dans le fichier PD
Distinguishing and Key-recovery Attacks against Wheesht
Wheesht is one of the candidates to the CAESAR competition. In this note we present several attacks on Wheesht, showing that it is far from the advertised security level of 256 bits. In particular we describe a distinguishing attack with known plaintext words for any number of rounds of Wheesht, and a key-recovery attack (recovering the encryption key) for versions of Wheesht with a single finalization round with very little data and time complexity
Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256
International audienceThe zero-sum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zero-sum is established. Then, we analyze the impacts of the linear and the nonlinear layers in an iterated permutation on the construction of zero-sum partitions. Finally, these techniques are applied to the Keccak-f permutation and to Hamsi-256. We exhibit several zero-sum partitions for 20 rounds (out of 24) of Keccak-f and some zero-sum partitions of size 2^{19} and 2^{10} for the finalization permutation in Hamsi-256
A zero-sum property for the KECCAK-f permutation with 18 rounds
International audienceA new type of distinguishing property, named the zero-sum property has been recently presented by Aumasson and Meier. It has been applied to the inner permutation of the hash function Keccak and it has led to a distinguishing property for the Keccak-f permutation up to 16 rounds, out of 24 in total. Here, we additionally exploit some spectral properties of the Keccak-f permutation and we improve the previously known upper bounds on the degree of the inverse permutation after a certain number of rounds. This result enables us to extend the zero-sum property to 18 rounds of the Keccak-f permutation, which was the number of rounds in the previous version of Keccak submitted to the SHA-3 competition
- …