Improved Cryptanalysis of Skein

The hash function Skein is the submission of Ferguson et al. to the NIST Hash Competition, and is arguably a serious candidate for selection as SHA-3. This paper presents the rst third-party analysis of Skein, with an extensive study of its main component: the block cipher Three sh. We notably investigate near collisions, distinguishers, impossible di erentials, key recovery using related-key di erential and boomerang attacks. In particular, we present near collisions on up to 17 rounds, an impossible di erential on 21 rounds, a related-key boomerang distinguisher on 34 rounds, a known-related-key boomerang distinguisher on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in total for Threefish-512. None of our attacks directly extends to the full Skein hash. However, the pseudorandomness of Threefish is required to validate the security proofs on Skein, and our results conclude that at least 3

A note on a privacy-preserving distance-bounding protocol

Distance bounding protocols enable a device to establish an upper bound on the physical distance to a communication partner so as to prevent location spoofing, as exploited by relay attacks. Recently, Rasmussen and Čapkun (ACM-CCS\u2708) observed that these protocols leak information on the location of the parties to external observers, which is undesirable in a number of applications-for example if the leaked information leads to the identification of the parties among a group of devices. To remedy this problem, these authors proposed a "privacy-preserving" distance bounding protocol, i.e. that leaks no information on the location of the parties. The present paper reports results from an in-depth security analysis of that new protocol, with as main result an attack that recovers the ephemeral secrets as well as the location information of the two parties for particular choices of parameters. Overall, our results do not contradict the preliminary security analysis by the designers, but rather extends it to other parts of the attack surface. \ua9 2011 Springer-Verlag

SipHash : a fast short-input PRF

SipHash is a family of pseudorandom functions optimized for short inputs. Target applications include network traffic authentication and hash-table lookups protected against hash-flooding denial-of-service attacks. SipHash is simpler than MACs based on universal hashing, and faster on short inputs. Compared to dedicated designs for hash-table lookup, SipHash has well-defined security goals and competitive performance. For example, SipHash processes a 16-byte input with a fresh key in 140 cycles on an AMD FX-8150 processor, which is much faster than state-of-the-art MACs. We propose that hash tables switch to SipHash as a hash function

On security arguments of the second round SHA-3 candidates

In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round. An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered. © Springer-Verlag 2012.status: publishe

Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers

Abstract. This paper presents the first results on AIDA/cube, algebraic and sidechannel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced a novel pre-processing stage on the equations system before feeding it to the SAT solver. This way, we could break 79, 64 and 60 rounds of KATAN32, KATAN48, KATAN64, respectively. We show how to perform side channel attacks on the full 254-round KATAN32 with one-bit information leakage from the internal state by cube attacks. Finally, we show how to reduce the attack complexity by combining the cube attack with the algebraic attack to recover the full 80-bit key. Further contributions include new phenomena observed in cube, algebraic and side-channel attacks on the KATAN ciphers. For the cube attacks, we observed that the same maxterms suggested more than one cube equation, thus reducing the overall data and time complexities. For the algebraic attacks, a novel pre-processing step led to a speed up of the SAT solver program. For the side-channel attacks, 29 linearly independent cube equations were recovered after 40-round KATAN32. Finally, the combined algebraic and cube attack, a leakage of key bits after 71 rounds led to a speed up of the algebraic attack

Book Review: Austin, Cleared for Takeoff: Aviators, Businessmen, and the Growth of an American City

At its widest point, Texas measures some 850 miles across. EI Paso, in the extreme west, is closer to Los Angeles than it is to Texarkana, sited near the state\u27s eastern boundary. Given the distances its citizens have to travel, Texas has always been attuned to transport technology. And people living in the capital, Austin, near the state\u27s center, have always been interested in finding rapid forms of travel to the far-flung cities and counties of the rest of the state. Thus, Ragsdale\u27s book touches on a highly relevant aspect of urban as well as regional history. Moreover, as national and international travel became accepted for business as well as pleasure, the role of airlines and airports serving Austin took on a growing immediacy