How to Improve Rebound Attacks

Rebound attacks are a state-of-the-art analysis method for hash functions. These cryptanalysis methods are based on a well chosen differential path and have been applied to several hash functions from the SHA-3 competition, providing the best known analysis in these cases. In this paper we study rebound attacks in detail and find for a large number of cases that the complexities of existing attacks can be improved. This is done by identifying problems that optimally adapt to the cryptanalytic situation, and by using better algorithms to find solutions for the differential path. Our improvements affect one particular operation that appears in most rebound attacks and which is often the bottleneck of the attacks. This operation, which varies depending on the attack, can be roughly described as {\em merging} large lists. As a result, we introduce new general purpose algorithms for enabling further rebound analysis to be as performant as possible. We illustrate our new algorithms on real hash functions. More precisely, we demonstrate how to reduce the complexities of the best known analysis on four SHA-3 candidates: JH, Gr\o{}stl, ECHO and {\sc Lane} and on the best known rebound analysis on the SHA-3 candidate Luffa

Symmetric Cryptanalysis: the Foundation of Trust

International audienceThe security of asymmetric primitives typically relies on the hardness of a well-established mathematical problem and is then well accepted by the community. By contrast, the security of symmetric primitives is much less clearly established and the existing pseudo-security-proofs always rely on an ideal modelization that is far from realistic (for example, modeling a pseudo-random distribution by a truly random one). We are then often left with an empirical measure of the security, provided by a thorough, and even more importantly never-ending study of the symmetric primitives by cryptanalysts.That is why confidence in symmetric primitives is always based on the amount of cryptanalysis they have received, and on the security margin that they have left. To react as quickly as possible when required, it is important to analyze the security thoroughly with respect to all currently available cryptanalysis tools (including quantum ones); and then keep it up to date as the tools evolve

Lightweight Cryptography

International audienc

Symmetric lightweight primitives: (Design and) Cryptanalysis

International audienc

Preparing Symmetric Crypto for the Quantum World

International audienc

New results on symmetric quantum cryptanalysis (Keynote speaker)

International audienceThe security of symmetric cryptography is completely based on cryptanalysis: we only gain confidence in the security of a symmetric primitive through extensive and continuous scrutiny. It is therefore not possible to determine whether a symmetric primitive might be secure or not in a post-quantum world without first understanding how a quantum adversary could attack it. In this talk I will provide an overview of the subject and present some recent results on symmetric quantum cryptanalysis: a new efficient quantum collision search algorithm (joint work with A. Chailloux and A. Schrottenloher), and new efficient quantum algorithms for solving the K-xor problem (joint work with L. Grassi and A. Schrottenloher). We will discuss some implications of these results in quantum-safe symmetric cryptography

Introduction to Symmetric Cryptography

International audienc

New Results on Quantum Symmetric Cryptanalysis

National audienceThe security of symmetric cryptography is completely based on cryptanalysis: we only gain confidence in the security of a symmetric primitive through extensive and continuous scrutiny. It is therefore not possible to determine whether a symmetric primitive might be secure or not in a post-quantum world without first understanding how a quantum adversary could attack it. In this talk I will provide an overview of the subject and present some recent results on symmetric quantum cryptanalysis: a new efficient quantum collision search algorithm (joint work with A. Chailloux and A. Schrottenloher) and an extensive analysis of the use of modular additions on symmetric primitives (joint work with X. Bonnetain). We will discuss some implications of these results in quantum-safe symmetric cryptography

Preface

International audienceIACR Transactions on Symmetric Cryptology (ToSC) is a forum for original results in all areas of symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, hash functions, message authentication codes, (cryptographic) permutations, authenticated encryption schemes, cryptanalysis and evaluation tools, and security issues and solutions regarding their implementation. ToSC implements an open-access journal/conference hybrid model following some other communities in computer science. All articles undergo a journal-style reviewing process and accepted papers are published in gold open access (in our case the Creative Commons License CC-BY 4.0). The review procedures that we have followed strictly adhere to the traditions of the journal world. Full papers are assigned to the members of the Editorial Board. These members write detailed and careful reviews (usually without relying on subreviewers). Moreover, we have had a rebuttal phase, allowing authors to respond to the review comments before the final decisions. If necessary, the review process enables further interactions between the authors and the reviewers, mediated by the Co-Editors-in-Chief. Detailed discussions among the reviewers lead to one of the following four decisions for each paper: accept, in which case the authors submit their final camera-ready manuscript after editorial corrections; accept with minor revision, which means that the authors revise their manuscript and go through one or more iterations and reviews of the manuscript until the comments have been addressed in a satisfactory way; major revision, which means that the authors are requested to make major changes to their manuscript before submitting again in one of the next rounds; and reject, which means that the manuscript is deemed to be not suitable for publication in ToSC. The last four issues we have tried to refine the method (new for a community used to only accept or reject decisions) and decide in a more fair way when to assign major revisions. The review process shares with the high quality conferences that it is double-blind and adheres to a strict timing; but unlike a traditional conference, there are multiple submission deadlines per year. Each paper received at least three reviews; for submissions by Editorial Board members this was increased to at least four. Overall, we are very pleased with the quality and quantity of submissions, the detailed review reports written by the reviewers and the substantial efforts by the authors to further improve the quality of their work. We think that the review process leads to an increased quality of the papers that are published. The papers selected by the Editorial Board for publication in the last four issues were presented at the conference Fast Software Encryption (FSE). This gave the authors the opportunity to advertise their results and engage in discussions on further work. we received 33 submissions, out of which 10 were accepted, 4 of these after minor revisions; the number of papers that received a major revision decision was 4. For Volume 2017, Issue 3, we received 32 submissions, out of which 13 were accepted, 9 of these after minor revisions; the number of papers that received a major revisio