226 research outputs found
Internal collision attack on Maraca
We present an internal collision attack against the new hash
function Maraca which has been submitted to the SHA-3 competition.
This attack requires 2^{237} calls to the round function and its complexity is
lower than the complexity of the generic collision attack when the length
of the message digest is greater than or equal to 512. It is shown that
this cryptanalysis mainly exploits some particular differential properties
of the inner permutation, which are in some sense in contradiction with
the usual security criterion which guarantees the resistance to differential
attacks
Exploiting algebraic properties of block ciphers
COST Training School on Symmetric Cryptography and Blockchain, Torremolinos, Spai
Secure building-blocks against differential and linear attacks
COST Training School on Symmetric Cryptography and Blockchain, Torremolinos, Spai
On the Origin of Trust: Struggle for Secure Cryptography
International audienceCryptographic primitives, like encryption schemes, hash functions... are the core of most security applications. But the trust that users place in these algorithms has been repeatedly violated. There are many examples of attacks which exploit weaknesses of the underlying cryptographic primitives, like the recent Logjam and Sloth attacks against TLS.So when can we trust cryptography? It should be clear that we cannot trust algorithms which do not have public design rationale and which have not been thoroughly studied. Most notably, the primitives recommended by the cryptographic community are those which have been chosen after an international competition.Within such an open contest, like the AES and the SHA-3 selection processes, all proposals have been carefully analyzed by all participants; their security margins have been evaluated. This ongoing cryptanalytic effort is the only reliable security argument to consider when deciding which primitive to trust
Distinguishing and Key-recovery Attacks against Wheesht
Wheesht is one of the candidates to the CAESAR competition. In this note we present several attacks on Wheesht, showing that it is far from the advertised security level of 256 bits. In particular we describe a distinguishing attack with known plaintext words for any number of rounds of Wheesht, and a key-recovery attack (recovering the encryption key) for versions of Wheesht with a single finalization round with very little data and time complexity
A further improvement of the work factor in an attempt at breaking McEliece's cryptosystem
Résumé disponible dans le fichier PD
Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256
International audienceThe zero-sum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zero-sum is established. Then, we analyze the impacts of the linear and the nonlinear layers in an iterated permutation on the construction of zero-sum partitions. Finally, these techniques are applied to the Keccak-f permutation and to Hamsi-256. We exhibit several zero-sum partitions for 20 rounds (out of 24) of Keccak-f and some zero-sum partitions of size 2^{19} and 2^{10} for the finalization permutation in Hamsi-256
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting
International audienc
- …