Learn More
Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first(More)
The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KAt consists of a small number t of fixed permutations Pi on n bits, separated by key addition: kt) are obtained from the master key K using some key(More)
We propose Chaskey: a very efficient Message Authentication Code (MAC) algorithm for 32-bit microcontrollers. It is intended for applications that require 128-bit security, yet cannot implement standard MAC algorithms because of stringent requirements on speed, energy consumption , or code size. Chaskey is a permutation-based MAC algorithm that uses the(More)
For the homomorphic Paillier cryptosystem we construct a protocol for secure modulo reduction, that on input of an encryption x with x of bit length x and a public 'modulus' a of bit length a outputs an encryption x mod a. As a result, a protocol for computing an encrypted integer division x div a is obtained. Surprisingly, efficiency of the protocol is(More)
We consider the family of 2n-ton bit compression functions that are solely based on at most three permutation executions and on XOR-operators, and analyze its collision and preimage security. Despite their elegance and simplicity, these designs are not covered by the results of Rogaway and Steinberger (CRYPTO 2008). By defining a carefully chosen(More)
In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 14 candidates are left in the second round.(More)
The Sponge function is known to achieve 2 c/2 security, where c is its capacity. This bound was carried over to keyed variants of the function, such as SpongeWrap, to achieve a min{2 c/2 , 2 κ } security bound, with κ the key length. Similarly, many CAESAR competition submissions are designed to comply with the classical 2 c/2 security bound. We show that(More)