#### Filter Results:

- Full text PDF available (51)

#### Publication Year

2010

2017

- This year (10)
- Last 5 years (57)
- Last 10 years (68)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Elmar Tischhauser, Kan Yasuda
- ASIACRYPT
- 2013

Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first… (More)

- Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda
- ASIACRYPT
- 2014

Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We… (More)

The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KAt consists of a small number t of fixed permutations Pi on n bits, separated by key addition: KAt(K,m) = kt ⊕ Pt(. . . k2 ⊕ P2(k1 ⊕ P1(k0 ⊕m)) . . . ),… (More)

- Elena Andreeva, Bart Mennink, Bart Preneel, Marjan Skrobot
- AFRICACRYPT
- 2012

In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to the vulnerabilities identified in widely employed hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 5 candidates are left in the… (More)

Sponge functions were originally proposed for hashing, but find increasingly more applications in keyed constructions, such as encryption and authentication. Depending on how the key is used we see two main types of keyed sponges in practice: inner and outer -keyed. Earlier security bounds, mostly due to the well-known sponge indifferentiability result,… (More)

- Jorge Guajardo, Bart Mennink, Berry Schoenmakers
- Financial Cryptography
- 2010

For the homomorphic Paillier cryptosystem we construct a protocol for secure modulo reduction, that on input of an encryption JxK with x of bit length `x and a public ‘modulus’ a of bit length `a outputs an encryption Jx mod aK. As a result, a protocol for computing an encrypted integer division Jxdiv aK is obtained. Surprisingly, efficiency of the protocol… (More)

- Elena Andreeva, Bart Mennink, Bart Preneel
- IACR Cryptology ePrint Archive
- 2010

In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 14 candidates are left in the second round.… (More)

- Elena Andreeva, Begül Bilgin, +4 authors Kan Yasuda
- IACR Cryptology ePrint Archive
- 2013

The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce… (More)

- Elena Andreeva, Bart Mennink, Bart Preneel
- SCN
- 2010

The notion of indifferentiability, introduced by Maurer et al., is an important criterion for the security of hash functions. Concretely, it ensures that a hash function has no structural design flaws and thus guarantees security against generic attacks up to the proven bounds. In this work we prove the indifferentiability of Grøstl, a second round SHA-3… (More)

- Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, Ingrid Verbauwhede
- Selected Areas in Cryptography
- 2014

We propose Chaskey: a very efficient Message Authentication Code (MAC) algorithm for 32-bit microcontrollers. It is intended for applications that require 128-bit security, yet cannot implement standard MAC algorithms because of stringent requirements on speed, energy consumption, or code size. Chaskey is a permutation-based MAC algorithm that uses the… (More)