Learn More
Keymill is a side-channel resilient key generator, also known as re-keying function. Re-keying functions are a crucial building block of fresh re-keying schemes. To ensure the security against side-channel analysis of re-keying schemes, the used re-keying function has to withstand both simple power analysis and differential power analysis. We present a DPA(More)
We present a detailed security analysis of the CAESAR candidate Ascon. Amongst others, cube-like, differential and linear crypt-analysis are used to evaluate the security of Ascon. Our results are practical key-recovery attacks on round-reduced versions of Ascon-128, where the initialization is reduced to 5 out of 12 rounds. Theoretical key-recovery attacks(More)
Simpira is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We show that the underlying assumptions of(More)
Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against(More)
LowMC is a family of block ciphers developed particularly for use in multi-party computations and fully homomorphic encryption schemes, where the main performance penalty comes from non-linear operations. Thus, LowMC has been designed to minimize the total quantity of logical " and " operations, as well as the " and " depth. To achieve this, the LowMC(More)