• Publications
  • Influence
Differential Fault Analysis of Secret Key Cryptosystems
This work states that this attack is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES). Expand
Differential Cryptanalysis of the Data Encryption Standard
This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants. Expand
Serpent: A Proposal for the Advanced Encryption Standard
A new block cipher is proposed that uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables it to be more secure than three-key triple-DES. Expand
A Framework for Iterative Hash Functions - HAIFA
It is shown that most recent pro- posals such as randomized hashing, the enveloped Merkle-Damgard, and the RMC and ROX modes can be all be instantiated as part of the HAsh Iterative FrAmework (HAIFA). Expand
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials
A new cryptanalytic technique, based on impossible differentials, is presented, and it is shown that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search. Expand
New types of cryptanalytic attacks using related keys
  • E. Biham
  • Mathematics, Computer Science
  • Journal of Cryptology
  • 1 December 1994
It is shown that the key-scheduling algorithms of many blockciphers inherit obvious relationships between keys, and use these key relations to attack the blockcips, and that DES is not vulnerable to the related keys attacks. Expand
A Fast New DES Implementation in Software
  • E. Biham
  • Computer Science
  • FSE
  • 20 January 1997
A new optimized standard implementation of DES on 64-bit processors is described, which is about twice faster than the fastest known standard DES implementation on the same processor. Expand
Near-Collisions of SHA-0
This paper finds two near-collisions of the full compression function ofSHA-0, in which up to 142 of the 160 bits of the output are equal, and shows that 82-round SHA-0 is much weaker than the (80-round) SHA-1, although it has more rounds, and demonstrates that the strength of SHA- 0 is not monotonous in the number of rounds. Expand
Two Practical and Provably Secure Block Ciphers: BEARS and LION
Two new provably secure block ciphers are suggested, called BEAR and LION, which both have large block sizes, and are based on the Luby-Rackoff construction. Expand