#### Filter Results:

- Full text PDF available (39)

#### Publication Year

1958

2017

- This year (1)
- Last 5 years (22)
- Last 10 years (38)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Elmar Tischhauser, Kan Yasuda
- ASIACRYPT
- 2013

Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first… (More)

- Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda
- ASIACRYPT
- 2014

Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We… (More)

- Elena Andreeva, Gregory Neven, Bart Preneel, Thomas Shrimpton
- IACR Cryptology ePrint Archive
- 2007

Nearly all modern hash functions are constructed by iterating a compression function. At FSE’04, Rogaway and Shrimpton [RS04] formalized seven security notions for hash functions: collision resistance (Coll) and three variants of second-preimage resistance (Sec, aSec, eSec) and preimage resistance (Pre, aPre, ePre). The main contribution of this paper is in… (More)

The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KAt consists of a small number t of fixed permutations Pi on n bits, separated by key addition: KAt(K,m) = kt ⊕ Pt(. . . k2 ⊕ P2(k1 ⊕ P1(k0 ⊕m)) . . . ),… (More)

- Elena Andreeva, Charles Bouillaguet, +4 authors Sébastien Zimmer
- EUROCRYPT
- 2007

We develop a new generic long-message second preimage attack, based on combining the techniques in the second preimage attacks of Dean [8] and Kelsey and Schneier [16] with the herding attack of Kelsey and Kohno [15]. We show that these generic attacks apply to hash functions using the Merkle-Damgård construction with only slightly more work than the… (More)

- Elena Andreeva, Bart Mennink, Bart Preneel, Marjan Skrobot
- AFRICACRYPT
- 2012

In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to the vulnerabilities identified in widely employed hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 5 candidates are left in the… (More)

- Sebastiaan Indesteege, Elena Andreeva, +5 authors Elmar Tischhauser
- Symmetric Cryptography
- 2009

Tischhauser for many interesting discussions concerning the design of Lane and its predecessors, and for their continued effort on the cryptanalysis of both older and the final version of Lane. Their findings, comments and suggestions for improvements were invaluable in the design process. I extend my gratitude to Antoon Bosselaers, Emilia Käsper, Miroslav… (More)

Sponge functions were originally proposed for hashing, but find increasingly more applications in keyed constructions, such as encryption and authentication. Depending on how the key is used we see two main types of keyed sponges in practice: inner and outer -keyed. Earlier security bounds, mostly due to the well-known sponge indifferentiability result,… (More)

- Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, John Kelsey
- Selected Areas in Cryptography
- 2009

In this paper we present new attack techniques to analyze the structure of hash functions that are not based on the classical Merkle Damg̊ard construction. We extend the herding attack to concatenated hashes, and to certain hash functions that process each message block several times. Using this technique, we show a second preimage attack on the folklore… (More)

- Elena Andreeva, Bart Mennink, Bart Preneel
- IACR Cryptology ePrint Archive
- 2010

In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 14 candidates are left in the second round.… (More)