Ewan Fleischmann

Learn More
On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only – in practice, the(More)
We provide the first proof of security for Tandem-DM, one of the oldest and most well-known constructions for turning a block cipher with n-bit block length and 2n-bit key length into a 2n-bit cryptographic hash function. We prove, that when Tandem-DM is instantiated with AES-256, block length 128 bits and key length 256 bits, any adversary that asks less(More)
We provide the first proof of security for Abreast-DM, one of the oldest and most wellknown constructions for turning a block cipher with n-bit block length and 2n-bit key length into a 2n-bit cryptographic hash function. In particular, we prove that when Abreast-DM is instantiated with AES-256, i.e. a block cipher with 128-bit block length and 256-bit key(More)
ARIA [4] is a block cipher proposed at ICISC’03. Its design is very similar to the advanced encryption standard (AES). The authors propose that on 32-bit processors, the encryption speed is at least 70% of that of the AES. They claim to offer a higher security level than AES. In this paper we present two attacks of reduced round ARIA which shows some(More)
There are four somewhat classical double length block cipher based compression functions known: MDC-2, MDC-4, Abreast-DM, and Tandem-DM. They all have been developed over 20 years ago. In recent years, cryptographic research has put a focus on block cipher based hashing and found collision security results for three of them (MDC-2, Abreast-DM, Tandem-DM).(More)
In this paper we investigate the security of the compression function of HAS-160 in encryption mode. The structure of HAS-160 is similar to SHA-1 besides some modifications.This is the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. We apply a key recovery attack that requires 2 chosen plaintexts and 2 80-round(More)
In this note we give an overview on the current state of the SHA-3 candidates. First, we classify all publicly known candidates and, second, we outline and summarize the performance data as given in the candidates documentation for 64-bit and 32-bit implementations. We define performance classes and classify the hash algorithms. Note, that this article will(More)