Learn More
The innovative HB + protocol of Juels and Weis [10] extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with HB + and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. [8]. In this(More)
We introduce a practical synchronous stream cipher with provable security named QUAD. The cipher relies on the iteration of a multivariate quadratic system of m equations in n < m unknowns over a finite field. The security of QUAD is provably reducible to the conjectured intractability of the MQ problem, namely solving a multivariate system of quadratic(More)
Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the(More)
Rainbow is a fast asymmetric multivariate signature algorithm proposed by J. Ding and D. Schmidt in [5]. This paper presents a cryptanalysis of Rainbow which enables an attacker provided with the public key to recover an equivalent representation of the secret key, thus allowing her to efficiently forge a signature of any message. For the set of parameter(More)
Radio Frequency IDentifiers (RFID) are low-cost pervasive devices used in various settings for identification purposes: although they have originally been introduced to ease the supply chain management, they are already used in many other applications. Some of these applications need secure identification and ad-hoc authentication protocols have to be(More)
Crypton is a 12-round blockcipher proposed as an AES candidate by C.H. Lim in 1998. In this paper, we show how to exploit some statistical deficiencies of the Crypton round function to mount stocha-stic attacks on round-reduced versions of Crypton. Though more efficient than the best differential and linear attacks, our attacks do not endanger the practical(More)