We present a new way to construct a MAC function based on a block cipher. We apply this construction to AES resulting in a MAC function that is a factor 2.5 more efficient than CBC-MAC with AES, while providing a comparable claimed security level.
This paper proposes a novel construction, called duplex, closely related to the sponge construction, that accepts message blocks to be hashed and—at no extra cost—provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic aaacks. The main… (More)
We present new a MAC function based on Rijndael that is a factor 2.5 more efficient than CBC-MAC with Rijndael, while providing a comparable claimed security level. This MAC function has the Alred construction  and can be seen as an optimized version of Alpha-MAC introduced in the same paper.
In this paper we present a new 128-bit block cipher called Square. The original design of Square concentrates on the resistance against diierential and linear cryptanalysis. However, after the initial design a dedicated attack was mounted that forced us to augment the number of rounds. The goal of this paper is the publication of the resulting cipher for… (More)
In this paper we prove that the sponge construction introduced in  is indifferentiable from a random oracle when being used with a random transformation or a random permutation and discuss its implications. To our knowledge, this is the first time indifferentiability has been shown for a construction calling a random permutation (instead of an ideal… (More)
We present a diierential attack on 2,5 rounds of IDEA that requires 2 10 chosen plain-text encryptions and a workload of about 2 32 multiplications modulo 2 16 +1. This attack is more powerful than all previously published general attacks on the IDEA structure. This attack does in no way aaect the security of the full 8 rounds of IDEA.