#### Filter Results:

#### Publication Year

1996

2016

#### Publication Type

#### Co-author

#### Publication Venue

#### Key Phrases

Learn More

In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all… (More)

Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A… (More)

We expand a previous result of Dean [Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damgård-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2 k-message-block message with about k × 2 n/2+1 +2 n−k+1 work. Using RIPEMD-160 as an example, our attack can find a second… (More)

1 1 f g t t t U T U U U T U U U T Abstract 1 Introduction

- Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Michael Stay, David Wagner +1 other
- FSE
- 2000

We improve the best attack on Rijndael reduced to 6 rounds from complexity 2 72 to 2 44. We also present the first known attacks on 7-and 8-round Rijndael. The attacks on 8-round Rijndael work for 192-bit and 256-bit keys. Finally, we discuss the key schedule of Rijndael and describe a related-key attack that can break 9-round Rijndael with 256-bit keys.

In this paper, we develop a new attack on Damgård-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of a message, and later " herd " any given starting part of a message to that hash value by the choice of an appropriate suffix. We introduce a… (More)

Helix is a high-speed stream cipher with a built-in MAC function-ality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can… (More)

- Morris Dworkin, Elaine Barker, John Kelsey, Allen Roginsky, Donna Dodson, Tim Polk
- 2007

(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the… (More)

We introduce \mod n cryptanalysis," a form of partitioning attack that is eeective against ciphers which rely on modular addition and bit rotations for their security. We demonstrate this attack with a mod 3 attack against RC5P, an RC5 variant that uses addition instead of xor. We also show mod 5 and mod 257 attacks against M6, a cipher proposed in the… (More)

We evaluate constructions for building pseudo-random functions (PRFs) from pseudo-random permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building… (More)