#### Filter Results:

- Full text PDF available (99)

#### Publication Year

1996

2016

#### Publication Type

#### Co-author

#### Publication Venue

#### Key Phrases

Learn More

Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A… (More)

- Bruce Schneier, John Kelsey
- ACM Trans. Inf. Syst. Secur.
- 1999

In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all… (More)

- Bruce Schneier, John Kelsey
- USENIX Security Symposium
- 1998

1 1 f g t t t U T U U U T U U U T Abstract 1 Introduction

We expand a previous result of Dean [Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damgård-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2 k-message-block message with about k × 2 n/2+1 +2 n−k+1 work. Using RIPEMD-160 as an example, our attack can find a second… (More)

- Niels Ferguson, John Kelsey, +4 authors Doug Whiting
- FSE
- 2000

We improve the best attack on Rijndael reduced to 6 rounds from complexity 2 72 to 2 44. We also present the first known attacks on 7-and 8-round Rijndael. The attacks on 8-round Rijndael work for 192-bit and 256-bit keys. Finally, we discuss the key schedule of Rijndael and describe a related-key attack that can break 9-round Rijndael with 256-bit keys.

- John Kelsey, Bruce Schneier, David Wagner, Chris Hall
- Journal of Computer Security
- 1998

Building on the work of Kocher Koc96], we introduce the notion of em side-channel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of side-channel attacks and the vulner-abilities they introduce, demonstrate side-channel attacks against three product ciphers|timing attack against IDEA, processor-ag attack against RC5, and… (More)

- Morris Dworkin, Elaine Barker, John Kelsey, Allen Roginsky, Donna Dodson, Tim Polk
- 2007

(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the… (More)

- John Kelsey, Tadayoshi Kohno
- IACR Cryptology ePrint Archive
- 2005

In this paper, we develop a new attack on Damgård-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of a message, and later " herd " any given starting part of a message to that hash value by the choice of an appropriate suffix. We introduce a… (More)

Helix is a high-speed stream cipher with a built-in MAC function-ality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can… (More)

- Chris Hall, David Wagner, John Kelsey, Bruce Schneier
- CRYPTO
- 1998

We evaluate constructions for building pseudo-random functions (PRFs) from pseudo-random permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building… (More)