Learn More
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A(More)
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all(More)
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the(More)
Building on the work of Kocher Koc96], we introduce the notion of em side-channel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of side-channel attacks and the vulner-abilities they introduce, demonstrate side-channel attacks against three product ciphers|timing attack against IDEA, processor-ag attack against RC5, and(More)
In this paper, we develop a new attack on Damgård-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of a message, and later " herd " any given starting part of a message to that hash value by the choice of an appropriate suffix. We introduce a(More)
Helix is a high-speed stream cipher with a built-in MAC function-ality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can(More)