Learn More
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all(More)
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A(More)
We improve the best attack on Rijndael reduced to 6 rounds from complexity 2 72 to 2 44. We also present the first known attacks on 7-and 8-round Rijndael. The attacks on 8-round Rijndael work for 192-bit and 256-bit keys. Finally, we discuss the key schedule of Rijndael and describe a related-key attack that can break 9-round Rijndael with 256-bit keys.
Building on the work of Kocher Koc96], we introduce the notion of em side-channel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of side-channel attacks and the vulner-abilities they introduce, demonstrate side-channel attacks against three product ciphers|timing attack against IDEA, processor-ag attack against RC5, and(More)
In this paper, we develop a new attack on Damgård-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of a message, and later " herd " any given starting part of a message to that hash value by the choice of an appropriate suffix. We introduce a(More)
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the(More)
Helix is a high-speed stream cipher with a built-in MAC function-ality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can(More)
We introduce \mod n cryptanalysis," a form of partitioning attack that is eeective against ciphers which rely on modular addition and bit rotations for their security. We demonstrate this attack with a mod 3 attack against RC5P, an RC5 variant that uses addition instead of xor. We also show mod 5 and mod 257 attacks against M6, a cipher proposed in the(More)