• Publications
  • Influence
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
It is confirmed that Camellia provides strong security against differential and linear cryptanalyses and at least comparable encryption speed in software and hardware.
Preimage Attacks on One-Block MD4, 63-Step MD5 and More
This paper shows preimage attacks on one-block MD4 and MD5 reduced to 63 (out of 64) steps. Our attacks are based on the meet-in-the-middle attack, and many additional improvements make the preimage
Factorization of a 768-Bit RSA Modulus
This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words.
Speci cation of Camellia | a 128-bit Block Cipher
Notations and Conventions 2.2.1 Radix 2.3 List of Symbols 2.4 Bit/Byte Ordering 2.5 Bit/ Byte Ordering.
Finding Preimages in Full MD5 Faster Than Exhaustive Search
This paper presents the first cryptographic preimage attack on the full MD5 hash function, based on splice-and-cut and local-collision techniques that have been applied to step-reduced MD5 and other hash functions.
Fast Implementations of AES Candidates
New performance numbers of the mentioned four ciphers resulting from the authors' carefully optimized assemblylanguage implementations on the Pentium II, the successor of the Pentanium Pro are presented.
Elliptic Curve Arithmetic Using SIMD
Two techniques for parallel computing with SIMD are proposed, which significantly enhances the speed of elliptic curve scalar multiplication and one of them is evaluated based on a real implementation on a Pentium III, which incorporates the SIMD architecture.
Preimage Attacks on 3, 4, and 5-Pass HAVAL
This paper proposes preimage attacks on hash function HAVAL whose output length is 256 bits, and optimize the computational order for brute-force attack on full 5-pass HAVal and its complexity is 2254.89.