Learn More
KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms.(More)
The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which different ciphers actually reach their low-cost goals, on different platforms. This paper reports on an initiative aimed to partially relax this issue. First,(More)
We study the security of step-reduced but otherwise unmodified SHA-256. We show the first collision attacks on SHA-256 reduced to 23 and 24 steps with complexities 2 18 and 2 28.5 , respectively. We give example colliding message pairs for 23-step and 24-step SHA-256. The best previous, recently obtained result was a collision attack for up to 22 steps. We(More)
Serpent is an SP Network block cipher submitted to the AES competition and chosen as one of its five finalists. The security of Serpent is widely acknowledged, especially as the best known attack so far is a differential-linear attack on only 11 rounds out of the 32 rounds of the cipher. In this paper we introduce a more accurate analysis of the(More)
The EnRUPT hash functions were proposed by O’Neil, Nohl and Henzen as candidates for the SHA-3 competition, organised by NIST. The proposal contains seven concrete hash functions, each with a different digest length. We present a practical collision attack on each of these seven EnRUPT variants. The time complexity of our attack varies from 236 to 240 round(More)
Tischhauser for many interesting discussions concerning the design of Lane and its predecessors, and for their continued effort on the cryptanalysis of both older and the final version of Lane. Their findings, comments and suggestions for improvements were invaluable in the design process. I extend my gratitude to Antoon Bosselaers, Emilia Käsper, Miroslav(More)
The cryptanalysis of the cryptographic hash function Tiger has, until now, focussed on finding collisions. In this paper we describe a preimage attack on the compression function of Tiger-12, i.e., Tiger reduced to 12 rounds out of 24, with a complexity of 2 63.5 compression function evaluations. We show how this can be used to construct second preimages(More)
Recent attacks on hash functions start by constructing a differential characteristic. By finding message pairs that satisfy this characteristic, a collision can be found. This paper describes the method of DeCannì ere and Rechberger to construct generalized characteristics for SHA-1 in more detail. This method is further generalized and applied to a(More)
The cryptographic hash function Maraca was submitted to the NIST SHA-3 competition [4] by Jenkins [3]. In this work, we show a practical preimage attack on Maraca. Our attack has been implemented and verified experimentally. This shows that Maraca does not achieve several important security properties which a secure cryptographic hash function is expected(More)