Learn More
KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms.(More)
We study the security of step-reduced but otherwise unmodified SHA-256. We show the first collision attacks on SHA-256 reduced to 23 and 24 steps with complexities 2 18 and 2 28.5 , respectively. We give example colliding message pairs for 23-step and 24-step SHA-256. The best previous, recently obtained result was a collision attack for up to 22 steps. We(More)
The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which different ciphers actually reach their low-cost goals, on different platforms. This paper reports on an initiative aimed to partially relax this issue. First,(More)
Serpent is an SP Network block cipher submitted to the AES competition and chosen as one of its five finalists. The security of Serpent is widely acknowledged, especially as the best known attack so far is a differential-linear attack on only 11 rounds out of the 32 rounds of the cipher. In this paper we introduce a more accurate analysis of the(More)
In this paper, we will present an approach to find efficient bitsliced implementations of invertible 4 × 4-bit s-boxes. The approach generalises the methods introduced by Osvik [12]. We consider equivalence classes of s-boxes under linear and affine equivalence and search for the most efficient s-box in each class. The properties of these s-boxes are(More)
Tischhauser for many interesting discussions concerning the design of Lane and its predecessors, and for their continued effort on the cryptanalysis of both older and the final version of Lane. Their findings, comments and suggestions for improvements were invaluable in the design process. I extend my gratitude to Antoon Bosselaers, Emilia Käsper, Miroslav(More)
The cryptanalysis of the cryptographic hash function Tiger has, until now, focussed on finding collisions. In this paper we describe a preimage attack on the compression function of Tiger-12, i.e., Tiger reduced to 12 rounds out of 24, with a complexity of 2 63.5 compression function evaluations. We show how this can be used to construct second preimages(More)
Recent attacks on hash functions start by constructing a differential characteristic. By finding message pairs that satisfy this characteristic, a collision can be found. This paper describes the method of DeCannì ere and Rechberger to construct generalized characteristics for SHA-1 in more detail. This method is further generalized and applied to a(More)