Shahram Khazaei

Learn More
A recent framework for chosen IV statistical distinguishing analysis of stream ciphers is exploited and formalized to provide new methods for key recovery attacks. As an application, a key recovery attack on simplified versions of two eSTREAM Phase 3 candidates is given: For Grain-128 with IV initialization reduced to up to 180 of its 256 iterations, and(More)
The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis,(More)
We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net. We identify serious issues in the original(More)
Pomaranch is a synchronous stream cipher submitted to eSTREAM, the ECRYPT Stream Cipher Project. It uses 128-bit keys and IVs with different lengths. The cipher is constructed as a cascade clock control sequence generator, which is based on the notion of jump registers. Each jump register can be considered as a non-autonomous finite state machine which the(More)
In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a(More)
Abstract ABC is a synchronous stream proposed as a candidate to ECRYPT Project. ABC gets a 128-bit key and a 128-bit IV and produces 1195 bits as the internal state of the cipher. Using some statistical simulations we show that one of the ABC components, a key-IV dependent function over GF(2) called C which is chosen randomly from a family of functions, is(More)
We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ− 1, k − λ) mix-servers are corrupted. The main component of our construction is a mix-net that(More)
In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR’s which produce a given segment of the output(More)
Cryptographic primitives are the basic components of any cryptographic tool. Block ciphers, stream ciphers and hash functions are the fundamental primitives of symmetric cryptography. In symmetric cryptography, the communicating parties perform essentially the same operation and use the same key, if any. This thesis concerns cryptanalysis of stream ciphers(More)