Learn More
In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR's which produce a given segment of the output(More)
The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis,(More)
A recent framework for chosen IV statistical distinguishing analysis of stream ciphers is exploited and formalized to provide new methods for key recovery attacks. As an application, a key recovery attack on simplified versions of two eSTREAM Phase 3 candidates is given: For Grain-128 with IV initialization reduced to up to 180 of its 256 iterations, and(More)
In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on lineariza-tion of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a(More)
Grain and Trivium are two hardware oriented synchronous stream ciphers proposed as the simplest candidates to the ECRYPT Stream Cipher Project , both dealing with 80-bit secret keys. In this paper we apply the linear sequential circuit approximation method to evaluate the strength of these stream ciphers against distinguishing attack. In this approximation(More)
We construct a provably secure mix-net from any CCA2 secure cryp-tosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ − 1, k − λ) mix-servers are corrupted. The main component of our construction is a mix-net that(More)
In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F (C, K) where the attacker has the power to choose the public variable C. In this work we focus on self-synchronizing stream ciphers. First we show how to model these primi-tives in the above-mentioned general problem by relating(More)
We study the heuristically secure mix-net proposed by Puiggalí and Guasch (EVOTE 2010). We present practical attacks on both correctness and privacy for some sets of parameters of the scheme. Although our attacks only allow us to replace a few inputs, or to break the privacy of a few voters, this shows that the scheme can not be proven secure.
This paper presents improved collision attacks on round-reduced variants of the hash function CubeHash, one of the SHA-3 second round candidates. We apply two methods for finding linear differential trails that lead to lower estimated attack complexities when used within the framework introduced by Brier, Khazaei, Meier and Peyrin at ASIA-CRYPT 2009. The(More)