Learn More
  • R Riener, T Fuhr
  • 1998
To control movements aided by functional electrical stimulation (FES) in paraplegic patients, stimulation of the paralyzed lower limbs might be adjusted in response to voluntary upper body effort. Recently, Donaldson and Yu proposed a theoretical approach, called "control by handle reactions of leg muscle stimulation" (CHRELMS), in which stimulation of the(More)
As such, public-key encryption with keyword search (a.k.a PEKS or searchable encryption) does not allow the recipient to decrypt keywords i.e. encryption is not invertible. This paper introduces search-able encryption schemes which enable decryption. An additional feature is that the decryption key and the trapdoor derivation key are totally independent ,(More)
—Classical Fault Attacks often require the ability to encrypt twice the same plaintext, in order to get one or several pairs of correct and faulty ciphertexts corresponding to the same message. This observation led some designers to think that a randomized mode of operation may be sufficient to protect block cipher encryption against this kind of threat. In(More)
Shabal is based on a new provably secure mode of operation. Some related-key distin-guishers for the underlying keyed permutation have been exhibited recently by Aumasson et al. and Knudsen et al., but with no visible impact on the security of Shabal. This paper then aims at extensively studying such distinguishers for the keyed permutation used in Shabal,(More)
In this paper we study the second preimage resistance of Hamsi-256, a second round SHA-3 candidate. We show that it is possible to find affine equations between some input bits and some output bits on the 3-round compression function. This property enables an attacker to find pseudo preimages for the Hamsi-256 compression function. The pseudo preimage(More)
In this note we show that the message authentication code 128-EIA3 considered for adoption as a third integrity algorithm in the emerging mobile standard LTE is vulnerable to a simple existential forgery attack. This attack allows, given any message and the associated MAC value under an unknown integrity key and an initial vector, to predict the MAC value(More)
In this paper we study the security of the RadioGatún family of hash functions, and more precisely the collision resistance of this proposal. We show that it is possible to find differential paths with acceptable probability of success. Then, by using the freedom degrees available from the incoming message words, we provide a significant improvement over(More)
In this paper we investigate the security of the two most recent versions of the message authentication code 128-EIA3, which is considered for adoption as a third integrity algorithm in the emerging 3GPP standard LTE. We first present an efficient existential forgery attack against the June 2010 version of the algorithm. This attack allows, given any(More)