# Advances in Cryptology – CRYPTO 2004

@inproceedings{Franklin2004AdvancesIC, title={Advances in Cryptology – CRYPTO 2004}, author={Matthew K. Franklin}, booktitle={Lecture Notes in Computer Science}, year={2004} }

In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a…

## 707 Citations

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent

- Computer Science, MathematicsFSE
- 2008

Various attacks against reduced-round versions of the AES candidate Serpent are presented to confirm the significant reductions of the attacks data complexity that can be obtained from multiple linear approximations.

Multidimensional Linear Cryptanalysis of Reduced Round Serpent

- Computer Science, MathematicsACISP
- 2008

A new truly multidimensional approach to generalise Matsui's Algorithm 1.0 is presented and it is shown that the multiddimensional approach is more effective in recovering key bits correctly than the previous methods that use a multiple of one-dimensional linear approximations.

Improved and Multiple Linear Cryptanalysis of Reduced Round Serpent

- Computer Science, MathematicsInscrypt
- 2007

This paper presents a 9-round linear characteristic with probability $\frac{1}{2}+2^{-50}$ that involves a reduction of the estimated data complexity of the best reported attack by a factor of 16 and investigates the possibility to take advantage of multiple linear approximations for improving the linear cryptanalysis of Serpent.

A Statistical Saturation Attack against the Block Cipher PRESENT

- Computer Science, MathematicsCT-RSA
- 2009

A statistical saturation attack that combines previously introduced cryptanalysis techniques against block ciphers and extracts information about the key by observing non-uniform distributions in the ciphertexts and improves previous (linear, differential) cryptanalysis results.

A New Technique for Multidimensional Linear Cryptanalysis with Applications on Reduced Round Serpent

- Computer Science, MathematicsICISC
- 2008

A new technique for Matsui's algorithm 2 using multidimensional linear approximation is presented and it is shown that the data complexity of the attack can be reduced significantly by the method even when the linear hull effect is present.

On Multidimensional Linear Cryptanalysis

- Computer Science, MathematicsACISP
- 2010

Matsui's Algorithms 1 and 2 with multiple approximations have been studied over 16 years. In CRYPTO'04, Biryukov et al. proposed a formal framework based on m statistically independent…

An Improved Fast Correlation Attack on Stream Ciphers

- Computer Science, MathematicsSelected Areas in Cryptography
- 2008

An application of the new algorithm results in the first-known near-practical key recovery attack on the shrinking generator with the parameters suggested by Krawczyk in 1994.

Collisions on SHA-0 in One Hour

- Computer Science, MathematicsFSE
- 2008

This paper shows that the previous perturbation vectors used in all known attacks are not optimal and provides a new 2-block one and is able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6hash function calls.

Algebraic Cryptanalysis of 58-Round SHA-1

- Computer Science, MathematicsFSE
- 2007

The aim of this article is to sophisticate and improve Wang's attack by using algebraic techniques and introduce new notions, namely semi-neutral bit and adjuster and propose then an improved message modification technique based ongebraic techniques.

Multi-trail Statistical Saturation Attacks

- Computer Science, MathematicsACNS
- 2010

The use of multiple trails is investigated and it is shown that it allows significant improvements of the previous cryptanalysis attempts against PRESENT, and Estimated complexities indicate that PRESENT-80 is safe against key recovery, by a small security margin.

## References

SHOWING 1-10 OF 33 REFERENCES

Simplified OAEP for the RSA and Rabin Functions

- Computer Science, MathematicsCRYPTO
- 2001

It is shown that for the Rabin and RSA trapdoor functions a much simpler padding scheme is sufficient for chosen ciphertext security in the random oracle model and that only one round of a Feistel network is sufficient.

Finding a Small Root of a Univariate Modular Equation

- Computer Science, MathematicsEUROCRYPT
- 1996

We show how to solve a polynomial equation (mod N) of degree k in a single variable x, as long as there is a solution smaller than N1/k. We give two applications to RSA encryption with exponent 3.…

The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin

- Computer Science, MathematicsEUROCRYPT
- 1996

An RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties and a second scheme which maintains all of the above features and in addition provides message recovery is provided.

Efficient signature generation by smart cards

- Computer Science, MathematicsJournal of Cryptology
- 2004

An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.

Optimal Asymmetric Encryption-How to Encrypt with RSA

- Computer Science, Mathematics
- 1995

A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.

An OAEP Variant With a Tight Security Proof

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2002

It is demonstrated that if f is a one-way trapdoor function that is hard to invert, then OAEP combined with f is secure against an INDCCA2 adversary in the random oracle model.

On the Exact Security of Full Domain Hash

- Computer Science, MathematicsCRYPTO
- 2000

A slightly different proof is exhibited which provides a tighter security reduction of the Full Domain Hash scheme, which improves the efficiency of the scheme since smaller RSA moduli can be used for the same level of security.

Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract)

- Computer Science, MathematicsCRYPTO
- 1992

A general construction of zero-knowledge arguments, which can be based on any one-way permutation, is shown, which is efficient both players can execute only polynomial-time programs during the protocol and the security achieved is on-line.

Analysis of Bernstein's Factorization Circuit

- Computer ScienceASIACRYPT
- 2002

It is concluded that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field sieve.

Security Proof for Partial-Domain Hash Signature Schemes

- Computer Science, MathematicsCRYPTO
- 2002

It is shown that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the random oracle model, if the output size of the hash function is larger than 2/3 of the modulus size.