Advances in Cryptology – CRYPTO 2004

@inproceedings{Franklin2004AdvancesIC,
  title={Advances in Cryptology – CRYPTO 2004},
  author={Matthew K. Franklin},
  booktitle={Lecture Notes in Computer Science},
  year={2004}
}
  • M. Franklin
  • Published in
    Lecture Notes in Computer…
     2004
  • Computer Science, Mathematics
In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a… 
View on Springer
wikidata.org
708 Citations
Highly Influential Citations
1
Background Citations
1
Methods Citations
1
Results Citations
1

708 Citations

Citation Type

Citation Type

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent
TLDR
Various attacks against reduced-round versions of the AES candidate Serpent are presented to confirm the significant reductions of the attacks data complexity that can be obtained from multiple linear approximations.
Multidimensional Linear Cryptanalysis of Reduced Round Serpent
TLDR
A new truly multidimensional approach to generalise Matsui's Algorithm 1.0 is presented and it is shown that the multiddimensional approach is more effective in recovering key bits correctly than the previous methods that use a multiple of one-dimensional linear approximations.
Improved and Multiple Linear Cryptanalysis of Reduced Round Serpent
TLDR
This paper presents a 9-round linear characteristic with probability $\frac{1}{2}+2^{-50}$ that involves a reduction of the estimated data complexity of the best reported attack by a factor of 16 and investigates the possibility to take advantage of multiple linear approximations for improving the linear cryptanalysis of Serpent.
A Statistical Saturation Attack against the Block Cipher PRESENT
TLDR
A statistical saturation attack that combines previously introduced cryptanalysis techniques against block ciphers and extracts information about the key by observing non-uniform distributions in the ciphertexts and improves previous (linear, differential) cryptanalysis results.
A New Technique for Multidimensional Linear Cryptanalysis with Applications on Reduced Round Serpent
TLDR
A new technique for Matsui's algorithm 2 using multidimensional linear approximation is presented and it is shown that the data complexity of the attack can be reduced significantly by the method even when the linear hull effect is present.
On Multidimensional Linear Cryptanalysis
Matsui's Algorithms 1 and 2 with multiple approximations have been studied over 16 years. In CRYPTO'04, Biryukov et al. proposed a formal framework based on m statistically independent
An Improved Fast Correlation Attack on Stream Ciphers
  • Bin Zhang, D. Feng
  • Computer Science, Mathematics
    Selected Areas in Cryptography
  • 2008
TLDR
An application of the new algorithm results in the first-known near-practical key recovery attack on the shrinking generator with the parameters suggested by Krawczyk in 1994.
Collisions on SHA-0 in One Hour
TLDR
This paper shows that the previous perturbation vectors used in all known attacks are not optimal and provides a new 2-block one and is able to produce the best collision attack against SHA-0 so far, with a measured complexity of 233,6hash function calls.
Algebraic Cryptanalysis of 58-Round SHA-1
TLDR
The aim of this article is to sophisticate and improve Wang's attack by using algebraic techniques and introduce new notions, namely semi-neutral bit and adjuster and propose then an improved message modification technique based ongebraic techniques.
Multi-trail Statistical Saturation Attacks
TLDR
The use of multiple trails is investigated and it is shown that it allows significant improvements of the previous cryptanalysis attempts against PRESENT, and Estimated complexities indicate that PRESENT-80 is safe against key recovery, by a small security margin.
...
...

References

SHOWING 1-10 OF 33 REFERENCES
Simplified OAEP for the RSA and Rabin Functions
  • D. Boneh
  • Computer Science, Mathematics
    CRYPTO
  • 2001
TLDR
It is shown that for the Rabin and RSA trapdoor functions a much simpler padding scheme is sufficient for chosen ciphertext security in the random oracle model and that only one round of a Feistel network is sufficient.
Finding a Small Root of a Univariate Modular Equation
We show how to solve a polynomial equation (mod N) of degree k in a single variable x, as long as there is a solution smaller than N1/k. We give two applications to RSA encryption with exponent 3.
The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin
TLDR
An RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties and a second scheme which maintains all of the above features and in addition provides message recovery is provided.
Efficient signature generation by smart cards
  • C. Schnorr
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2004
TLDR
An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.
Optimal Asymmetric Encryption-How to Encrypt with RSA
TLDR
A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.
An OAEP Variant With a Tight Security Proof
  • J. Jonsson
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2002
TLDR
It is demonstrated that if f is a one-way trapdoor function that is hard to invert, then OAEP combined with f is secure against an INDCCA2 adversary in the random oracle model.
On the Exact Security of Full Domain Hash
  • J. Coron
  • Computer Science, Mathematics
    CRYPTO
  • 2000
TLDR
A slightly different proof is exhibited which provides a tighter security reduction of the Full Domain Hash scheme, which improves the efficiency of the scheme since smaller RSA moduli can be used for the same level of security.
Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract)
TLDR
A general construction of zero-knowledge arguments, which can be based on any one-way permutation, is shown, which is efficient both players can execute only polynomial-time programs during the protocol and the security achieved is on-line.
Analysis of Bernstein's Factorization Circuit
TLDR
It is concluded that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field sieve.
Security Proof for Partial-Domain Hash Signature Schemes
  • J. Coron
  • Computer Science, Mathematics
    CRYPTO
  • 2002
TLDR
It is shown that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the random oracle model, if the output size of the hash function is larger than 2/3 of the modulus size.
...
...