Add to ORKGMany modern stream ciphers consist of a keystream generator and a key schedule algorithm. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. Note, however, that little theory on the initialisation of large inner states exists, and many practical designs are based on an ad-hoc approach. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak key schedule algorithm. In this paper, we propose a strict separation of keystream generator and key schedule algorithm in stream cipher design. A formal definition of inner state size is given, and lower bounds on the necessary inner state size a...
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciph...
The main objective of this thesis is to examine the trade-offs between security and efficiency with...
We show that the knowledge of any one of the two internal state arrays of HC-128 along with the know...
Many modern stream ciphers consist of a keystream generator and a key schedule algorithm. In fielded...
After the introduction of some stream ciphers with the minimal internal state, the design idea of th...
Time-memory-data tradeoff (TMD-TO) attacks limit the security level of many classical stream ciphers...
Abstract. The internal state size of a stream cipher is supposed to be at least twice the key length...
We propose and analyze the LIZARD-construction, a way to construct keystream generator (KSG) based s...
Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive sear...
In recent years, the initialization vector (IV) setup has proven to be the most vulnerable point whe...
Most stream ciphers used in practice are vulnerable against generic collision attacks, which allow t...
In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial...
We introduce a new construction method of diffusion layers for Substitution Permutation Network (SPN...
AbstractThe shrinking generator is a simple keystream generator with applications in stream ciphers,...
Well-designed initialisation and keystream generation processes for stream ciphers should ensure tha...
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciph...
The main objective of this thesis is to examine the trade-offs between security and efficiency with...
We show that the knowledge of any one of the two internal state arrays of HC-128 along with the know...
Many modern stream ciphers consist of a keystream generator and a key schedule algorithm. In fielded...
After the introduction of some stream ciphers with the minimal internal state, the design idea of th...
Time-memory-data tradeoff (TMD-TO) attacks limit the security level of many classical stream ciphers...
Abstract. The internal state size of a stream cipher is supposed to be at least twice the key length...
We propose and analyze the LIZARD-construction, a way to construct keystream generator (KSG) based s...
Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive sear...
In recent years, the initialization vector (IV) setup has proven to be the most vulnerable point whe...
Most stream ciphers used in practice are vulnerable against generic collision attacks, which allow t...
In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial...
We introduce a new construction method of diffusion layers for Substitution Permutation Network (SPN...
AbstractThe shrinking generator is a simple keystream generator with applications in stream ciphers,...
Well-designed initialisation and keystream generation processes for stream ciphers should ensure tha...
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciph...
The main objective of this thesis is to examine the trade-offs between security and efficiency with...
We show that the knowledge of any one of the two internal state arrays of HC-128 along with the know...