We present an invariant subspace attack on the block cipher Midori64, proposed at Asiacrypt 2015. Our analysis shows that Midori64 has a class of 232 weak keys. Under any such key, the cipher can be distinguished with only a single chosen query, and the key can be recovered in 216 time with two chosen queries. As both the distinguisher and the key recovery have very low complexities, we confirm our analysis by implementing the attacks. Some tweaks of round constants make Midori64 more resistant to the attacks, but some lead to even larger weak-key classes. To eliminate the dependency on the round constants, we investigate alternative S-boxes for Midori64 that provide certain level of security against the found invariant subspace attacks, re...
International audienceIn this paper, we revisit meet-in-the-middle attacks on AES in the single-key ...
We examine the security of the 64-bit lightweight block cipher PRESENT-80 against related-key differ...
Resistance against differential cryptanalysis is an important design criteria for any modern block c...
In this paper, we present an invariant subspace attack against block cipher Midori64 which has recen...
Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015 to achieve low energ...
Abstract. Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One versi...
International audienceMany lightweight block ciphers apply a very simple key schedule in which the r...
Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Mido...
Many lightweight block ciphers apply a very simple key schedule in which the round keys only differ ...
International audienceMidori64 and Midori128 [2] are lightweight block ciphers, which respectively c...
International audienceMany lightweight block ciphers use a very simple key-schedule where the round-...
© 2018 Elsevier B.V. Invariant subspace attack is a novel cryptanalytic technique which breaks sever...
The nonlinear invariant attack was introduced at ASIACRYPT 2016 by Todo et al.. The attack has recei...
Abstract. In PQCrypto 2013 Yasuda, Takagi and Sakurai proposed an interesting signature scheme of ef...
Abstract For block ciphers, Bogdanov et al. found that there are some linear approximations satisfyi...
International audienceIn this paper, we revisit meet-in-the-middle attacks on AES in the single-key ...
We examine the security of the 64-bit lightweight block cipher PRESENT-80 against related-key differ...
Resistance against differential cryptanalysis is an important design criteria for any modern block c...
In this paper, we present an invariant subspace attack against block cipher Midori64 which has recen...
Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015 to achieve low energ...
Abstract. Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One versi...
International audienceMany lightweight block ciphers apply a very simple key schedule in which the r...
Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Mido...
Many lightweight block ciphers apply a very simple key schedule in which the round keys only differ ...
International audienceMidori64 and Midori128 [2] are lightweight block ciphers, which respectively c...
International audienceMany lightweight block ciphers use a very simple key-schedule where the round-...
© 2018 Elsevier B.V. Invariant subspace attack is a novel cryptanalytic technique which breaks sever...
The nonlinear invariant attack was introduced at ASIACRYPT 2016 by Todo et al.. The attack has recei...
Abstract. In PQCrypto 2013 Yasuda, Takagi and Sakurai proposed an interesting signature scheme of ef...
Abstract For block ciphers, Bogdanov et al. found that there are some linear approximations satisfyi...
International audienceIn this paper, we revisit meet-in-the-middle attacks on AES in the single-key ...
We examine the security of the 64-bit lightweight block cipher PRESENT-80 against related-key differ...
Resistance against differential cryptanalysis is an important design criteria for any modern block c...