Add to ORKGNewly designed block ciphers are required to show resistance against known attacks, e.g., linear and differential cryptanalysis. Two widely used methods to do this are to employ an automated search tool (e.g., MILP, SAT/SMT, etc.) and/or provide a wide-trail argument. In both cases, the core of the argument consists of bounding the transition probability of the statistical property over an isolated non-linear operation, then multiply it by the number of such operations (e.g., number of active S-boxes). In this paper we show that in the case of linear cryptanalysis such strategies can sometimes lead to a gap between the claimed security and the actual one, and that this gap can be exploited by a malicious designer. We introduce RooD, a block...
The contributions of this paper include the first linear hull and a revisit of the algebraic cryptan...
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very simi...
Despite the fact that we evidently have very good block ciphers at hand today, some fundamental ques...
Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet difficult ...
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very simi...
Despite the fact that we evidently have very good block ciphers at hand today, some fundamental ques...
In this paper, we are concerned with the security of block ciphers against linear cryptanalysis and ...
Abstract. In this paper, we are concerned with the security of block ciphers against linear cryptana...
When designing a new symmetric-key primitive, the designer must show resistance to known attacks. Pe...
When designing a new symmetric-key primitive, the designer must show resistance to known attacks. Pe...
The main goal of this diploma work is the implementation of Matsui's linear cryptanalysis of DES and...
We present a rather generic backdoor mechanism that can be applied to many LWE-like public-key crypt...
A new approach to the security analysis of hardware-oriented masked ciphers against second-order sid...
Since the publication of linear cryptanalysis in the early 1990s, the precise under-standing of the ...
This paper serves as a systematization of knowledge of linear cryptanalysis and provides novel insig...
The contributions of this paper include the first linear hull and a revisit of the algebraic cryptan...
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very simi...
Despite the fact that we evidently have very good block ciphers at hand today, some fundamental ques...
Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet difficult ...
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very simi...
Despite the fact that we evidently have very good block ciphers at hand today, some fundamental ques...
In this paper, we are concerned with the security of block ciphers against linear cryptanalysis and ...
Abstract. In this paper, we are concerned with the security of block ciphers against linear cryptana...
When designing a new symmetric-key primitive, the designer must show resistance to known attacks. Pe...
When designing a new symmetric-key primitive, the designer must show resistance to known attacks. Pe...
The main goal of this diploma work is the implementation of Matsui's linear cryptanalysis of DES and...
We present a rather generic backdoor mechanism that can be applied to many LWE-like public-key crypt...
A new approach to the security analysis of hardware-oriented masked ciphers against second-order sid...
Since the publication of linear cryptanalysis in the early 1990s, the precise under-standing of the ...
This paper serves as a systematization of knowledge of linear cryptanalysis and provides novel insig...
The contributions of this paper include the first linear hull and a revisit of the algebraic cryptan...
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very simi...
Despite the fact that we evidently have very good block ciphers at hand today, some fundamental ques...