Add to ORKGIn this paper, we present new key-recovery attacks on AES with a single secret S-Box. Several attacks for this model have been proposed in literature, the most recent ones at Crypto’16 and FSE’17. Both these attacks exploit a particular property of the MixColumns matrix to recover the secret-key. In this work, we show that the same attacks work exploiting a weaker property of the MixColumns matrix. As first result, this allows to (largely) increase the number of MixColumns matrices for which it is possible to set up all these attacks. As a second result, we present new attacks on 5-round AES with a single secret S-Box that exploit the new multiple-of-n property recently proposed at Eurocrypt’17. This property is based on the fact that choo...
peer reviewedThe Russian Federation's standardization agency has recently published a hash function ...
Abstract. In response to various cryptanalysis results on white-box cryptography, Bringer et al. pre...
International audienceThe majority of current attacks on reduced-round variants of block ciphers see...
Abstract. How does the security of the AES change when the S-box is replaced by a secret S-box, abou...
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” ...
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES -- based on the “multiple-of-8”...
International audienceIn this paper, we revisit meet-in-the-middle attacks on AES in the single-key ...
We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. Wit...
ABSTRACT The majority of the published attacks on reduced-round variants of block ciphers seeks to m...
peer reviewedIn this paper we consider the security of block ciphers which contain alternate layers ...
In this paper, we improve the recent rebound and start-from-the-middle attacks on AES-like permutati...
We present a cryptanalysis of the ASASA public key cipher introduced at Asiacrypt 2014. This scheme ...
In this note we present the first attack with feasible complexity on the 13-round AES-256. The atta...
We present a 5-round distinguisher for AES. We exploit this distinguisher to develop a meet-in-the-m...
In response to various cryptanalysis results on white-box cryptography, Bringer et al. presented a n...
peer reviewedThe Russian Federation's standardization agency has recently published a hash function ...
Abstract. In response to various cryptanalysis results on white-box cryptography, Bringer et al. pre...
International audienceThe majority of current attacks on reduced-round variants of block ciphers see...
Abstract. How does the security of the AES change when the S-box is replaced by a secret S-box, abou...
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” ...
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES -- based on the “multiple-of-8”...
International audienceIn this paper, we revisit meet-in-the-middle attacks on AES in the single-key ...
We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. Wit...
ABSTRACT The majority of the published attacks on reduced-round variants of block ciphers seeks to m...
peer reviewedIn this paper we consider the security of block ciphers which contain alternate layers ...
In this paper, we improve the recent rebound and start-from-the-middle attacks on AES-like permutati...
We present a cryptanalysis of the ASASA public key cipher introduced at Asiacrypt 2014. This scheme ...
In this note we present the first attack with feasible complexity on the 13-round AES-256. The atta...
We present a 5-round distinguisher for AES. We exploit this distinguisher to develop a meet-in-the-m...
In response to various cryptanalysis results on white-box cryptography, Bringer et al. presented a n...
peer reviewedThe Russian Federation's standardization agency has recently published a hash function ...
Abstract. In response to various cryptanalysis results on white-box cryptography, Bringer et al. pre...
International audienceThe majority of current attacks on reduced-round variants of block ciphers see...