[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?




Dates are inconsistent

Dates are inconsistent

17 results sorted by ID

2023/1846 (PDF) Last updated: 2023-12-22
New Security Proofs and Complexity Records for Advanced Encryption Standard
Orhun Kara
Secret-key cryptography

Common block ciphers like AES specified by the NIST or KASUMI (A5/3) of GSM are extensively utilized by billions of individuals globally to protect their privacy and maintain confidentiality in daily communications. However, these ciphers lack comprehensive security proofs against the vast majority of known attacks. Currently, security proofs are limited to differential and linear attacks for both AES and KASUMI. For instance, the consensus on the security of AES is not based on formal...

2023/1557 (PDF) Last updated: 2023-10-10
Revisit Two Memoryless State-Recovery Cryptanalysis Methods on A5/1
Yanbin Xu, Yonglin Hao, Mingxing Wang
Attacks and cryptanalysis

At ASIACRYPT 2019, Zhang proposed a near collision attack on A5/1 claiming to recover the 64-bit A5/1 state with a time complexity around $2^{32}$ cipher ticks with negligible memory requirements. Soon after its proposal, Zhang's near collision attack was severely challenged by Derbez \etal who claimed that Zhang's attack cannot have a time complexity lower than Golic's memoryless guess-and-determine attack dating back to EUROCRYPT 1997. In this paper, we study both the guess-and-determine...

2022/1349 (PDF) Last updated: 2022-10-10
Invertibility of multiple random functions and its application to symmetric ciphers
Xiutao Feng, Xiaoshan GAO, Zhangyi WANG, Xiangyong ZENG
Foundations

The invertibility of a random function (IRF, in short) is an important problem and has wide applications in cryptography. For ex- ample, searching a preimage of Hash functions, recovering a key of block ciphers under the known-plaintext-attack model, solving discrete loga- rithms over a prime field with large prime, and so on, can be viewed as its instances. In this work we describe the invertibility of multiple random functions (IMRF, in short), which is a generalization of the IRF. In...

2021/021 (PDF) Last updated: 2021-01-06
Fake Near Collisions Attacks
Patrick Derbez, Pierre-Alain Fouque, Victor Mollimard
Secret-key cryptography

Fast Near collision attacks on the stream ciphers Grain v1 and A5/1 were presented at Eurocrypt 2018 and Asiacrypt 2019 respectively. They use the fact that the entire internal state can be split into two parts so that the second part can be recovered from the first one which can be found using the keystream prefix and some guesses of the key materials. In this paper we reevaluate the complexity of these attacks and show that actually they are inferior to previously known results. Basically,...

2017/1172 (PDF) Last updated: 2017-12-06
A Note on Stream Ciphers that Continuously Use the IV
Matthias Hamann, Matthias Krause, Willi Meier
Secret-key cryptography

Time-memory-data tradeoff (TMD-TO) attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $n/2$, where $n$ denotes the inner state length of the underlying keystream generator. This implies that to withstand TMD tradeoff attacks, the state size should be at least double the key size. In 2015, Armknecht and Mikhalev introduced a new line of research, which pursues the goal of reducing the inner state size of lightweight stream ciphers below...

2017/384 (PDF) Last updated: 2017-06-27
Time-Memory-Data Tradeoff Attacks against Small-State Stream Ciphers
Matthias Hamann, Matthias Krause, Willi Meier, Bin Zhang
Secret-key cryptography

Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $\frac{1}{2}n$, where $n$ denotes the inner state length of the underlying keystream generator. This implies that to withstand TMD tradeoff attacks, the state size should be at least double the key size. In 2015, Armknecht and Mikhalev introduced a new line of research, which pursues the goal of reducing the inner state size of lightweight stream ciphers...

2016/926 (PDF) Last updated: 2017-02-24
LIZARD - A Lightweight Stream Cipher for Power-constrained Devices
Matthias Hamann, Matthias Krause, Willi Meier

Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $\frac{1}{2}n$, where $n$ denotes the inner state length of the underlying keystream generator. In this paper, we present LIZARD, a lightweight stream cipher for power-constrained devices like passive RFID tags. Its hardware efficiency results from combining a Grain-like design with the $FP(1)$-mode, a recently suggested construction principle for the state...

2015/636 (PDF) Last updated: 2017-02-24
On Stream Ciphers with Provable Beyond-the-Birthday-Bound Security against Time-Memory-Data Tradeoff Attacks
Matthias Hamann, Matthias Krause

We propose and analyze the LIZARD-construction, a way to construct keystream generator (KSG) based stream ciphers with provable $\frac{2}{3} n$-security with respect to generic time-memory-data tradeoff attacks. Note that for the vast majority of known practical KSG-based stream ciphers such attacks reduce the effective key length to the birthday bound $n/2$, where $n$ denotes the inner state length of the underlying KSG. This implies that practical stream ciphers have to have a...

2013/096 (PDF) Last updated: 2013-02-27
State convergence in bit-based stream ciphers
Sui-Guan Teo, Harry Bartlett, Ali Alhamdan, Leonie Simpson, Kenneth Koon-Ho Wong, Ed Dawson
Secret-key cryptography

Well-designed initialisation and keystream generation processes for stream ciphers should ensure that each key-IV pair generates a distinct keystream. In this paper, we analyse some ciphers where this does not happen due to state convergence occurring either during initialisation, keystream generation or both. We show how state convergence occurs in each case and identify two mechanisms which can cause state convergence.

2012/208 (PDF) Last updated: 2012-05-03
A NEW GUESS-AND-DETERMINE ATTACK ON THE A5/1 STREAM CIPHER
Jay Shah, Ayan Mahalanobis

In Europe and North America, the most widely used stream cipher to ensure privacy and confidentiality of conversations in GSM mobile phones is the A5/1. In this paper, we present a new attack on the A5/1 stream cipher with an average time complexity of $2^(48.5)$, which is much less than the brute-force attack with a complexity of $2^(64)$ . The attack has a $100\%$ success rate and requires about 5.65GB storage. We provide a detailed description of our new attack along with its...

2011/584 (PDF) Last updated: 2011-11-02
A Single-Key Attack on 6-Round KASUMI
Teruo Saito
Secret-key cryptography

KASUMI is a block cipher used in the confidentiality and integrity algorithms of the 3GPP (3rd Generation Partnership Project) mobile communications. In 2010, a related-key attack on full KASUMI was reported. The attack was very powerful and worked in practical complexity. However the attack was not a direct threat to full KASUMI because of the impractical assumptions related to the attack. Therefore, this paper concentrates on single-key attacks considered to be practical attacks. This...

2010/013 (PDF) Last updated: 2010-01-12
A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
Orr Dunkelman, Nathan Keller, Adi Shamir
Secret-key cryptography

The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced in third generation networks by a new A5/3 block cipher called KASUMI, which is a modified version of the MISTY cryptosystem. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an...

2008/147 (PDF) Last updated: 2008-04-01
A Real-World Attack Breaking A5/1 within Hours
Timo Gendrullis, Martin Novotny, Andy Rupp

In this paper we present a real-world hardware-assisted attack on the well-known A5/1 stream cipher which is (still) used to secure GSM communication in most countries all over the world. During the last ten years A5/1 has been intensively analyzed. However, most of the proposed attacks are just of theoretical interest since they lack from practicability — due to strong preconditions, high computational demands and/or huge storage requirements — and have never been fully implemented. In...

2007/218 (PDF) Last updated: 2007-06-08
Differential Cryptanalysis in Stream Ciphers
Eli Biham, Orr Dunkelman
Secret-key cryptography

In this paper we present a general framework for the application of the ideas of differential cryptanalysis to stream ciphers. We demonstrate that some differences in the key (or the initial state or the plaintext) are likely to cause predicted differences in the key stream or in the internal state. These stream differences can then be used to analyze the internal state of the cipher and retrieve it efficiently. We apply our proposed ideas to stream ciphers of various designs, e.g.,...

2002/079 (PS) Last updated: 2002-06-21
On the efficiency of the Clock Control Guessing Attack
Erik Zenner
Secret-key cryptography

Many bitstream generators are based on linear feedback shift registers. A widespread technique for the cryptanalysis of those generators is the linear consistency test (LCT). In this paper, we consider an application of the LCT in cryptanalysis of clock-controlled bitstream generators, called \textsl{clock control guessing}. We give a general and very simple method for estimating the efficiency of clock control guessing, yielding an upper bound on the effective key length of a whole group of...

2001/092 (PDF) (PS) Last updated: 2001-11-06
BDD-based Cryptanalysis of Keystream Generators
Matthias Krause
Secret-key cryptography

Many of the keystream generators which are used in practice are LFSR-based in the sense that they produce the keystream according to a rule $y=C(L(x))$, where $L(x)$ denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and $C$ denotes some nonlinear compression function. We present an $n^{O(1)} 2^{(1-\alpha)/(1+\alpha)n}$ time bounded attack, the FBDD-attack, against LFSR-based generators, which computes the secret initial...

2000/052 (PDF) Last updated: 2000-10-11
CRYPTANALYSIS OF THE A5/2 ALGORITHM
Slobodan Petrovic, Amparo Fúster-Sabater
Secret-key cryptography

An attack on the A5/2 stream cipher algorithm is described, that determines the linear relations among the output sequence bits. The vast majority of the unknown output bits can be reconstructed. The time complexity of the attack is proportional to 2**17.

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.