[PDF][PDF] Status report on the second round of the NIST lightweight cryptography standardization process
Abstract The National Institute of Standards and Technology (NIST) initiated a public
standardization process to select one or more Authenticated Encryption with Associated …
standardization process to select one or more Authenticated Encryption with Associated …
Automated search oriented to key recovery on ciphers with linear key schedule: applications to boomerangs in SKINNY and ForkSkinny
L Qin, X Dong, X Wang, K Jia, Y Liu - IACR Transactions on Symmetric …, 2021 - tosc.iacr.org
Automatic modelling to search distinguishers with high probability covering as many rounds
as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis …
as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis …
Key guessing strategies for linear key-schedule algorithms in rectangle attacks
When generating quartets for the rectangle attacks on ciphers with linear key-schedule, we
find the right quartets which may suggest key candidates have to satisfy some nonlinear …
find the right quartets which may suggest key candidates have to satisfy some nonlinear …
Revisiting related-key boomerang attacks on AES using computer-aided tool
In recent years, several MILP models were introduced to search automatically for
boomerang distinguishers and boomerang attacks on block ciphers. However, they can only …
boomerang distinguishers and boomerang attacks on block ciphers. However, they can only …
Automatic search of rectangle attacks on feistel ciphers: application to WARP
V Lallemand, M Minier, L Rouquette - IACR Transactions on Symmetric …, 2022 - tosc.iacr.org
In this paper we present a boomerang analysis of WARP, a recently proposed Generalized
Feistel Network with extremely compact hardware implementations. We start by looking for …
Feistel Network with extremely compact hardware implementations. We start by looking for …
Optimizing rectangle attacks: a unified and generic framework for key recovery
The rectangle attack has shown to be a very powerful form of cryptanalysis against block
ciphers. Given a rectangle distinguisher, one expects to mount key recovery attacks as …
ciphers. Given a rectangle distinguisher, one expects to mount key recovery attacks as …
Secret can be public: low-memory AEAD mode for high-order masking
Y Naito, Y Sasaki, T Sugawara - Annual International Cryptology …, 2022 - Springer
We propose a new AEAD mode of operation for an efficient countermeasure against side-
channel attacks. Our mode achieves the smallest memory with high-order masking, by …
channel attacks. Our mode achieves the smallest memory with high-order masking, by …
Revisiting differential-linear attacks via a boomerang perspective with application to AES, Ascon, CLEFIA, SKINNY, PRESENT, KNOT, TWINE, WARP, LBlock, Simeck …
Abstract In 1994, Langford and Hellman introduced differential-linear (DL) cryptanalysis,
with the idea of decomposing the block cipher E into two parts, E u and E ℓ, such that E u …
with the idea of decomposing the block cipher E into two parts, E u and E ℓ, such that E u …
[图书][B] Status report on the final round of the NIST lightweight cryptography standardization process
Abstract The National Institute of Standards and Technology (NIST) initiated a public
standardization process to select one or more schemes that provide Authenticated …
standardization process to select one or more schemes that provide Authenticated …
New properties of the double boomerang connectivity table
The double boomerang connectivity table (DBCT) is a new table proposed recently to
capture the behavior of two consecutive S-boxes in boomerang attacks. In this paper, we …
capture the behavior of two consecutive S-boxes in boomerang attacks. In this paper, we …