Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet
difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far …

In a recent presentation, we promoted the use of 12-round instances of Keccak, collectively
called “TurboSHAKE”, in post-quantum cryptographic schemes, but without defining them …

Security of cryptographic schemes is traditionally measured as the inability of resource-
constrained adversaries to violate a desired security goal. The security argument usually …

The mystery about the ingenious creator of Bitcoin concealing behind the pseudonym
Satoshi Nakamoto has been fascinating the global public for more than a decade. Suddenly …

The real-life incidents researched in academia have revealed that (possibly) state-level
efforts are made to camouflage the intentional flaws in the mathematical layer of an S-Box …

Recent papers show how to construct polynomial invariant attacks for block ciphers,
however almost all such results are somewhat weak: invariants are simple and low degree …

In this paper we study cryptanalysis with non-linear polynomials cf. Eurocrypt'95 (adapted to
Feistel ciphers at Crypto 2004). Previously researchers had serious difficulties in making …

Linear (or differential) cryptanalysis may seem dull topics for a mathematician: they are
about super simple invariants characterized by say a word on n= 64 bits with very few bits at …

While designers of cryptographic algorithms are rarely considered as potential adversaries,
past examples, such as the standardization of the Dual EC PRNG highlights that the story …

Block ciphers are in widespread use since the 1970s. Their iterated structure is prone to
numerous round invariant attacks for example in Linear Cryptanalysis (LC). The next step is …