The first collision for full SHA-1
SHA-1 is a widely used 1995 NIST cryptographic hash function standard that was officially
deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in …
deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in …
A formal treatment of backdoored pseudorandom generators
We provide a formal treatment of backdoored pseudorandom generators (PRGs). Here a
saboteur chooses a PRG instance for which she knows a trapdoor that allows prediction of …
saboteur chooses a PRG instance for which she knows a trapdoor that allows prediction of …
Too much crypto
JP Aumasson - Cryptology EPrint Archive, 2019 - eprint.iacr.org
We show that many symmetric cryptography primitives would not be less safe with
significantly fewer rounds. To support this claim, we review the cryptanalysis progress in the …
significantly fewer rounds. To support this claim, we review the cryptanalysis progress in the …
A random zoo: sloth, unicorn, and trx
AK Lenstra, B Wesolowski - Cryptology ePrint Archive, 2015 - eprint.iacr.org
Many applications require trustworthy generation of public random numbers. It is shown how
this can be achieved using a hash function that is timed to be as slow as desired (sloth) …
this can be achieved using a hash function that is timed to be as slow as desired (sloth) …
Trustworthy public randomness with sloth, unicorn, and trx
AK Lenstra, B Wesolowski - International Journal of Applied …, 2017 - inderscienceonline.com
Many applications require trustworthy generation of public random numbers. It is shown how
this can be achieved using a hash function that is timed to be as slow as desired (sloth) …
this can be achieved using a hash function that is timed to be as slow as desired (sloth) …
The MALICIOUS framework: embedding backdoors into tweakable block ciphers
Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet
difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far …
difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far …
Surreptitiously weakening cryptographic systems
B Schneier, M Fredrikson, T Kohno… - Cryptology ePrint …, 2015 - eprint.iacr.org
Revelations over the past couple of years highlight the importance of understanding
malicious and surreptitious weakening of cryptographic systems. We provide an overview of …
malicious and surreptitious weakening of cryptographic systems. We provide an overview of …
Backdoored hash functions: immunizing HMAC and HKDF
M Fischlin, C Janson, S Mazaheri - 2018 IEEE 31st Computer …, 2018 - ieeexplore.ieee.org
Security of cryptographic schemes is traditionally measured as the inability of resource-
constrained adversaries to violate a desired security goal. The security argument usually …
constrained adversaries to violate a desired security goal. The security argument usually …
Watch your constants: malicious Streebog
R AlTawy, AM Youssef - IET Information Security, 2015 - Wiley Online Library
In August 2012, the Streebog hash function was selected as the new Russian cryptographic
hash standard (GOST R 34.11‐2012). In this study, the authors investigate the new standard …
hash standard (GOST R 34.11‐2012). In this study, the authors investigate the new standard …
The reality of backdoored S-Boxes—An eye opener
The real-life incidents researched in academia have revealed that (possibly) state-level
efforts are made to camouflage the intentional flaws in the mathematical layer of an S-Box …
efforts are made to camouflage the intentional flaws in the mathematical layer of an S-Box …