A review of the nist lightweight cryptography finalists and their fault analyses
H Madushan, I Salam, J Alawatugoda - Electronics, 2022 - mdpi.com
The security of resource-constrained devices is critical in the IoT field, given that everything
is interconnected. Therefore, the National Institute of Standards and Technology (NIST) …
is interconnected. Therefore, the National Institute of Standards and Technology (NIST) …
Stretching cube attacks: improved methods to recover massive superpolies
Cube attacks exploit the algebraic properties of symmetric ciphers by recovering a special
polynomial, the superpoly, and subsequently the secret key. When the algebraic normal …
polynomial, the superpoly, and subsequently the secret key. When the algebraic normal …
[图书][B] Status report on the final round of the NIST lightweight cryptography standardization process
Abstract The National Institute of Standards and Technology (NIST) initiated a public
standardization process to select one or more schemes that provide Authenticated …
standardization process to select one or more schemes that provide Authenticated …
Massive Superpoly Recovery with a Meet-in-the-Middle Framework: Improved Cube Attacks on Trivium and Kreyvium
The cube attack extracts the information of secret key bits by recovering the coefficient called
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …
Boolean polynomial evaluation for the masses
C Bouillaguet - Cryptology ePrint Archive, 2022 - eprint.iacr.org
This article gives improved algorithms to evaluate a multivariate Boolean polynomial over all
the possible values of its input variables. Such a procedure is often used in cryptographic …
the possible values of its input variables. Such a procedure is often used in cryptographic …
Cryptanalysis of reduced round SPEEDY
SPEEDY is a family of ultra low latency block ciphers proposed by Leander, Moos, Moradi
and Rasoolzadeh at TCHES 2021. Although the designers gave some differential/linear …
and Rasoolzadeh at TCHES 2021. Although the designers gave some differential/linear …
Reconstructing S-Boxes from Cryptographic Tables with Milp
Reconstructing an S-box from a cryptographic table such as difference distribution table
(DDT), linear approximation table (LAT), differential-linear connectivity table (DLCT) or …
(DDT), linear approximation table (LAT), differential-linear connectivity table (DLCT) or …
From Unbalanced to Perfect: Implementation of Low Energy Stream Ciphers
J Lin, J He, Y Fan, M Wang - International Conference on Cryptology in …, 2023 - Springer
Low energy is an important aspect of hardware implementation. For energy-limited battery-
powered devices, low energy stream ciphers can play an important role. In IACR ToSC …
powered devices, low energy stream ciphers can play an important role. In IACR ToSC …
An experimentally verified attack on 820-round trivium
C Che, T Tian - International Conference on Information Security and …, 2022 - Springer
The cube attack is one of the most important cryptanalytic techniques against Trivium. As the
method of recovering superpolies becomes more and more effective, another problem of …
method of recovering superpolies becomes more and more effective, another problem of …
Fourteen years of cube attacks
Algebraic Cryptanalysis is a widely used technique that tackles the problem of breaking
ciphers mainly relying on the ability to express a cryptosystem as a solvable polynomial …
ciphers mainly relying on the ability to express a cryptosystem as a solvable polynomial …