Chapter
The Salsa20 Family of Stream Ciphers
DOI: 10.1007/9783540683513_8

Conference Paper: McBits: fast constanttime codebased cryptography
[Show abstract] [Hide abstract]
ABSTRACT: This paper presents extremely fast algorithms for codebased publickey cryptography, including full protection against timing attacks. For example, at a 2128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cachetiming attacks.Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems; 08/2013 
Conference Paper: Differential attacks against stream cipher ZUC
[Show abstract] [Hide abstract]
ABSTRACT: Stream cipher ZUC is the core component in the 3GPP confidentiality and integrity algorithms 128EEA3 and 128EIA3. In this paper, we present the details of our differential attacks against ZUC 1.4. The vulnerability in ZUC 1.4 is due to the noninjective property in the initialization, which results in the difference in the initialization vector being cancelled. In the first attack, difference is injected into the first byte of the initialization vector, and one out of 215.4 random keys result in two identical keystreams after testing 213.3 IV pairs for each key. The identical keystreams pose a serious threat to the use of ZUC 1.4 in applications since it is similar to reusing a key in onetime pad. Once identical keystreams are detected, the key can be recovered with average complexity 299.4. In the second attack, difference is injected into the second byte of the initialization vector, and every key can result in two identical keystreams with about 254 IVs. Once identical keystreams are detected, the key can be recovered with complexity 267. We have presented a method to fix the flaw by updating the LFSR in an injective way in the initialization. Our suggested method is used in the later versions of ZUC. The latest ZUC 1.6 is secure against our attacks.Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security; 12/2012 
Conference Paper: PRINCE: a lowlatency block cipher for pervasive computing applications
[Show abstract] [Hide abstract]
ABSTRACT: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with realtime security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as αreflection is of independent interest and we prove its soundness against generic attacks.Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security; 12/2012
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.