Related-Key and Key-Collision Attacks Against RMAC

Key-Collision Attacks Against RMAC

Hash Functions from Defective Ideal Ciphers

Motivation • Cryptographic constructions based on lower-level primitives are often analyzed by modeling the primitive as an ideal object – Sometimes, impossible to construct based on standard assumptions – Here: hash functions from block ciphers • When instantiated, the primitive may have " defects " and be far from ideal Motivating example • Related-key attacks on block ciphers – Several such ...

Random Key Pre-Distribution Techniques against Sybil Attacks

Sybil attacks pose a serious threat for Wireless Sensor Networks (WSN) security. They can create problems in routing, voting schemes, decision making, distributed storage and sensor re-programming. In a Sybil attack, the attacker masquerades as multiple sensor identities that are actually controlled by one or a few existing attacker nodes. Sybil identities are fabricated out of stolen keys, obt...

Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm

In this paper, we provide a security analysis of ELmD: a block cipher based Encrypt-Linear-mix-Decrypt authentication mode. As being one of the second-round CAESAR candidate, it is claimed to provide misuse resistant against forgeries and security against blockwise adaptive adversaries as well as 128-bit security against key recovery attacks. We scrutinize ElmD in such a way that we provide uni...

Impossible Differential Cryptanalysis on Deoxys-BC-256

Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...