Improved Cryptanalysis of SHAMATA-BC
نویسندگان
چکیده
We state the design flaws of the 1-round block cipher SHAMATA-BC, designed by Fleishmann and Gorski by using the building blocks of SHAMATA hash function. We fix the flaws and then show that the amended version of SHAMATA-BC is much weaker. We believe that there is no connection between security level of SHAMATA as a hash function and that of SHAMATA-BC as a block cipher.
منابع مشابه
Cryptanalysis of the SHA-3 candidates EnRUPT and SHAMATA
In this talk, we review the successful cryptanalysis of two cryptographic hash functions, EnRUPT and SHAMATA. Both were submitted as candidates to the NIST SHA-3 competition.
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملPractical Collisions for SHAMATA-256
In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expan...
متن کاملSome Observations on SHAMATA
In this note we discuss some observation of the SHA-3 candidate SHAMATA [1]. We observe that its internal block cipher is very weak, which could possibly lead to an attack on the hash function.
متن کاملBiclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity
In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008