Covert channels are of two types: (a) timing channel and (b) storage channel. Most previous works have studied these channels from the encoder’s perspective, namely, information theoretic capacity, algorithms and protocols for hiding information etc. This paper investigates the covert channel problem from an passive adversary’s perspective. A sequential distinguisher for storage channel identif...

The HFE cryptosystem was the subject of several cryptanalytic studies, sometimes successful, but always heuristic. To contrast with this trend, this work goes back to the beginnning and achieves in a provable way a first step of cryptanalysis which consists in distinguishing HFE public keys from random systems of quadratic equations. We provide two distinguishers: the first one has polynomial c...

We find mathematically optimal side-channel distinguishers by looking at the side-channel as a communication channel. Our methodology can be adapted to any given scenario (device, signal-to-noise ratio, noise distribution, leakage model, etc.). When the model is known and the noise is Gaussian, the optimal distinguisher outperforms CPA and covariance. However, we show that CPA is optimal when t...

This paper shows a surprising similarity between the construction of, respectively, impossible differentials and square distinguishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE’99 [2], Nakahara & al., 2001 [7]). Using this similarity, we also derive a 16-round square distinguisher on Skipjack, directly based on the impossible differential attack present...

This paper studies key-recovery attacks on AES-192 and PRINCE under single-key model by methodology of meet-in-the-middle attack. A new technique named key-dependent sieve is proposed to further reduce the memory complexity of Demirci et al.’s attack at EUROCRYPT 2013, which helps us to achieve 9-round attack on AES-192 by using a 5-round distinguisher; the data, time and memory complexities ar...

We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2−8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We a...

Bogdanov and Lee suggested a homomorphic public-key encryption scheme based on error correcting codes. The underlying public code is a modified Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde generating matrix defining it. The columns that define this submatrix are kept secret and form a set L. We give here a distinguisher that detects if one or several columns bel...

Abstract Neural-aided cryptanalysis is a challenging topic, in which the neural distinguisher ($\mathcal{ND}$) core module. In this paper, we propose new $\mathcal{ND}$ considering multiple ciphertext pairs simultaneously. Besides, are constructed from different keys. The motivation that distinguishing accuracy can be improved by exploiting features derived pairs. To verify motivation, have app...

Abstract In this paper, we give differential-linear cryptanalysis of SIMON, which is a family lightweight block ciphers published by the National Security Agency, and SIMECK, proposed Yang et al. Firstly, all input difference output masks with one active bit are traversed to obtain 9-round SIMON32/64 distinguisher 10-round SIMECK32/64 distinguisher. Then, 12-round bias 2 −12.69 13-round −14.03 ...