We present a new variant of cube attacks called a dynamic cube attack. Whereas standard cube attacks [4] find the key by solving a system of linear equations in the key bits, the new attack recovers the secret key by exploiting distinguishers obtained from cube testers. Dynamic cube attacks can create lower degree representations of the given cipher, which makes it possible to attack schemes th...

Multivariate Public Key Cryptosystems (MPKCs) are often touted as future-proofing against Quantum Computers. In 2009, it was shown that hardware advances do not favor just “traditional” alternatives such as ECC and RSA, but also makes MPKCs faster and keeps them competitive at 80-bit security when properly implemented. These techniques became outdated due to emergence of new instruction sets an...

We consider the interaction of surface acoustic waves (SAWs) with short electrode gratings encompassing only few electrodes on 128 lithium niobate (LiNbO3). The qualifications of the reflectors are evaluated by comparing the part of incident SAW energy scattered by the structure into the bulk to the energy reflected back as a SAW.

We show that the knowledge of any one of the two internal state arrays of HC-128 along with the knowledge of 2048 keystream words is sufficient to construct the other state array completely in 2 time complexity. Though our analysis does not lead to any attack on HC-128, it reveals a structural insight into the cipher. In the process, we theoretically establish certain combinatorial properties o...

In this paper, we consider how an unknown constant within a state update function or output function a ects biases of linear approximations. This allows us to obtain information from an unknown constant within a T-function. We use this knowledge for mounting an attack against stream cipher SOBER-128 where we gain information from the key dependent secret constant using multiple linear approxima...

In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasipolynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Menezes, Oliveira and Rodŕıguez-Henŕıquez analysed the concrete security of the DLP, as it arises from pairings ...

Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. The IP, UDP, and TCP MIB modules currentl...

This paper investigates pairs of AES-128 cipher keys and plaintexts which result in being “quiet” in the final round, i.e., whose 128-bit State holds the same bit pattern before and after Round 10. We show that the number of such quiet plaintexts (resulting in Hamming distance 0) for any cipher key is at most 5,914,624, and that there exist exactly 729 cipher keys having such a maximum number. ...

In this letter we demonstrate a fast correlation attack on the recently proposed stream cipher LILI-128. The attack has complexity around 2 bit operations assuming a received sequence of length around 2 bits and a precomputation phase of complexity 2 table lookups. This complexity is significantly lower than 2, which was conjectured by the inventors of LILI-128 to be a lower bound on the comple...

The Chaskey MAC algorithm was presented by Mouha et al. at SAC 2014. It is designed for real-world applications where 128-bit keys are required, but standard cryptographic algorithms cannot be implemented because of stringent requirements on speed, energy consumption, or code size. Shortly after its publication, Chaskey was considered for standardization by ISO/IEC JTC 1/SC 27/WG 2. At the Octo...