Fugue is a cryptographic hash function designed by Halevi, Hall and Jutla and was one of the fourteen hash algorithms of the second round of NIST’s SHA3 hash competition. We consider Fugue-256, the 256-bit instance of Fugue. Fugue-256 updates a state of 960 bits with a round transformation R parametrized by a 32-bit message word. Twice in every state update, this transform invokes an AES like r...

Assumption We’ll make the following “learning divisor with noise” assumption: LDN Assumption: let P a random n bit prime, R a random n4 bit prime, and let N = PR. A distinguisher that is given N and X1, . . . , Xpoly(n) cannot distinguish between case (I) Xi’s are chosen independently at random from [N ], and (II) Xi = PQi + 2Ei (mod N) where Qi is chosen independently at random from [R] and Ei...

In this article, the theory of multidimensional linear attacks on block ciphers is developed and the basic attack algorithms and their complexity estimates are presented. As an application the multidimensional linear distinguisher derived by Cho for the block cipher PRESENT is discussed in detail.

Cryptography often meets the problem of distinguishing distributions. In this paper we review techniques from hypothesis testing to express the advantage of the best distinguisher limited to a given number of samples. We link it with the Chernoff information and provide a useful approximation based on the squared Euclidean distance. We use it to extend linear cryptanalysis to groups with order ...

Magnitude Squared Coherence is a signal processing tool that indicates how well two time domain signals match one with the other by tracking linear dependencies in their spectral decomposition. This paper introduces different ways of using the Magnitude Squared Coherence for Side Channel Analysis. This distinguisher has several advantages over well-known distinguishers.

In the field of symmetric key cryptography, security against distinguishing attacks is one crucial requirements. With advancements in computing capabilities and cryptanalysis techniques recent years, more efficient methods have been proposed for exploring distinguishers using Mixed-Integer Linear Programing (MILP) or satisfiability problem (SAT), thereby updating bounds various ciphers. Piccolo...

In any side-channel attack, it is desirable to exploit all the available leakage data compute distinguisher’s values. The profiling phase essential obtain an accurate model, yet may not be exhaustive. As a result, information theoretic distinguishers come up on previously unseen data, phenomenon yielding empty bins. A strict application of maximum likelihood method yields distinguisher that eve...

Cryan and Miltersen [8] recently considered the question of whether there can be a pseudorandom generator in NC, that is, a pseudorandom generator that maps n-bit strings to m-bit strings such that every bit of the output depends on a constant number k of bits of the seed. They show that for k = 3, if m ≥ 4n + 1, there is a distinguisher; in fact, they show that in this case it is possible to b...