KATAN and KTANTAN are two lightweight families of hardware oriented block ciphers proposed by Cannière et al. at CHES 2009. They have different versions of 32-, 48and 64-bit state, all of which work with an 80-bit key. Inspired by the Trivium stream cipher, these families have an innovative structure based on two non-linear feedback shift registers. Such a structure attracts the attention of cr...

In typical applications of homomorphic encryption, the first step consists for Alice to encrypt some plaintext m under Bob’s public key pk and to send the ciphertext c = HEpk(m) to some third-party evaluator Charlie. This paper specifically considers that first step, i.e. the problem of transmitting c as efficiently as possible from Alice to Charlie. As previously noted, a form of compression i...

The problem of securing data present on USB memories and SD cards has not been adequately addressed in the cryptography literature. While the formal notion of a tweakable enciphering scheme (TES) is well accepted as the proper primitive for secure data storage, the real challenge is to design a low cost TES which can perform at the data rates of the targeted memory devices. In this work, we pro...

Symmetric key cryptographic algorithms provide confidentiality, integrity, and authentication in modern communication systems. Our confidence in these algorithms is largely based on the fact that intense cryptanalysis has been carried out over several years without revealing any weakness. This thesis makes three independent contributions to the cryptanalysis of symmetric key primitives and hash...

We propose and analyze the Lizard-construction, a way to construct keystream generator (KSG) based stream ciphers with provable 2 3 n-security with respect to generic time-memory-data tradeoff attacks. Note that for the vast majority of known practical KSG-based stream ciphers such attacks reduce the effective key length to the birthday bound n/2, where n denotes the inner state length of the u...

Determining the exact algebraic structure or some partial information of superpoly for a given cube is necessary step in attack – generic cryptanalytic technique symmetric-key primitives with secret and public tweakable inputs. Currently, division property based approach most powerful tool recovery. However, as normal form (ANF) targeted output bit gets increasingly complicated number rounds gr...

AEGIS-128 and Tiaoxin-346 (Tiaoxin for short) are two AES-based primitives submitted to the CAESAR competition. Among them, has been selected in final portfolio high-performance applications, while Tiaoxin is a third-round candidate. Although both adopt stream cipher based design, they quite different from well-known bit-oriented ciphers like Trivium Grain family. Their common feature consists ...

The degrees granted by colleges and universities may be traced from two early sources. In part they are of the nature of the graded series of titles of the peerage, which are marks of royal favor. The oldest in the series of those designations which we now call college degrees is that of doctor, first bestowed as evidence of princely favor and gratitude upon individual teachers. The first desig...

Current methods for solving Boolean satisfiability problem (SAT) are scalable enough to solve discrete nonlinear problems involving hundreds of thousands of variables. However, modern SAT solvers scale poorly with problems involving parity constraints (linear equations modulo 2). Gaussian elimination can be used to solve a system of linear equation effectively but it cannot be applied as such w...

Time-memory-data (TMD) trade-off attack is a wellstudied technique that has been applied on many stream and block ciphers. Current TMD attacks by Biryukov-Shamir (BSTMD), Hong-Sarkar (HS-TMD) and Dunkelman-Keller (DKTMD) has been applied to ciphers like Grain-v1 and AES-192/256 modes of operation to break them with online complexity faster than exhaustive search. However, there is still a limit...