Rijmen and Preneel recently proposed for the first time a family of trapdoor block ciphers [8]. In this family of ciphers, a trapdoor is hidden in S-boxes and is claimed to be undetectable in [8] for properly chosen parameters. Given the trapdoor, the secret key (used for encryption and decryption) can be recovered easily by applying Matsui’s linear cryptanalysis [6]. In this paper, we break th...

This paper presents the implementation of the Advanced Encryption Standard algorithm on an 8-bit compact architecture. Encryption, key scheduling and decryption are implemented by small resources and extensive resource sharing. The architecture is perfectly suited for low cost applications which require moderately high data rates. Among the various cost effective and compact implementations alr...

In the bare public-key model (BPK in short), each verifier is assumed to have deposited a public key in a file that is accessible by all users at all times. In this model, introduced by Canetti et al. [STOC 2000], constant-round black-box concurrent and resettable zero knowledge is possible as opposed to the standard model for zero knowledge. As pointed out by Micali and Reyzin [Crypto 2001], t...

This paper presents xmx, a new symmetric block cipher optimized for public-key libraries and microcontrollers with arithmetic coprocessors. xmx has no S-boxes and uses only modular multiplications and xors. The complete scheme can be described by a couple of compact formulae that offer several interesting time-space trade-offs (number of rounds/key-size for constant security). In practice, xmx ...

A detailed overview of the problems, solutions and experience of the first international student’s Olympiad in cryptography, NSUCRYPTO’2014, is given. We start with rules of participation and description of rounds. All 15 problems of the Olympiad and their solutions are considered in detail. There are discussed solutions of the mathematical problems related to cipher constructing such as studyi...

Latent fingerprint has the practical value to identify the suspects who have unintentionally left a trace of fingerprint in the crime scenes. However, designing a fully automated latent fingerprint matcher is a very challenging task as it needs to address many challenging issues including the separation of overlapping structured patterns over the partial and poor quality latent fingerprint imag...

In this article, we provide the first independent analysis of the (2-round tweaked) 256-bit version of the SHA-3 candidate SHAvite-3. By leveraging recently introduced cryptanalysis tools such as rebound attack or Super-Sbox cryptanalysis, we are able to derive chosen-related-salt distinguishing attacks on the compression function on up to 8 rounds (12 rounds in total) and free-start collisions...

In the last few years we have concentrated our research efforts on new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself? This led...

Traitor tracing schemes are a very useful tool for preventing piracy in digital content distribution systems. A traitor tracing procedure allows the system-manager to reveal the identities of the subscribers that were implicated in the construction of a pirate-device that illegally receives the digital content (called traitors). In an important variant called “asymmetric” traitor tracing, the s...

In this paper, we study the security of SM4 block cipher against (related-key) differential cryptanalysis by making use of the Mixed Integer Linear Programming (MILP) method. SM4 is the first commercial block cipher standard of China, which attracts lots of attentions in cryptography. To analyze the security of SM4 against differential attack, we exploit a highly automatic MILP method to determ...