At CHES 2013 was presented a new block cipher called Zorro. Although it uses only 4 S-boxes per round, the designers showed the resistance of the cipher against various attacks, and concluded the cipher has a large security margin. In this paper, we give a key recovery attack on the full cipher in the single-key model that works for 2 out of 2 keys. Our analysis is based precisely on the fact t...

We propose a tool 1 for automatic search for differential trails in ARX ciphers. By introducing the concept of a partial difference distribution table (pDDT) we extend Matsui’s algorithm, originally proposed for DES-like ciphers, to the class of ARX ciphers. To the best of our knowledge this is the first application of Matsui’s algorithm to ciphers that do not have S-boxes. The tool is applied ...

An encryption technique is widely used to keep data confidential. Most of the block symmetric algorithms use substitution functions. Often this functions use so called S-BOX matrix. In this paper author presents one software tool for testing and measuring square s-boxes. Based of information theory functions for testing static and dynamic criteria are presented. These criterions are mathematica...

Masking on the algorithm level, i.e. concealing all sensitive intermediate values with random data, is a popular countermeasure against DPA attacks. A properly implemented masking scheme forces an attacker to apply a higher-order DPA attack. Such attacks are known to require a number of traces growing exponentially in the attack order, and computational power growing combinatorially in the numb...

In a series of papers Patarin proposes new efficient public key systems. A very interesting proposal, called 2-Round Public Key System with S Boxes, or 2R, is based on the difficulty of decomposing the structure of several rounds of unknown linear transformations and S boxes. This difficulty is due to the difficulty of decomposing compositions of multivariate binary functions. In this paper we ...

We present a generic construction for constant-round concurrently sound resettable zero-knowledge (rZK-CS) arguments for NP in the bare public-key (BPK) model under any (sub-exponentially strong) one-way function (OWF), which is a traditional assumption in this area. The generic construction in turn allows round-optimal implementation for NP still under general assumptions, and can be converted...

We present a construction of a CCA2-secure encryption scheme from a plaintext aware, weakly simulatable public key encryption scheme. The notion of plaintext aware, weakly simulatable public key encryption has been considered previously by Myers, Sergi and shelat (SCN, 2012) and natural encryption schemes such as the Damg̊ard Elgamal Scheme (Damg̊ard, Crypto, 1991) and the Cramer-Shoup Lite Schem...

At DRM 2002, Chow et al. [4] presented a method for implementing the DES block cipher such that it becomes hard to extract the embedded secret key in a white-box attack context. In such a context, an attacker has full access to the implementation and its execution environment. In order to provide an extra level of security, an implementation shielded with external encodings was introduced by Ch...

Mahmoody et al. (TCC 2016-A) showed that basing indistinguishability obfuscation (IO) on a wide range of primitives in a semi-black-box way is as hard as basing public-key cryptography on one-way functions. The list included any primitive P that can be realized relative to random trapdoor permutations or degree-O(1) graded encoding model for any finite ring secure against computationally unboun...

Substitution boxes with thorough cryptographic strengths are essential for the development of strong encryption systems. They are the only portions capable of inducing nonlinearity in symmetric encryption systems. Bijective substitution boxes having both high nonlinearities and high algebraic complexities are the most desirable to thwart linear, differential and algebraic attacks. In this paper...