We propose pure OMD (p-OMD) as a new variant of the Offset Merkle-Damgård (OMD) authenticated encryption scheme. Our new scheme inherits all desirable security features of OMD while having a more compact structure and providing higher efficiency. The original OMD scheme, as submitted to the CAESAR competition, couples a single pass of a variant of the Merkle-Damgård (MD) iteration with the coun...

Todo introduced [20] a property of multisets of a finite field called the division property. It is then used [19] in an attack against the S7 S-box of the MISTY1 cipher. This paper provides a complete mathematical analysis of the division property. The tool we use is the discrete Fourier transform. We relate the division property to the natural concept of the degree of a subset of a finite fiel...

In this paper, we analyse the higher order differential properties of NORX, an AEAD scheme submitted to CAESAR competition. NORX is a sponge based construction. Previous efforts, by the designers themselves, have focused on the first order differentials and rotational properties for a small number of steps of the NORX core permutation, which turn out to have quite low biases when extended to th...

Since the security analysis against stream ciphers becomes more difficult nowadays, it is urgent and significant to propose new generic methods. In this work, we introduce guess-and-determine techniques to two traditional analysis methods and make the new approaches methodological for generalization. We show the power of the new methods by analyzing two stream ciphers: Grain-v1 and ACORN. Grain...

This paper presents the design and analysis of an areaefficient programmable processing element (PPE) for implementing diverse cryptographic systems and diverse bitwidths (currently 16, 32, and 64). To evaluate the effectiveness of our design, we implement π-Cipher and BMW on the PPE. π-Cipher is a new algorithm for authenticated encryption that offers advantages over AES-GCM and is a candidate...

iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the nonce-reuse setting. Recently, Chakraborti et al. published forgeries on iFeed in the RUP and nonce-reuse settings. The latter attac...

In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: Releasing unverified plaintext (RUP) or Producing intermediate tags (PIT). In this paper, in addition to the two techniques, we propose another way to handle a long ciphertext with a low buffer size by storing and releasing only one (generally, o...