This paper analyses all 24 possible round constructions using different combinations of the four round components of the AES cipher: SubBytes, ShiftRows, AddRoundKey and MixColumns. We investigate how the different round orderings affect the security of AES against differential, linear, multiset, impossible differential and boomerang attacks. The cryptographic strenght of each cipher variant wa...

In this paper we prove beyond-birthday-bound for the (strong) pseudorandomness of many-round Lai-Massey scheme. Motivated by Hoang and Rogaway’s analysis of generalized Feistel networks, we use the coupling technology from Markov chain theory and prove that for any  > 0, with enough rounds, the Lai-Massey scheme is indistinguishable from a uniform random permutation by any computationally unbo...

The maximum likelihood side-channel distinguisher of a template attack scenario is expanded into lower degree attacks according to the increasing powers of the signal-to-noise ratio (SNR). By exploiting this decomposition we show that it is possible to build highly multivariate attacks which remain efficient when the likelihood cannot be computed in practice due to its computational complexity....

Definition 1 (Zero-knowledge) An interactive proof (P,V) for a language L with witness relation R is said to be zero-knowledge if for every non-uniform PPT adversary V∗, there exists a PPT simulator S such that for every non-uniform PPT distinguisher D, there exists a negligible function ν(·) such that for every x ∈ L,w ∈ R(x), z ∈ {0, 1}∗, D distinguishes between the following distributions wi...

The lightweight cryptographic algorithm Prince is an intensively studied cipher in the last 3 years. In order to enhance the cryptanalysis efforts and to encourage the design of practical attacks against the algorithm, the designers organized the Prince Challenge. In this paper we introduce two integral attacks on 5-round and 6-round reduced Prince. The attacks, based on a 4.5 rounds integral d...

Knudsen and Rijmen introduced the notion of known-key distinguishers in an effort to view block cipher security from an alternative perspective e.g. a block cipher viewed as a primitive underlying some other cryptographic construction such as a hash function; and applied this new concept to construct a 7-round distinguisher for the AES and a 7-round Feistel cipher. In this paper, we give a natu...

GOST R is the hash function standard of Russia. This paper presents some cryptanalytic results on GOST R. Using the rebound attack technique, we achieve collision attacks on the reduced round compression function. Result on up to 9.5 rounds is proposed, the time complexity is 2 and the memory requirement is 2 bytes. Based on the 9.5-round collision result, a limited birthday distinguisher is pr...

In this paper, the security of Advanced Encryption Standard-based authenticated encryption schemes, including AEGIS family, Tiaoxin-346, and Rocca by mixed integer linear programming tools is examined. Specifically, for initialisation phase AEGIS, Rocca, against differential attacks integral evaluated estimating lower bounds number active S-boxes utilising division property, respectively. addit...

LBlock, as one of the typical lightweight encryption schemes, is a 32-round block cipher with 64 bit and 80 master key. It can be widely applied in IoT environment because its friendly software hardware implementations. Since it came out, has encountered many attacks. In this paper, we evaluate LBlock’s ability against related-key differential attack more accurately based on SMT method. On hand...

Cryan and Miltersen [7] recently considered the question of whether there can be a pseudorandom generator in NC, that is, a pseudorandom generator that maps n bits strings to m bits strings and such that every bit of the output depends on a constant number k of bits of the seed. They show that for k = 3, if m ≥ 4n + 1, there is a distinguisher; in fact,they show that in this case it is possible...