After CLT13 of multilinear map over the integers was broken by Cheon, Han, Lee, Ryu and Stehle using zeroizing attack, a new variant CLT15 of CLT13 was proposed by Coron, Lepoint and Tibouchi by constructing new zero-testing parameter. Very recently, CLT15 was broken independently by Cheon, Lee and Ryu, and Minaud and Fouque using an extension of Cheon et al.’s attack. To immune CLT13 against z...

Inspired by Hosoyamada and Sasaki (in: International conference on security cryptography for networks, pp 386–403. Springer, 2018), we propose a new quantum meet-in-the-middle (QMITM) attack r-round ( $$r \ge 7$$ ) Feistel construction to reduce the time complexity, which is based Guo et al. (Des Codes Cryptogr 80(3):587–618, 2016) classical (MITM) attack. In our attack, adjust size of truncate...

We propose a construction of an efficient, synchronous keystream generator with provable security properties in response to the NESSIE call for primitives. The cryptographic core of the stream cipher is the block cipher Rijndael. We show that a non-trivial attack on the cipher reduces to an attack on Rijndael. The construction uses an optimization of earlier work on pseudorandom generators by B...

In 2006, Nie et al proposed an attack to break an instance of TTM cryptosystems. However, the inventor of TTM disputed this attack and he proposed two new instances of TTM to support his viewpoint. At this time, he did not give the detail of key construction — the construction of the lock polynomials in these instances which would be used in decryption. The two instances are claimed to achieve ...

In this paper, we present new distinguishers of the MAC construction Alred and its specific instance Alpha-MAC based on AES, which is proposed by Daemen and Rijmen in 2005. For the Alred construction, we describe a general distinguishing attack which leads to a forgery attack directly. The complexity is 2 chosen messages and 2 queries with success probability 0.63. We also use a two-round colli...

An attack is demonstrated on a previously proposed class of key agreement protocols. Analysis of the attack reveals that a small change in the construction of the protocols is suucient to prevent the attack. The insight gained allows a generalisation of the class to a new design for conference key agreement protocols.

We consider the problem of constructing public-key encryption (PKE) schemes that are resilient to a-posteriori chosen-ciphertext and key-leakage attacks (LR-CCA2). In CTYPTO’09, Naor and Segev proved that the Naor-Yung generic construction of PKE which is secure against chosen-ciphertext attack (CCA2) is also secure against key-leakage attacks. They also presented a variant of the Cramer-Shoup ...

Attack trees have found their way to practice because they have proved to be an intuitive aid in threat analysis. Despite, or perhaps thanks to, their apparent simplicity, they have not yet been provided with an unambiguous semantics. We argue that such a formal interpretation is indispensable to precisely understand how attack trees can be manipulated during construction and analysis. We provi...

We propose an improved preimage attack on one-block MD4 with the time complexity 2 MD4 compression function operations, as compared to 2 in [3]. We research the attack procedure in [3] and formulate the complexity for computing a preimage attack on one-block MD4. We attain the result mainly through the following two aspects with the help of the complexity formula. First, we continue to compute ...

In this paper we re-examine the security notions suggested for hash functions, with an emphasis on the delicate notion of second preimage resistance. We start by showing that, in the random oracle model, both Merkle-Damg̊ard and Haifa achieve second preimage resistance beyond the birthday bound, and actually up to the level of known generic attacks, hence demonstrating the optimality of Haifa in...