We defined in Ellingsen et al. (2020) a new multiplicative c-differential, and the corresponding c-differential uniformity we characterized known perfect nonlinear functions with respect to this concept, as well inverse function any characteristic. Here, extend, via differential, boomerang introduced at Eurocrypt ’18 by Cid (2018), differential distinguisher of S-boxes block ciphers. investigat...

SKINNY is a family of lightweight tweakable block ciphers designed to have the smallest hardware footprint. In this paper, we present zero-correlation linear approximations and related-tweake impossible differential characteristics for different versions of SKINNY. We utilize meet-in-the-middle approach to construct 9-round and 10-round zero-correlation linear distinguisher. We also obtain 12-r...

We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 output bits. As the feedback polynomial of an arbitrary LFSR is known to have a polynomial multiple of low weight, our distinguisher applies to ar...

Within the security architecture of the 3GPP system there is a standardised encryption mode f8 based on the block cipher KASUMI. In this work we examine the pseudorandomness of the block cipher KASUMI and the provable security of f8. First we show that the three round KASUMI is not a pseudorandom permutation ensemble but the four round KASUMI is a pseudorandom permutation ensemble under the ada...

Magnitude Squared Coherence (MSC) is a signal processing tool that indicates how well two time domain signals match one with the other by tracking linear dependencies in their spectral decomposition. Spectral Coherence ANalysis (SCAN) was the first way to use it as a Side-Channel Attack (SCA). This paper introduces two ways of using the Magnitude Squared Coherence in side-channel analyses. The ...

The paper describes a test aimed at measuring the diffusion characteristic of block ciphers. Cryptographic strength of a cipher is directly proportional to the extent to which diffusion is achieved by the underlying cipher, which is measured using the test described in the paper. The paper also enlists the results obtained from the test on various block ciphers. The test algorithm described in ...

The purpose of this paper is to demonstrate that a distinguisher of Reed-Solomon codes based on the square code construction leads to the cryptanalysis of several cryptosystems relying on them. These schemes are respectively (i) a homomorphic encryption scheme proposed by Bogdanov and Lee; (ii) a variation of the McEliece cryptosystem proposed by Baldi et al. which firstly uses ReedSolomon code...

In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Grøstl, and ECHO, and apply these attacks also to the AES. Our results improve upon and extend the rebound attack. Using the new techniques, we are able to extend the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Grøstl-256 output tra...

In this paper we study structural properties of SPN ciphers in which both the S-boxes and the affine layers are involutions. We apply our observations to the recently designed Rijndael-like ciphers Khazad and Anubis, and show several interesting properties of these ciphers. We also show that 5-round Khazad has 2 weak keys under a “slide-witha-twist” attack distinguisher. This is the first crypt...

In this paper, we first present a new distinguisher on the CBC-MAC based on a block cipher in Cipher Block Chaining (CBC) mode. It can also be used to distinguish other CBC-like MACs from random functions. The main results of this paper are on the secondpreimage attack on CBC-MAC and CBC-like MACs include TMAC, OMAC, CMAC, PC-MAC and MACs based on three-key encipher CBC mode. Instead of exhaust...