Block cipher is in vogue due to its requirement for integrity, confidentiality and authentication. Differential and Linear cryptanalysis are the basic techniques on block cipher and till today many cryptanalytic attacks are developed based on these. Each variant of these have different methods to find distinguisher and based on the distinguisher, the method to recover key. This paper illustrate...

Abstract The Learning with Errors (LWE) problem receives much attention in cryptography, mainly due to its fundamental significance post-quantum cryptography. Among solving algorithms, the Blum-Kalai-Wasserman (BKW) algorithm, originally proposed for Parity Noise (LPN) problem, performs well, especially certain parameter settings cryptographic importance. BKW algorithm consists of two phases, r...

* This work is supported by National Natural Science Foundation of China (No. 61073178) and Beijing Natural Science Foundation (No. 4112064). The abridged version of this paper was accepted by Chinese Journal of Electronics on June 20, 2011 after anonymous peer reviews, and will appear in 2012. ♀Corresponding Author(e-mail: [email protected]) Abstract: Construction and evaluation of efficient ...

Nowadays, general purpose graphical processing unit (GPGPU) has been used in many ares. We use it for security evaluation of light-weight block ciphers. Light-weight block cipher is one of key technologies for small communication devices such as sensor network. To design a light-weight block cipher whose fastness and security are balanced, so that, its security margin should be evaluated exactl...

Di erential power analysis attacks are among the `classical' non-invasive types of attacks against physical devices. Attacks belonging to that class are well studied in the literature, however a seemingly simple yet very important question has proven to be exceptionally di cult to answer: given a cryptographic device, how do I best choose a distinguisher to actually perform a di erential power ...

We show that the so-called super S-box representation of AES – that provides a simplified view of two consecutive AES rounds – can be further simplified. In the untwisted representation of AES presented here, two consecutive AES rounds are viewed as the composition of a non-linear transformation S and an affine transformation R that respectively operate on the four 32-bit columns and on the fou...

The GOST hash function family has served as the new Russian national hash standard (GOST R 34.11-2012) since January 1, 2013, and it has two members, i.e., GOST256 and GOST-512 which correspond to two different output lengths. Most of the previous analyses of GOST emphasize on the compression function rather than the hash function. In this paper, we focus on security properties of GOST under th...

Khudra is a hardware-oriented lightweight block cipher that is designed to run efficiently on Field Programmable Gate Arrays. It employs an 18-rounds Generalized type-2 Feistel Structure with a 64bit block length and an 80-bit key. In this paper, we present Meet-inthe-Middle (MitM) attacks on 13 and 14 round-reduced Khudra. These attacks are based on finding a distinguisher that is evaluated of...

In this paper, inspired from the notion of impossible differentials, we present a model to use differentials that are less probable than a random permutation. We introduce such a distinguisher for 2 rounds of Crypton, and present an attack on 6 rounds of this predecessor AES candidate. As a special case of this idea, we embed parts of the additional rounds around the impossible differential int...