In this paper we show that Biham’s chosen key attack can be generalized to include any block cipher and we give a low complexity chosen key attack on any Feistel type cipher. Then we show that the irregularities in the shift pattern of DES key schedule algorithm is not sufficient for the cryptosystem to resist against related key attacks. We have realized our proposition by a counter example in...

A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMACH from HMAC/NMAC with a random function. The attack needs 2 chosen messages and 2 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack o...

We study the security of AES in the open-key setting by showing an analysis on hash function modes instantiating AES including Davies-Meyer, Matyas-Meyer-Oseas, and Miyaguchi-Preneel modes. In particular, we propose preimage attacks on these constructions, while most of previous work focused their attention on collision attacks or distinguishers using non-ideal differential properties. This res...

The iterated Even-Mansour cipher is a construction of a block cipher from r public permutations P1, . . . , Pr which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations P1, . . . , Pr has been investigated in a series of recent papers. This ...

ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES  _ CMCCv₁ with the complexity of two queries and the success ...

This paper reports the greater bias found in the output sequence of VMPC, a modified RC4 stream cipher proposed in 2004. Using the bias with approximately 2 output bytes allows us to distinguish VMPC from truly random sequence. Distinguishing attack can also break RC4A, an algorihm based on RC4, more efficiently than any existing attacks. With about 2 output bytes, distinguishing attack makes i...

Stream ciphers are cryptographic primitives that ensure the confidentiality of communications. In this thesis, we study several attacks on stream ciphers. For practical applications, the candidates of stream ciphers of NESSIE and eSTREAM projects are scrutinized. Firstly, the algebraic attacks on SOBER-t32 and SOBER-t16 stream ciphers are performed under the assumption that the stuttering phase...

The issue of security and privacy plays an important role in the Internet Things (IoT) directly affects its wide applications. In order to meet requirements IoT environment, a series lightweight encryption schemes have been proposed. Meanwhile, cryptanalysis against these is critical IoT. this paper, practical distinguishing attack on IoT-friendly cipher ALLPC presented. Specifically, it found ...

Sprout is a new lightweight stream cipher proposed at FSE 2015. According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size. However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attacks on full Sprout. Under the related-key setting, our attacks enable the adversary to detect...

RAKAPOSHI is a hardware oriented stream cipher designed by Carlos Cid et al. in 2009. The stream cipher is based on Dynamic Linear Feedback Shift Registers, with a simple and potentially scalable design, and is particularly suitable for hardware applications with restricted resources. The RAKAPOSHI stream cipher offers 128-bit security. In this paper, we point out some weaknesses in the cipher....