In this article we describe new generic distinguishing and forgery attacks in the related-key scenario (using only a single related-key) for the HMAC construction. When HMAC uses a k-bit key, outputs an n-bit MAC, and is instantiated with an l-bit inner iterative hash function processing m-bit message blocks where m = k, our distinguishing-R attack requires about 2 queries which improves over t...

1 At FSE 2004 two new stream ciphers VMPC and RC4A have been proposed. VMPC is a generalisation of the stream cipher RC4, whereas RC4A is an attempt to increase the security of RC4 by introducing an additional permuter in the design. This paper is the first work presenting attacks on VMPC and RC4A. We propose two linear distinguishing attacks, one on VMPC of complexity 2, and one on RC4A of com...

In modern cryptography, stream ciphers are most useful in applications where information needs to be encrypted/decrypted at high speed (e.g. high resolution streaming video data) or when low footprint (gates/memory) encryption is required. In the literature, there exist plenty of stream ciphers whose internal states are based on arrays and that they use modular additions to generate output stre...

The validity of distinguishing between the diagnoses of panic disorder and agoraphobia with panic attacks was examined in a study of 20 patients with each disorder. Comparison of demographic, psychometric, and clinical features of the two groups revealed few differences. Agoraphobics scored higher on ratings of interpersonal sensitivity, phobic anxiety, paranoid ideation, and alcohol use. Panic...

Distinguishing trace-based system properties into safety properties on the onehand and liveness properties on the other has proven very useful for specifying andvalidating concurrent and fault-tolerant systems. We study the adequacy of theseabstractions, especially the liveness property abstraction, in the context of securesystems for two different scenarios: (1) Denial-of-servi...

At FSE 2004 two new stream ciphers VMPC and RC4A have been proposed. VMPC is a generalisation of the stream cipher RC4, whereas RC4A is an attempt to increase the security of RC4 by introducing an additional permuter in the design. This paper is the first work presenting attacks on VMPC and RC4A. We propose two linear distinguishing attacks, one on VMPC of complexity 2, and one on RC4A of compl...

In modern cryptography, stream ciphers are most useful in applications where information needs to be encrypted/decrypted at high speed (e.g. high resolution streaming video data) or when low footprint (gates/memory) encryption is required. In the literature, there exist plenty of stream ciphers whose internal states are based on arrays and that they use modular additions to generate output stre...

The i-local distinguishing number of G, denoted by LD i (G), was deened in 3]. Let T be a tree on n > 2 vertices with maximum degree bounded by some constant k. It is shown that LD 1 (T) = O(p n) and that for some trees this bound is tight. The result is extended to show that LD i (T) = O(n 1=(i+1)).

Sprout is a new lightweight stream cipher proposed at FSE 2015. According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size. However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attacks on full Sprout. Under the related-key setting, our attacks enable the adversary to detect...