We study pattern matching problems on two major representations of uncertain sequences used in molecular biology: weighted sequences (also known as position weight matrices, PWM) and profiles (i.e., scoring matrices). In the simple version, in which only the pattern or only the text is uncertain, we obtain efficient algorithms with theoretically-provable running times using a variation of the l...

We illustrate how coding theory was applied in the design of the cryptographic hash function LANE [8]. The generic structure of the LANE compression function could potentially be vulnerable to a class of meet-in-the-middle attacks. While difficult to avoid at first sight, restating the problem in the domain of error correcting codes naturally leads to a simple and elegant solution. This ensures...

In this paper we introduce a model for studying meet-in-the-middle attacks on block ciphers, and a simple block cipher construction provably resistant to such attacks in this model. A sideresult of this is a proper formalization for an unproven alternative to DESX proposed by Kilian and Rogaway; this construction can now be shown to be sound in our model. Meet-in-the-middle attacks exploit weak...

In this paper, we propose a modified approach for the basic meet-in-the-middle attack which we call differential sieving for 2-step matching. This technique improves the scope of the basic meet in the middle attack by providing means to extend the matching point for an extra round through differential matching and hence the overall number of the attacked rounds is extended. Our approach starts ...

Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of theWhirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round p...

This paper shows preimage attacks against reduced SHA-1 up to 57 steps. The best previous attack has been presented at CRYPTO 2009 and was for 48 steps finding a two-block preimage with incorrect padding at the cost of 2 evaluations of the compression function. For the same variant our attacks find a one-block preimage at 2 and a correctly padded two-block preimage at 2 evaluations of the compr...

To date the NTRUEncrypt security parameters have been based on the existence of two types of attack: a meet-in-the-middle attack due to Odlyzko, and a conservative extrapolation of the running times of the best (known) lattice reduction schemes to recover the private key. We show that there is in fact a continuum of more efficient attacks between these two attacks. We show that by combining lat...

NXP Semiconductors and its academic partners challenged the cryptographic community with nding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute-force, the challenge invites cryptographers to nd practical attacks and encourages them to actually implement ...

We observe that a combination of known top-down and bottom-up lower bound techniques of circuit complexity may yield new circuit lower bounds. An important example is this: Razborov and Wigderson showed that a certain function f in ACC cannot be computed by polynomial size circuits consisting of two layers of MAJORITY gates at the top and a layer of AND gates at the bottom. We observe that a si...

This paper studies key-recovery attacks on AES-192 and PRINCE under single-key model by methodology of meet-in-the-middle attack. A new technique named key-dependent sieve is proposed to further reduce the memory complexity of Demirci et al.’s attack at EUROCRYPT 2013, which helps us to achieve 9-round attack on AES-192 by using a 5-round distinguisher; the data, time and memory complexities ar...