We present a cross-table of almost all publicly known implementations of AES candidates, including the ones done by the authors. A short overview of our own implementations of Rijndael is given. The relative easiness of doing “the world best” implementations and a lot of gaps in the table force us to ask if there is enough information known to really decide which ciphers are fast and which are ...

Differential fault attack (DFA) is a distinctive methodology for acquiring the key to block ciphers, which comprises two distinct strategies: DFA on state and schedule. Given widespread adoption of Advanced Encryption Standard (AES), it has emerged as prominent target DFA. This paper presents an efficient AES, utilizing two−byte model that induces faults at with discontiguous rows. The experime...

This paper presents an updated implementation of the Advanced Encryption Standard (AES) on the recent Xilinx Virtex-5 FPGAs. We show how a modified slice structure in these reconfigurable hardware devices results in significant improvement of the design efficiency. In particular, a single substitution box of the AES can fit in 8 FPGA slices. We combine these technological changes with a sound i...

In this work, we revisit the security analysis of AES-128 instantiated hash modes. We use biclique cryptanalysis technique as our basis for the attack. The traditional biclique approach used for key recovery in AES (and preimage search in AES based compression function) cannot be applied directly to hash function settings due to restrictions imposed on message input due to padding. Under this c...

Encryption algorithms will transform a human interpretable text block or information in to a non-interpretable block of symbols. The objective of any such encryption algorithm will be making the cipher block more non-interpretable and seemingly random block of symbols. So any cipher block will always be random and will purely be a set of random permutations of symbols. The efforts of distinguis...

The most important pre-quantum threat to AES-128 is the 1994 van Oorschot–Wiener “parallel rho method”, a low-communication parallel pre-quantum multi-target preimage-search algorithm. This algorithm uses a mesh of p small processors, each running for approximately 2/pt fast steps, to find one of t independent AES keys k1, . . . , kt, given the ciphertexts AESk1(0), . . . ,AESkt(0) for a shared...

Related-key attacks on AES-192 and AES-256 have been presented at Crypto 2009 and Asiacrypt 2009. Although these results are already quite spectacular, they have been extended to practical-complexity attacks on AES variants with 10 rounds at Eurocrypt 2010. These advances in cryptanalysis are enabled by the introduction of a new type of related keys. Let the secret key be denoted by k, the roun...

The wireless sensor network (WSN) is a combination of sensing, computation, and communication into a single tiny device known as Sensor nodes. Sensor data is shared between these sensor nodes and used as input to a distributed estimation system. The wireless network environment that consists of the many devices, called the sensor node, which have miniature computing device, small memory space a...

SYMAES is a software tool that generates a system of polynomials in GF(2), corresponding to the round transformation and key schedule of the block cipher AES-128 [1]. Most of the existing polynomial system generators for AES are typically used under the assumption that the plaintext and ciphertext bits are known, and therefore are treated as constants. Although some of the generators, such as t...

This article describes the design of an 8-bit coprocessor for the AES (encryption, decryption, and key expansion) and the cryptographic hash function Grøstl on several Xilinx FPGAs. Our Arithmetic and Logic Unit performs a single instruction that allows for implementing AES encryption, AES decryption, AES key expansion, and Grøstl at all levels of security. Thanks to a careful organization of A...