The purpose of this talk is to study the difficulty of the Goppa Code Distinguishing (GD) problem, which is the problem of distinguishing the public matrix in the McEliece cryptosystem from a random matrix. It is widely believed that this problem is computationally hard as proved by the increasing number of papers using this hardness assumption. One can consider that disproving/mitigating this ...

In this article, we analyse the known-key security of the standardized PRESENT lightweight block cipher. Namely, we propose a knownkey distinguisher on the full PRESENT, both 80and 128-bit key versions. We first leverage the very latest advances in differential cryptanalysis on PRESENT, which are as strong as the best linear cryptanalysis in terms of number of attacked rounds. Differential prop...

SIMD is one of the round 2 candidates of the public SHA-3 competition hosted by NIST. It was designed by Leurent et al.. In this paper, we present a distinguisher attack on the compression function of SIMD-512. By linearizing the compression function we construct a linear code. Using techniques from coding theory to search for low Hamming weight codewords, we can find differential characteristi...

Side Channel Analysis (SCA) are of great concern since they have shown their efficiency in retrieving sensitive information from secure devices. In this paper we introduce First Principal Components Analysis (FPCA) which consists in evaluating the relevance of a partitioning using the projection on the first principal directions as a distinguisher. Indeed, FPCA is a novel application of the Pri...

In this paper we study boomerang attacks in the chosen-key setting. This is particularly relevant to hash function analysis, since many boomerang attacks have been described against ARX-based designs. We present a new way to combine message modifications, or auxiliary differentials, with the boomerang attack. We show that under some conditions, we can combine three independent paths instead of ...

Achterbahn stream cipher is proposed as a candidate for ECRYPT eSTREAM project which deals with key of length 80-bit. The linear distinguishing attack,which aims at distinguishing the keystream from purely random keystream,is employed to Achterbahn stream cipher. A linear distinguishing attack is based on linear sequential circuit approximation technique which distinguishes statistical bias in ...

In this paper we provide a simple, concrete and improved security analysis of Parallelizable Message Authentication Code or PMAC. In particular, we show that the advantage of any distinguisher A at distinguishing PMAC from a random function is at most (5qσ − 3.5q)/2. Here, σ is the total number of message blocks in all q queries made by A and PMAC is based on a random permutation over {0, 1}. I...

In the paper, we study the security of 3-line generalized Feistel network, which is a considerate choice for some special needs, such as designing a 96-bit cipher based on a 32-bit round function. We show key recovery attacks on 3line generic balanced Feistel-2 and Feistel-3 based on the meet-in-the-middle technique in the chosen ciphertext scenario. In our attacks, we consider the key size is ...

This article revisits the “Correlation Power Attack” (CPA [18]), and justifies its physical relevance regarding CMOS circuits dissipation model. The CPA is then shown to be practical – and reproducible – on a real piece of hardware (DES co-processor.) Based on this successful attack, a theory about the vulnerability is derived. It happens that the attack asymptotic strength is not related to th...