This paper presents a new simple distinguishing attack that can be applied on stream ciphers constructed from filter generators or similar structures. We demonstrate the effectiveness by describing key recovery attacks on the stream cipher LILI-128. One attack on LILI-128 requires 2 bits of keystream and a computational complexity of roughly 2. This is a significant improvement compared to othe...

We analyze the security of the TLS Record Protocol, a MACthen-Encode-then-Encrypt (MEE) scheme whose design targets confidentiality and integrity for application layer communications on the Internet. Our main results are twofold. First, we give a new distinguishing attack against TLS when variable length padding and short (truncated) MACs are used. This combination will arise when standardized ...

The magnetic shape memory (MSM) alloy Fe70Pd30 is of particular interest for novel microactuator and sensor applications. This review summarizes the underlying physical and material science concepts for this MSM alloy system. First-principles calculations of the electronic and crystallographic structure together with combinatorial and epitaxial film studies are presented. By these complementary...

We propose techniques that allow construction of robust threshold RSA signature schemes that can work without a trusted dealer using known key generation protocols and is as efficient as the best previous schemes. We do not need special conditions on the RSA modulus, extra complexity or set-up assumptions or random oracles. An “optimistic” variant of the scheme is even more efficient in case no...

One of the most impactful applications of proofs of work (POW) currently is in the design of blockchain protocols such as Bitcoin. Yet, despite the wide recognition of POWs as the fundamental cryptographic tool in this context, there is no known cryptographic formulation that implies the security of the Bitcoin blockchain protocol. Indeed, all previous works formally arguing the security of the...

RC4+ stream cipher was proposed by Maitra et. al. at Indocrypt 2008. It was claimed by the authors that this new stream cipher is designed to overcome all the weaknesses reported on the alleged RC4 stream cipher. In the design specifications of RC4+, the authors make use of an 8-bit design parameter called pad which is fixed to the value 0xAA. The first Distinguishing Attack on RC4+ based on th...

Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A formalization of known-key attacks in general is known to be difficult. In this paper, we tackle this problem for the case of block ciphers based on ideal components such as random permutations and random functions as well as propos...

In this paper, we study the AES block cipher in the chosen-key setting. The adversary’s goal of this security model is to find triplets (m,m′, k) satisfying some properties more efficiently for the AES scheme than generic attacks. It is a restriction of the classical chosen-key model, since as it has been defined originally, differences in the keys are possible. This model is related to the kno...

We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 output bits. As the feedback polynomial of an arbitrary LFSR is known to have a polynomial multiple of low weight, our distinguisher applies to ar...