block ciphers
play

BLOCK CIPHERS 1 / 1 Permutations and Inverses A function f : { 0 , - PowerPoint PPT Presentation

Oct 30, 2022 •412 likes •1.05k views

BLOCK CIPHERS 1 / 1 Permutations and Inverses A function f : { 0 , 1 } { 0 , 1 } is a permutation if there is an inverse function f 1 : { 0 , 1 } { 0 , 1 } satisfying x { 0 , 1 } : f 1 ( f ( x )) = x

  1. BLOCK CIPHERS 1 / 1

  2. Permutations and Inverses A function f : { 0 , 1 } ℓ → { 0 , 1 } ℓ is a permutation if there is an inverse function f − 1 : { 0 , 1 } ℓ → { 0 , 1 } ℓ satisfying ∀ x ∈ { 0 , 1 } ℓ : f − 1 ( f ( x )) = x This means f must be one-to-one and onto, meaning for every y ∈ { 0 , 1 } ℓ there is a unique x ∈ { 0 , 1 } ℓ such that f ( x ) = y . 2 / 1

  3. Permutations and Inverses x 00 01 10 11 x 00 01 10 11 f ( x ) 01 11 00 10 f ( x ) 01 11 11 10 A permutation Not a permutation 3 / 1

  4. Permutations and Inverses x 00 01 10 11 x 00 01 10 11 f − 1 ( x ) f ( x ) 01 11 00 10 10 00 11 01 A permutation Its inverse 4 / 1

  5. Block Ciphers Let E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ be a function taking a key K and input x to return output E ( K , x ). For each key K we let E K : { 0 , 1 } ℓ → { 0 , 1 } ℓ be the function defined by E K ( x ) = E ( K , x ) . We say that E is a block cipher if • E K : { 0 , 1 } ℓ → { 0 , 1 } ℓ is a permutation for every K , meaning has an inverse E − 1 K , • E , E − 1 are efficiently computable, where E − 1 ( K , x ) = E − 1 K ( x ). 5 / 1

  6. Example The table entry corresponding to the key in row K and input in column x is E K ( x ). 00 01 10 11 00 00 01 10 11 01 01 00 11 10 10 10 11 00 01 11 11 10 01 00 In this case, the inverse cipher E − 1 is given by the same table: the table entry corresponding to the key in row K and output in column y is E − 1 K ( y ). 6 / 1

  7. Block Ciphers: Example Let ℓ = k and define E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ by E K ( x ) = E ( K , x ) = K ⊕ x Then E K has inverse E − 1 where K E − 1 K ( y ) = K ⊕ y Why? Because E − 1 K ( E K ( x )) = E − 1 K ( K ⊕ x ) = K ⊕ K ⊕ x = x The inverse of block cipher E is the block cipher E − 1 defined by E − 1 ( K , y ) = E − 1 K ( y ) = K ⊕ y 7 / 1

  8. Block cipher usage $ ← { 0 , 1 } k • K • K (magically) given to parties S, R, but not to A. • S,R use E K Algorithm E is public! Think of E K as encryption under key K . Leads to security requirements like: • Hard to get K from y 1 , y 2 , . . . • Hard to get x i from y i 8 / 1

  9. DES History 1972 – NBS (now NIST) asked for a block cipher for standardization 1974 – IBM designs Lucifer Lucifer eventually evolved into DES. Widely adopted as a standard including by ANSI and American Bankers association Used in ATM machines Replaced (by AES) only a few years ago 9 / 1

  10. DES parameters Key Length k = 56 Block length ℓ = 64 So, DES: { 0 , 1 } 56 × { 0 , 1 } 64 → { 0 , 1 } 64 DES − 1 : { 0 , 1 } 56 × { 0 , 1 } 64 → { 0 , 1 } 64 10 / 1

  11. DES Construction function DES K ( M ) / / | K | = 56 and | M | = 64 ( K 1 , . . . , K 16 ) ← KeySchedule ( K ) / / | K i | = 48 for 1 ≤ i ≤ 16 M ← IP ( M ) Parse M as L 0 � R 0 / / | L 0 | = | R 0 | = 32 for i = 1 to 16 do L i ← R i − 1 ; R i ← f ( K i , R i − 1 ) ⊕ L i − 1 C ← IP − 1 ( L 16 � R 16 ) return C Round i: Invertible given K i : 11 / 1

  12. DES Construction function DES K ( M ) / / | K | = 56 and | M | = 64 ( K 1 , . . . , K 16 ) ← KeySchedule ( K ) / / | K i | = 48 for 1 ≤ i ≤ 16 M ← IP ( M ) Parse M as L 0 � R 0 / / | L 0 | = | R 0 | = 32 for i = 1 to 16 do L i ← R i − 1 ; R i ← f ( K i , R i − 1 ) ⊕ L i − 1 C ← IP − 1 ( L 16 � R 16 ) return C function DES − 1 K ( C ) / / | K | = 56 and | M | = 64 ( K 1 , . . . , K 16 ) ← KeySchedule ( K ) / / | K i | = 48 for 1 ≤ i ≤ 16 C ← IP ( C ) Parse C as L 16 � R 16 for i = 16 downto 1 do R i − 1 ← L i ; L i − 1 ← f ( K i , R i − 1 ) ⊕ R i M ← IP − 1 ( L 0 � R 0 ) return M 12 / 1

  13. DES Construction function DES K ( M ) / / | K | = 56 and | M | = 64 ( K 1 , . . . , K 16 ) ← KeySchedule ( K ) / / | K i | = 48 for 1 ≤ i ≤ 16 M ← IP ( M ) Parse M as L 0 � R 0 / / | L 0 | = | R 0 | = 32 for i = 1 to 16 do L i ← R i − 1 ; R i ← f ( K i , R i − 1 ) ⊕ L i − 1 C ← IP − 1 ( L 16 � R 16 ) return C IP − 1 IP 58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32 60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31 62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30 64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29 57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28 59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27 61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26 63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25 13 / 1

  14. DES Construction function f ( J , R ) / / | J | = 48 and | R | = 32 R ← E ( R ) ; R ← R ⊕ J Parse R as R 1 � R 2 � R 3 � R 4 � R 5 � R 6 � R 7 � R 8 / / | R i | = 6 for 1 ≤ i for i = 1 , . . . , 8 do R i ← S i ( R i ) / / Each S-box returns 4 bits R ← R 1 � R 2 � R 3 � R 4 � R 5 � R 6 � R 7 � R 8 / / | R | = 32 bits R ← P ( R ) return R E P 32 1 2 3 4 5 16 7 20 21 4 5 6 7 8 9 29 12 28 17 8 9 10 11 12 13 1 15 23 26 12 13 14 15 16 17 5 18 31 10 16 17 18 19 20 21 2 8 24 14 20 21 22 23 24 25 32 27 3 9 24 25 26 27 28 29 19 13 30 6 28 29 30 31 32 1 22 11 4 25 14 / 1

  15. S-boxes 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 S 1 : 0 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 1 0 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 1 1 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0 0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 S 2 : 0 1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 1 0 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 1 1 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0 0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 S 3 : 0 1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 0 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 1 1 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 Figure: The DES S-boxes. 15 / 1

  16. Cryptanalysis: Key Recovery Attacks on Block Ciphers Adversary A knows E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ ← { 0 , 1 } k is the target key. $ T Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Find: T 16 / 1

  17. Cryptanalysis: Key Recovery Attacks on Block Ciphers Adversary A knows E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ ← { 0 , 1 } k is the target key. $ T Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Find: T Certainly A should be given C 1 , . . . , C q . But why does A know M 1 , . . . , M q ? • A posteriori revelation of data • A priori knowledge of context Good to be conservative! 16 / 1

  18. A posteriori revelation of data • S , R share key K • On January 10, S encrypts M = Let’s meet tomorrow at 5 pm and sends ciphertext C to R . • Adversary captures C • On January 11, adversary observes S , R meeting at 5 pm and deduces that M is as above • Adversary knows C and its decryption M 17 / 1

  19. A priori knowledge of context • S , R share key K • E-mails always begin with the keyword “From” • S encrypts an email • Adversary gets ciphertext C • Since it knows part of the plaintext (“From”) it may have an input-output example of the block cipher under K 18 / 1

  20. Cryptanalysis: Key Recovery Attacks on Block Ciphers Adversary A knows E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ ← { 0 , 1 } k is the target key. $ T Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Find: T 19 / 1

  21. Cryptanalysis: Key Recovery Attacks on Block Ciphers Adversary A knows E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ ← { 0 , 1 } k is the target key. $ T Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Find: T 20 / 1

  22. Types of attacks Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Known Message Attack: M 1 , . . . , M q arbitrary, not chosen by A. 21 / 1

  23. Types of attacks Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Chosen Message Attack: A can pick M 1 , . . . , M q , even adaptively, meaning pick M i as a function of ( M 1 , C 1 ) , . . . , ( M i − 1 , C i − 1 ) for i = 1 , . . . , q . M 1 ✛ C 1 = E K ( M 1 ) ✲ M 2 E K A ✛ C 2 = E K ( M 2 ) ✲ . . . Examples: • A sends S e-mails which S encrypts and forwards to R • S is a router encrypting any packet it receives 22 / 1

  24. Cryptanalysis: Key Recovery Attacks on Block Ciphers Adversary A knows E : { 0 , 1 } k × { 0 , 1 } ℓ → { 0 , 1 } ℓ ← { 0 , 1 } k is the target key. $ T Given: ( M 1 , C 1 ) , . . . , ( M q , C q ) where C i = E ( T , M i ) for i = 1 , . . . , q and M 1 , . . . , M q are distinct. Find: T 23 / 1

  25. Exhaustive Key Search ← { 0 , 1 } k be the target $ Let T 1 , . . . , T 2 k be a list of all k bit keys. Let T key and let ( M 1 , C 1 ) satisfy E T ( M 1 ) = C 1 . algorithm EKS E ( M 1 , C 1 ) for i = 1 , . . . , 2 k do if E ( T i , M 1 ) = C 1 then return T i 24 / 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu Iwata Nagoya University, Japan FSE 2020 November 913, 2020, Virtual 1 / 19 Block Ciphers block cipher (BC) E : K { 0 , 1 } n { 0

530 views • 24 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

1 B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n is called a block cipher . The positive integer n denotes the block size ( block length ). 3 B.25 Remark and Convention The encryption

709 views • 67 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A function E : {0, 1} k {0, 1} n

553 views • 32 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 15, 2016 Announcements Project due Sept 20 Recall: Block cipher A function E : {0, 1} k {0, 1} n {0, 1} n . Once

417 views • 30 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Block ciphers with non-standard sizes Choosing uniformly a random permutation P ERMUTATOR Sampling following the Hypergeometric Distribution Security Analysis Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1

550 views • 23 slides
Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of block ciphers. 1 Block Ciphers and Stream Ciphers A one-key cipher is a 5-tuple ( M , C , K , E k , D k ) , where M , C , K are respectively the

461 views • 12 slides
How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

Introduction Cryptology Basics Detection Cryptanalysis The Word Case The Excel Case Conclusion How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and Break them Eric Filiol, filiol@esiea.fr ESIEA -

808 views • 64 slides
Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Loai Tawalbeh Computer

Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Loai Tawalbeh Computer

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005

339 views • 23 slides
Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu Hou 1 , Jakub Breier 2 , Fuyuan Zhang 3 , and Yang Liu 2 1 National University of Singapore, Singapore 2 HP-NTU Digital Manufacturing Corporate Lab,

513 views • 26 slides
Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2 Subspaces in block ciphers 3 From subspace trails to invariant subspaces in Simpira 4 Zero-di ff erence cryptanalysis of AES Preliminaries Block

2.18k views • 146 slides
Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1

Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1

TBCs and AE NSIV Generic Composition EPWC MAC CTRT Encryption Conclusion Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1 Yannick Seurin 2 1 NTU, Singapore 2 ANSSI, France August 15, 2016

1.29k views • 102 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho Moriai 1 , Tetsu Iwata 2 1 Sony Corporation 2 Nagoya University Direction for designing a new blockcipher Priority for Choosing an algorithm 1.

464 views • 19 slides
Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED

Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED

Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED cipher algorithm would be the default cipher together with AES in SRTP Motivation In Korea, many companies provide VoIP service and we

294 views • 6 slides
Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan

Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan

Introduction The counter mode Missing difference problem Cryptanalysis Conclusion Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan Leurent Inria, quipe SECRET April 10, 2018 1 / 29 Introduction

975 views • 74 slides

More recommend