improved differential linear cryptanalysis of 7 round
play

Improved Differential-Linear Cryptanalysis of 7-round Chaskey with - PowerPoint PPT Presentation

Feb 20, 2024 •161 likes •540 views

Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent Inria, Paris Eurocrypt 2016 m 0 m 1 m 2 K K K Gatan

  1. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gaëtan Leurent Inria, Paris Eurocrypt 2016 m 0 m 1 m 2 K ′ K ′ π π π τ K Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 1 / 19

  2. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Chaskey N. Mouha, B. Mennink, A. Van Herrewege, D. Watanabe, B. Preneel, I. Verbauwhede Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers SAC 2014 m 0 m 1 m 2 K ′ K ′ π π π τ K Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 2 / 19

  3. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Chaskey ◮ Message Authentication Code ◮ Authenticity ◮ τ = MAC K ( m ) Computed by Alice 1 Transmitted with m 2 Verified by Bob (same key) 3 ◮ For microcontrollers ◮ Typical use-case: sensor network (lightweight) ◮ “Ten times faster than AES” ◮ Considered for ISO standardisation m 0 m 1 m 2 K ′ K ′ π π π τ K Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 2 / 19

  4. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Chaskey ◮ CBC-MAC with an Even-Mansour cipher ◮ Permutation based (sponge-like) ◮ Birthday security ◮ 128-bit key ( K ′ = 2 · K ) ◮ 128-bit state ◮ Security claim: 2 48 data, 2 80 time ( TD > 2 128 ). m 0 m 1 m 2 K ′ K ′ π π π τ K Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 2 / 19

  5. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Chaskey permutation v 1 v 0 v 2 v 3 ◮ 32-bit words 5 8 ◮ 128-bit state 16 ◮ ARX scheme ◮ Additions ( mod 2 32 ) ◮ Rotations (bitwise) ◮ Xor 7 13 ◮ Same structure as Siphash 16 ◮ 8 rounds Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 3 / 19

  6. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Cryptanalysis of Chaskey Exploiting properties of the π permutation ◮ Use single-block messages ◮ Chaskey becomes an Even-Mansour cipher ◮ No decryption oracle ◮ Previous work: 4-round bias by the designers ◮ 5-round attack? K ⊕ K ′ K ′ m π τ Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 4 / 19

  7. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Main Cryptanalysis Techniques Differential Cryptanalysis Linear Cryptanalysis Track difference propagation Track linear approximations [Biham & Shamir, 1990] [Matsui, 1992] ◮ Input/output differences δ P , δ C ◮ Input/output masks χ P , χ C ◮ E ( x ⊕ δ P ) ≈ E ( x ) ⊕ δ C ◮ E ( x )[ χ C ] ≈ x [ χ P ] � − 1 � � � p = Pr E ( P ⊕ δ P ) = E ( P ) ⊕ δ C ε = 2 Pr E ( x )[ χ C ] = x [ χ P ] ◮ Concatenate trails: ε = ∏ ε i ◮ Concatenate trails: p = ∏ p i ◮ Complexity 1 / ε 2 ◮ Complexity 1 / p ◮ Require ε ≫ 2 − n / 2 ◮ Require p ≫ 2 − n x [ χ 1 . . . χ ℓ ] = x [ χ 1 ] ⊕ x [ χ 2 ] · · · x [ χ ℓ ] Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 5 / 19

  8. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Cryptanalysis of ARX schemes ◮ No iterative differential/linear trails ◮ Small difference in the middle and propagate ◮ Only short trails with high probability Complexity Rounds Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 6 / 19

  9. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Cryptanalysis of ARX schemes ◮ No iterative differential/linear trails ◮ Small difference in the middle and propagate ◮ Only short trails ◮ Can we combine two trails? with high probability Complexity Rounds Rounds Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 6 / 19

  10. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x [Langford & Hellman, 1994] [Biham, Dunkelman & Keller, 2002] E ⊤ E ⊤ ◮ Divide E in two sub-ciphers E = E ⊥ ◦ E ⊤ γ ◮ Let y = E ⊤ ( x ) , z = E ⊥ ( y ) y ′ y α α ◮ Find a differential δ → γ for E ⊤ ◮ Pr [ E ⊤ ( x ⊕ δ ) = E ⊤ ( x ) ⊕ γ ] = p E ⊥ E ⊥ ◮ Find a linear approximation α → β of E ⊥ ◮ Pr [ y [ α ] = E ⊥ ( y )[ β ]] = 1 2 ( 1 + ε ) z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  11. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x [Langford & Hellman, 1994] [Biham, Dunkelman & Keller, 2002] E ⊤ E ⊤ ◮ Divide E in two sub-ciphers E = E ⊥ ◦ E ⊤ γ ◮ Let y = E ⊤ ( x ) , z = E ⊥ ( y ) y ′ y α α ◮ Find a differential δ → γ for E ⊤ ◮ Pr [ E ⊤ ( x ⊕ δ ) = E ⊤ ( x ) ⊕ γ ] = p E ⊥ E ⊥ ◮ Find a linear approximation α → β of E ⊥ ◮ Pr [ y [ α ] = E ⊥ ( y )[ β ]] = 1 2 ( 1 + ε ) z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  12. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x [Langford & Hellman, 1994] [Biham, Dunkelman & Keller, 2002] E ⊤ E ⊤ ◮ Divide E in two sub-ciphers E = E ⊥ ◦ E ⊤ γ ◮ Let y = E ⊤ ( x ) , z = E ⊥ ( y ) y ′ y α α ◮ Find a differential δ → γ for E ⊤ ◮ Pr [ E ⊤ ( x ⊕ δ ) = E ⊤ ( x ) ⊕ γ ] = p E ⊥ E ⊥ ◮ Find a linear approximation α → β of E ⊥ ◮ Pr [ y [ α ] = E ⊥ ( y )[ β ]] = 1 2 ( 1 + ε ) z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  13. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x ◮ Query a pair ( x , x ′ = x ⊕ δ ) : E ⊤ E ⊤ y ⊕ y ′ = γ proba p γ ( y ⊕ y ′ )[ α ] = γ [ α ] proba ≈ p + 1 / 2 ( 1 − p ) y ′ y α α z [ β ] = y [ α ] proba 1 / 2 ( 1 + ε ) z ′ [ β ] = y ′ [ α ] proba 1 / 2 ( 1 + ε ) proba 1 / 2 ( 1 + p ε 2 ) E ⊥ E ⊥ ( z ⊕ z ′ )[ β ] = γ [ α ] ◮ Distinguisher with complexity ≈ p − 2 ε − 4 z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  14. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x ◮ Query a pair ( x , x ′ = x ⊕ δ ) : E ⊤ E ⊤ y ⊕ y ′ = γ proba p γ ( y ⊕ y ′ )[ α ] = γ [ α ] proba ≈ p + 1 / 2 ( 1 − p ) y ′ y α α z [ β ] = y [ α ] proba 1 / 2 ( 1 + ε ) z ′ [ β ] = y ′ [ α ] proba 1 / 2 ( 1 + ε ) proba 1 / 2 ( 1 + p ε 2 ) E ⊥ E ⊥ ( z ⊕ z ′ )[ β ] = γ [ α ] ◮ Distinguisher with complexity ≈ p − 2 ε − 4 z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  15. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x ◮ Query a pair ( x , x ′ = x ⊕ δ ) : E ⊤ E ⊤ y ⊕ y ′ = γ proba p γ ( y ⊕ y ′ )[ α ] = γ [ α ] proba ≈ p + 1 / 2 ( 1 − p ) y ′ y α α z [ β ] = y [ α ] proba 1 / 2 ( 1 + ε ) z ′ [ β ] = y ′ [ α ] proba 1 / 2 ( 1 + ε ) proba 1 / 2 ( 1 + p ε 2 ) E ⊥ E ⊥ ( z ⊕ z ′ )[ β ] = γ [ α ] ◮ Distinguisher with complexity ≈ p − 2 ε − 4 z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  16. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x ◮ Query a pair ( x , x ′ = x ⊕ δ ) : E ⊤ E ⊤ y ⊕ y ′ = γ proba p γ ( y ⊕ y ′ )[ α ] = γ [ α ] proba ≈ 1 / 2 ( 1 + p ) y ′ y α α z [ β ] = y [ α ] proba 1 / 2 ( 1 + ε ) z ′ [ β ] = y ′ [ α ] proba 1 / 2 ( 1 + ε ) proba 1 / 2 ( 1 + p ε 2 ) E ⊥ E ⊥ ( z ⊕ z ′ )[ β ] = γ [ α ] ◮ Distinguisher with complexity ≈ p − 2 ε − 4 z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

  17. Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Differential-Linear Cryptanalysis δ x ′ x ◮ Query a pair ( x , x ′ = x ⊕ δ ) : E ⊤ E ⊤ y ⊕ y ′ = γ proba p γ ( y ⊕ y ′ )[ α ] = γ [ α ] proba ≈ 1 / 2 ( 1 + p ) y ′ y α α z [ β ] = y [ α ] proba 1 / 2 ( 1 + ε ) z ′ [ β ] = y ′ [ α ] proba 1 / 2 ( 1 + ε ) proba 1 / 2 ( 1 + p ε 2 ) E ⊥ E ⊥ ( z ⊕ z ′ )[ β ] = γ [ α ] ◮ Distinguisher with complexity ≈ p − 2 ε − 4 z ′ β z β Gaëtan Leurent (Inria, Paris) Differential-Linear Cryptanalysis of 7-round Chaskey Eurocrypt 2016 7 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and Linear Cryptanalysis Differential cryptanalysis Linear cryptanalysis Iterated block ciphers (DES,

910 views • 53 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Description of PRINT CIPHER Differential Cryptanalysis Computing roots of permutations Summary Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations Mohamed Abdelraheem, Gregor Leander and Erik Zenner DTU

639 views • 21 slides
New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 , Leibo Li 2 , Dawu Gu 1 , Xiaoyun Wang 2,3 , Zhiqiang Liu 1 , Jiazhe Chen 2 , Wei Li 4 1. Shanghai Jiao Tong University, 2. Shangdong University 3.

472 views • 25 slides
Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship between the difference of two inputs and the difference of the corresponding two outputs. - the difference M Z of two strings of bits Z and Z

556 views • 10 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES Lorenzo Grassi, IAIK, TU Graz (Austria) March, 2019 www.iaik.tugraz.at Motivation At Eurocrypt 2017, the first secret-key distinguisher for

576 views • 42 slides
Provable Security Against Differential and Linear Cryptanalysis Kaisa Nyberg Department of

Provable Security Against Differential and Linear Cryptanalysis Kaisa Nyberg Department of

Provable Security Against Differential and Linear Cryptanalysis Kaisa Nyberg Department of Information and Computer Science Aalto University FSE 2012 March 19, 2012 Introduction CRADIC Linear Hull SPN and Two Strategies Highly

757 views • 47 slides
Linear Statistics Jung-Keun Lee and Woo-Hwan Kim ETRI Our contribution improved and extended

Linear Statistics Jung-Keun Lee and Woo-Hwan Kim ETRI Our contribution improved and extended

FSE 2020 Multiple Linear Cryptanalysis Using Linear Statistics Jung-Keun Lee and Woo-Hwan Kim ETRI Our contribution improved and extended approach of multiple linear cryptanalysis[BCQ04] (exploit dominant statistically independent linear

714 views • 30 slides
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X. Standaert , J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL Belgium FSE 2008 Collard B. (UCL

448 views • 33 slides
Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work with Jian Guo and Ling Song Asiacrypt 2016 1/28 Outline Introduction SHA-3 hash function Linear Structures Linear structures of Keccak-f

474 views • 43 slides
Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree Center for Cybersecurity, Indian Institute of Technology Kanpur INDOCRYPT 2019, Hyderabad Outline 2 Introduction Hash function Structure of KECCAK

752 views • 50 slides
On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha 1 Yu Sasaki 2 Danping Shi 3,4 Ferdinand Sibleyras 5 Siwei Sun 3,4 Yingjie Zhang 3,4 1 de.ci.phe.red Lab, Department of Electrical Engineering and

444 views • 40 slides
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

1. Preliminaries 2. Differential-Linear Cryptanalysis: Previous and Our Methodologies 3. Application to 13 Rounds of the DES Block Cipher 4. Application to 10 Rounds of the CTC2 Block Cipher 5. Application to 12 Rounds of the Serpent Block

1.18k views • 25 slides
Improved Slender-set Linear Cryptanalysis Guo-Qiang Liu 1 Chen-Hui Jin 1 Chuan-Da Qi 2 1

Improved Slender-set Linear Cryptanalysis Guo-Qiang Liu 1 Chen-Hui Jin 1 Chuan-Da Qi 2 1

Introduction Our Contributions Conclusion Improved Slender-set Linear Cryptanalysis Guo-Qiang Liu 1 Chen-Hui Jin 1 Chuan-Da Qi 2 1 Information Science Technology Institute Zhengzhou, Henan, China 2 Xinyang Normal University Xinyang, Henan, China

1.23k views • 49 slides
Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 ,

Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 ,

Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 , Henri Gilbert 2 , Mara Naya-Plasencia 1 , Jean-Ren Reinhard 2 1 INRIA, France 2 ANSSI, France FSE 2014 - March 5, 2014 Canteaut, Fuhr, Gilbert,

507 views • 35 slides
W ORK R OUNDS S MALL G ROUP T EACHING S MALL G ROUP T EACHING B ringing B ringing E

W ORK R OUNDS S MALL G ROUP T EACHING S MALL G ROUP T EACHING B ringing B ringing E

W ORK R OUNDS W ORK R OUNDS S MALL G ROUP T EACHING S MALL G ROUP T EACHING B ringing B ringing E ducation & E ducation & S ervice S ervice T ogether T ogether Learning Objective Learning Objective After participating

190 views • 14 slides
Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen

Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen

Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen Overfitting Can Happen 30 25 test 20 error 15 (boosting stumps on heart-disease dataset) train 10 5 0 1 10 100 1000 # rounds

138 views • 3 slides
Locality lower bounds through round elimination D 1 Jukka Suomela U v 1 D 3 u Aalto

Locality lower bounds through round elimination D 1 Jukka Suomela U v 1 D 3 u Aalto

Locality lower bounds through round elimination D 1 Jukka Suomela U v 1 D 3 u Aalto University, Finland v 3 v 2 D 2 1 Joint work with Alkida Balliu Tuomo Lempiinen Sebastian Brandt Dennis Olivetti Orr Fischer

581 views • 57 slides
CS 204: Scheduling Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Scheduling Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Scheduling Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring16/ 1 Overview What is scheduling? Round robin Q: How should a Weighted round robin common resource be

558 views • 24 slides
Optimal Non-parametric Learning in Repeated Contextual Auctions with Strategic Buyer Alexey

Optimal Non-parametric Learning in Repeated Contextual Auctions with Strategic Buyer Alexey

Optimal Non-parametric Learning in Repeated Contextual Auctions with Strategic Buyer Alexey Drutsa Setup Repeated Contextual Posted-Price Auctions Different goods (e.g., ad spaces) described by -dimensional feature vectors (contexts)

377 views • 19 slides
Reserve Pricing in Repeated Second-Price Auctions with Strategic Bidders Alexey Drutsa Setup

Reserve Pricing in Repeated Second-Price Auctions with Strategic Bidders Alexey Drutsa Setup

Reserve Pricing in Repeated Second-Price Auctions with Strategic Bidders Alexey Drutsa Setup Second-Price (SP) Auction with Reserve Prices Setting A good (e.g., an ad space) is offered for sale by a seller to buyers Each buyer

602 views • 31 slides
Lower Bounds for Maximal Matchings and Maximal Independent Sets Alkida Balliu Aalto University,

Lower Bounds for Maximal Matchings and Maximal Independent Sets Alkida Balliu Aalto University,

Lower Bounds for Maximal Matchings and Maximal Independent Sets Alkida Balliu Aalto University, Finland Joint work with Sebastian Brandt ETH Zurich Juho Hirvonen Aalto University Dennis Olivetti Aalto University Mikal Rabie LIP6 -

937 views • 64 slides
Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik

Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik

Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik summer school 2016 1 / 44 Outline 1 Block ciphers and statistical attacks 2 Correlation basics 3 Wide trail strategy: strongly-aligned flavor

620 views • 59 slides

More recommend