relaxing full codebook security a refined analysis of key
play

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length - PowerPoint PPT Presentation

Nov 30, 2023 •322 likes •1.35k views

Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1 Jooyoung Lee 2 Yannick Seurin 3 John Steinberger 4 Stefano

  1. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Ideal Cipher Model (ICM) k We will model the underlying block cipher E as an ideal cipher y x E Ideal Block Cipher Model • family of uniformly random permutations E k ( · ) • independent for each key • given as an oracle to all parties (incl. adversaries) Generic Security • attacks cannot exploit any weakness of E ⇒ “generic” attacks Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 7 / 29

  2. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Ideal Cipher Model (ICM) k We will model the underlying block cipher E as an ideal cipher y x E Ideal Block Cipher Model • family of uniformly random permutations E k ( · ) • independent for each key • given as an oracle to all parties (incl. adversaries) Generic Security • attacks cannot exploit any weakness of E ⇒ “generic” attacks Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 7 / 29

  3. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  4. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  5. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  6. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  7. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  8. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  9. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  10. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n this work κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  11. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 10 / 29

  12. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Randomized Key-Length Extension Schemes Very general class abiding to the following structure: k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z • the ρ i ’s are keyed permutations, potentially very simple (e.g. ρ i z ( x ) = x ⊕ z ) • encryption keys φ 1 ( k ) , . . . , φ r ( k ) can be deterministically related or independent Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 11 / 29

  13. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  14. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  15. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  16. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  17. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  18. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  19. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  20. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  21. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  22. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 14 / 29

  23. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  24. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  25. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  26. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  27. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z z y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  28. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  29. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  30. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  31. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  32. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n 2XOR • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  33. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n 2XOR • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  34. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  35. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps z z z y x P 1 P 2 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  36. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps z z z y x P 1 P 2 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  37. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  38. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  39. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  40. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR Gaži’s generic attack [Gaz13] κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  41. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) κ + n 3XOR Gaži’s generic attack [Gaz13] Insec. ? κ + 3 n 4 κ + 2 n 3 Sec. ? κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  42. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying φ ( k ) k z z z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  43. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  44. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  45. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  46. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  47. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) z 0 z 1 z r y x P 1 P 2 P r Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  48. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  49. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  50. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  51. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  52. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  53. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  54. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  55. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 21 / 29

  56. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  57. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  58. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  59. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  60. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E E E E E • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  61. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E ′ E E ′ E E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  62. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E ′ E E ′ E E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  63. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  64. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  65. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  66. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  67. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  68. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  69. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ ? 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  70. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) κ + n κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  71. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  72. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  73. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  74. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 3XOR 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  75. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 3XOR 4 2-r. xor-cascade (tight) κ + 2 n 3 (ind. whit. keys) κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  76. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  77. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  78. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  79. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  80. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The end. . . Thanks for your attention! Comments or questions? Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 27 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the Generations & Gender Programme Arianna Caporali arianna.caporali@ined.fr Institut national dtudes dmographiques, INED Abstract In

458 views • 13 slides
On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha 1 Yu Sasaki 2 Danping Shi 3,4 Ferdinand Sibleyras 5 Siwei Sun 3,4 Yingjie Zhang 3,4 1 de.ci.phe.red Lab, Department of Electrical Engineering and

444 views • 40 slides
2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of

2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of

2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of source encoding: 1. Codebook methods: Symbols ( S ) Codewords ( W ) - Implicit / explicit codebook - Static / dynamic codebook -

413 views • 12 slides
Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, Hovav Shacham How many people been through airport security in the USA? TSA

733 views • 16 slides
Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt zu Kiel Faculty of Engineering Institute of Electrical and Information Engineering Digital Signal Processing and System Theory Codebook Training

698 views • 47 slides
An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods

An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods

An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods Lingfei Wu Department of Computer Science College of William and Mary Advisor: Professor Andreas Stathopoulos March 18, 2015 SIAM CSE15 1 / 13

474 views • 13 slides
Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana

Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana

Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana University of Southampton & InterDigital Supervisors: Mohammed El-Hajjar , Ping-Heng Kuo , Alain Mourad , Lajos Hanzo

404 views • 18 slides
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen , Victor van der Veen , Asia Slowinska , Herbert Bos Vrije Universiteit Amsterdam Lastline, Inc. USENIX Security 2016

508 views • 19 slides
But amidst this relaxing, serene beauty, big problems are revealed the next day Difficult to

But amidst this relaxing, serene beauty, big problems are revealed the next day Difficult to

Deciphering my new onset Brain Fog Mark Drangsholt, D.D.S. M.P.H, Ph.D. Professor and Chair Department of Oral Medicine University of Washington Seattle USA drangs@uw.edu But amidst this relaxing, serene beauty, big problems are

804 views • 33 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann

Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann

Outline Introduction System Description Bound Results Closure Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann A. Briffa 2 1 Department of Communications and Computer Engineering University

632 views • 29 slides
Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job

Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job

Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job The DBS Tradesman App can be found on the DBS Portal by clicking on this Yellow box that appears on the right hand side of the Logon page on your

388 views • 35 slides
Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

HAL Id: hal-00645333 scientifjques de niveau recherche, publis ou non, with Clock Abstraction. Hardware Design and Functional Languages Workshop, Mar 2009, York, Albert Cohen, Louis Mandel, Florence Plateau, Marc Pouzet. Relaxing Synchronous

490 views • 19 slides
NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine

NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine

NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine of the future will see the expression of a new "refined rusticity", to seek in modern memories and emotions of the past . Enjoy the

282 views • 9 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz

Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz

Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz Saghafi Using Spatio-temporal Features Action recognition using silhouettes or optical flow encounters difficulties when dealing with non-uniform

556 views • 27 slides
Overview Overview Overview How EFS Works Recovery Basics Windows 2000 Standalone

Overview Overview Overview How EFS Works Recovery Basics Windows 2000 Standalone

25. DECUS Mnchen e.V. Symposium 2002 2C02 EFS / Recovery Josef Beeking Compaq Computer GmbH Overview Overview Overview How EFS Works Recovery Basics Windows 2000 Standalone Scenarios Windows 2000 Domain Scenarios Windows

410 views • 29 slides
r r rt

r r rt

r r rt r t s rt rt Pr

631 views • 41 slides
Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren Rinne, Thomas Eisenbarth, and Christof Paar Horst Grtz Institute for IT Security Ruhr-Universitt Bochum, Germany 11.06.2007 SPEED Workshop,

469 views • 18 slides
New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K. Schramm Workshop on Fast Software Encryption 2007 Outline Introduction Why lightweight? Why choose DES? DESL: DES Lightweight Why change DES?

364 views • 12 slides
CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Investigative Process Analysis Framework last week File Systems File

795 views • 50 slides
On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

Introduction Related-Key Attacks Chosen-Key Attacks Conclusion On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks Benot Cogliati 1 and Yannick Seurin 2 1 Versailles University, France 2

1.23k views • 94 slides
r r

r r

r r ss s sr rtt tr

1.21k views • 96 slides
1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and

1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and

1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and Previous Results 4. Extreme Coefficients 5. 2 Closed Forms from Recursions 6. Q-Analogues 7. Q-statistic 8. Unanswered Questions Notion of a

464 views • 31 slides

More recommend