How to Abuse and Fix Authenticated Encryption Without Key Commitment
Authenticated encryption (AE) is used in a wide variety of applications, potentially in settings for which it was not originally …
The SPHINCS+ Signature Framework
We introduce SPHINCS+, a stateless hash-based signature framework. SPHINCS+ has significant advantages over the state of the art in …
ShiftRows Alternatives for AES-like Ciphers and Optimal Cell Permutations for Midori and Skinny
We study possible alternatives for ShiftRows to be used as cell permutations in AES-like ciphers. As observed during the design process …
Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis
Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on …
Finding Integral Distinguishers with Ease
The division property method is a technique to determine integral distinguishers on block ciphers. While the complexity of finding …
Putting Wings on SPHINCS
SPHINCS is a recently proposed stateless hash-based signature scheme and promising candidate for a post-quantum secure digital …
Gimli: a cross-platform permutation
This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of …
Haraka - Efficient Short-Input Hashing for Post-Quantum Applications
Recently, many efficient cryptographic hash function design strategies have been explored, not least because of the SHA-3 competition. …
Troika: a ternary cryptographic hash function
Linear codes over finite fields are one of the most well-studied areas in coding theory. While codes over finite fields of …
The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS
We present a new tweakable block cipher family SKINNY, whose goal is to compete with NSA recent design SIMON in terms of …
A Brief Comparison of Simon and Simeck
Simeck is a new lightweight block cipher design based on combining the design principles of the Simon and Speck block cipher. While the …
State-recovery analysis of Spritz
RC4 suffered from a range of plaintext-recovery attacks using statistical biases, which use substantial, albeit close-to-practical, …
Observations on the SIMON block cipher family
In this paper we analyse the general class of functions underlying the Simon block cipher. In particular, we derive efficiently …
Security of AES with a Secret S-box
How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? Would …
Practical Attacks on AES-like Cryptographic Hash Functions
Despite the great interest in rebound attacks on AES-like hash functions since 2009, we report on a rather generic, albeit …
Differential Cryptanalysis of Keccak Variants
In October 2012, NIST has announced Keccak as the winner of the SHA-3 cryptographic hash function competition. Recently, at CT-RSA …
Practical Attacks on the Maelstrom-0 Compression Function
In this paper we present attacks on the compression function of Maelstrom-0. It is based on the Whirlpool hash function standardized by …
