A short-input hash function optimized for high performance on platforms supporting [AES-NI](https://en.wikipedia.org/wiki/AES_instruction_set). Used in [SPHINCS+](https://sphincs.org/) and [Gravity-SPHINCS](https://github.com/gravity-postquantum/gravity-sphincs).
A cipher designed for efficient software implementations with strong side-channel protections submitted to the [NIST Lightweight Project](https://csrc.nist.gov/projects/lightweight-cryptography).
A lightweight tweakable block cipher with strong security guarantees. Submitted to the [NIST Lightweight Project](https://csrc.nist.gov/projects/lightweight-cryptography).
Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai …
Simeck is a new lightweight block cipher design based on combining the design principles of the Simon and Speck block cipher. While the design allows a smaller and more efficient hardware implementation, its security margins are not well understood. …
RC4 suffered from a range of plaintext-recovery attacks using statistical biases, which use substantial, albeit close-to-practical, amounts of known keystream in applications such as TLS or WEP/WPA. Spritz was recently proposed at the rump session of …
In this paper we analyse the general class of functions underlying the Simon block cipher. In particular, we derive efficiently computable and easily implementable expressions for the exact differential and linear behaviour of Simon-like round …
How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds? In this paper, we demonstrate attacks based on integral …