Multiplicative complexity is the minimum number of AND-gates required to implement a given Boolean function in (AND, XOR) algebra. It is a good measure of a hardware complexity of an S-box, but an S-box cannot have too low multiplicative complexity due to security constraints. In this article we focus on generic constructions that can be used to find good n×n S-boxes with low multiplicative complexity. We tested these constructions in the specific case when n = 8. We were able to find 8 × 8 S-boxes with multiplicative complexity at most 16 (which is half of the known bound on multiplicative complexity of the AES S-box), while providing a reasonable resistance against linear and differential cryptanalysis.
Authors:Tommi Meskanen, Valtteri Niemi, and Noora Nieminen
The methods for secure outsourcing and secure one-time programs have recently been of great research interest. Garbling schemes are regarded as a promising technique for these applications while Bellare, Hoang and Rogaway introduced the first formal security notions for garbling schemes in [3, 4]. Ever since, even more security notions have been introduced and garbling schemes have been categorized in different security classes according to these notions. In this paper, we introduce new security classes of garbling schemes and build a hierarchy for the security classes including the known classes as well as classes introduced in this paper.
The modified method of estimation of the resistance of block ciphers to truncated byte differential attack is proposed. The previously known method estimate the truncated byte differential probability for Rijndael-like ciphers. In this paper we spread the sphere of application of that method on wider class of ciphers. The proposed method based on searching the most probable truncated byte differential characteristics and verification of sufficient conditions of effective byte differentials absence.
HaF is a family of hash functions developed in Poland at Poznán University of Technology, see [1, 2]. It is a classical Merkle-Damgård construction with the output sizes of 256, 512 or 1024 bits. In this paper we present a collision attack with negligible complexity (collisions can be found without using a computer) for all the members of HaF family. We have also shown that the improved function (without the critical transformation) is still insecure. It is possible to find a preimage for a short message with the complexity lower than the exhaustive search. We are also able to create some fixed points with a complexity of single compression function call.
Given a graph
, a perfect secret sharing scheme based on
is a method to distribute a secret data among the vertices of
, so that a subset of participants can recover the secret if they contain an edge of
, otherwise they can obtain no information regarding the key. The average information rate is the ratio of the size of the secret and the average size of the share a participant must remember. The information rate of
is the supremum of the information rates realizable by perfect secret sharing schemes.Based on the entropy-theoretical arguments due to Capocelli et al , and extending the results of M. van Dijk  and Blundo et al , we construct a graph
vertices with average information rate below < 4/log
. We obtain this result by determining, up to a constant factor, the average information rate of the
The main aim of this paper is to present the concept of fault-injection backdoors in Random Number Generators. Backdoors can be activated by fault-injection techniques. Presented algorithms can be used in embedded systems like smart-cards and hardware security modules in order to implement subliminal channels in random number generators.
Authors:Nicolas T. Courtois, Theodosis Mourouzis, Anna Grocholewska-Czuryło, and Jean-Jacques Quisquater
Differential Cryptanalysis (DC) is one of the oldest known attacks on block ciphers. DC is based on tracking of changes in the differences between two messages as they pass through the consecutive rounds of encryption. However DC remains very poorly understood. In his textbook written in the late 1990s Schneier wrote that against differential cryptanalysis, GOST is “probably stronger than DES”. In fact Knudsen have soon proposed more powerful advanced differential attacks however the potential space of such attacks is truly immense. To this day there is no method which allows to evaluate the security of a cipher against such attacks in a systematic way. Instead, attacks are designed and improved in ad-hoc ways with heuristics [6–13,21]. The best differential attack known has time complexity of 2179 .
In this paper we show that for a given block cipher there exists an optimal size for advanced differential properties. This new understanding allows to considerably reduce the space to be searched for “good” truncated differential properties suitable for an attack.