Authors:Miodrag Mihaljević, Sugata Gangopadhyay, Goutam Paul and Hideki Imai
This paper considers security implications of k-normal Boolean functions when they are employed in certain stream ciphers.
A generic algorithm is proposed for cryptanalysis of the considered class of stream ciphers based on a security weakness of
k-normal Boolean functions. The proposed algorithm yields a framework for mounting cryptanalysis against particular stream
ciphers within the considered class. Also, the proposed algorithm for cryptanalysis implies certain design guidelines for
avoiding certain weak stream cipher constructions. A particular objective of this paper is security evaluation of stream cipher
Grain-128 employing the developed generic algorithm. Contrary to the best known attacks against Grain-128 which provide complexity
of a secret key recovery lower than exhaustive search only over a subset of secret keys which is just a fraction (up to 5%)
of all possible secret keys, the cryptanalysis proposed in this paper provides significantly lower complexity than exhaustive
search for any secret key. The proposed approach for cryptanalysis primarily depends on the order of normality of the employed
Boolean function in Grain-128. Accordingly, in addition to the security evaluation insights of Grain-128, the results of this
paper are also an evidence of the cryptographic significance of the normality criteria of Boolean functions.
We demonstrate that in the present form the public key cryptosystem suggested by A. Pethő in [Pet91] is insecure – even if
the additional restriction from [Laš92] is imposed: using elementary linear algebra over the integers the private key or an
equivalent decryption key can often be revealed easily.
Since Gentry’s breakthrough result was introduced in the year 2009, the homomorphic encryption has become a very popular topic. The main contribution of Gentry’s thesis  was, that it has proven, that it actually is possible to design a fully homomorphic encryption scheme. However ground-breaking Gentry’s result was, the designs, that employ the bootstrapping technique suffer from terrible performance both in key generation and homomorphic evaluation of circuits. Some authors tried to design schemes, that could evaluate homomorphic circuits of arbitrarily many inputs without need of bootstrapping. This paper introduces the notion of symmetric homomorphic encryption, and analyses the security of four such proposals, published in three different papers (, , ). Our result is a known plaintext key-recovery attack on every one of these schemes.
HaF is a family of hash functions developed in Poland at Poznán University of Technology, see [1, 2]. It is a classical Merkle-Damgård construction with the output sizes of 256, 512 or 1024 bits. In this paper we present a collision attack with negligible complexity (collisions can be found without using a computer) for all the members of HaF family. We have also shown that the improved function (without the critical transformation) is still insecure. It is possible to find a preimage for a short message with the complexity lower than the exhaustive search. We are also able to create some fixed points with a complexity of single compression function call.
In this paper we look at the security of two block ciphers which were both claimed in the published literature to be secure
against differential crypt-analysis (DC). However, a more careful examination shows that none of these ciphers is very secure
against... differential cryptanalysis, in particular if we consider attacks with sets of differentials. For both these ciphers
we report new perfectly periodic (iterative) aggregated differential attacks which propagate with quite high probabilities.
The first cipher we look at is GOST, a well-known Russian government encryption standard. The second cipher we look at is
PP-1, a very recent Polish block cipher. Both ciphers were designed to withstand linear and differential cryptanalysis. Unhappily,
both ciphers are shown to be much weaker than expected against advanced differential attacks. For GOST, we report better and
stronger sets of differentials than the best currently known attacks presented at SAC 2000  and propose the first attack
ever able to distinguish 16 rounds of GOST from random permutation. For PP-1 we show that in spite of the fact, that its S-box
has an optimal theoretical security level against differential cryptanalysis , , our differentials are strong enough
to allow to break all the known versions of the PP-1 cipher.
In our constribution we explore a combination of local reduction with the method of syllogisms and the applications of generic
guessing strategies in the cryptanalysis of the block cipher GOST. Our experiments show that GOST with 64/128/256 bit key
requires at least 12/16/22 rounds to achieve full bit security against the method of syllogisms combined with the “maximum
We analyze the effect of data-compression on security of encryption both from theoretical and practical point of view. It is demonstrated that data-compression essentially improves the security of encryption, helps to overcome technical difficulties. On the other side, it makes crypt-analysis more difficult and causes extra problems. At present data-compression applied rarely and frequently defectively. We propose a method which eliminates the negative effects. Our aim is initiate data compression as an aid for data security. To this end we provide an overview of the most frequently used cryptographic protocols. A comparison with encryption software reveals that even the most frequently used protocols do not support encryption and compression.