[crypto] Fwd: [risc-list] RISC at CWI (Fri Feb 10): Optimal Trails in ARX Ciphers: A New Search Technique and Applications

R. Hirschfeld ray at unipay.nl
Wed Feb 8 00:04:57 CET 2017 


-------- Original Message --------
Subject: [risc-list] RISC at CWI (Fri Feb 10): Optimal Trails in ARX 
Ciphers: A New Search Technique and Applications
Date: 2017-02-07 22:30
 From: Marc Stevens <marc.stevens at cwi.nl>
To: risc-list at cwi.nl

Dear Colleagues,

we cordially invite you to to a RISC Seminar taking place at CWI

	 * Friday February 10th, 2017, from 15:30 to 16:15 *
		 * in CWI, Amsterdam, Room L017 *

Talk:
Vesselin Velichkov (University of Luxembourg, LACS),
*Optimal Trails in ARX Ciphers: A New Search Technique and Applications*

Abstract:
ARX is a class of symmetric-key algorithms based on the simple 
arithmetic operations: modular addition, bitwise rotation and 
exclusive-OR. The first such designs date back to the 80s with the 
proposal of the block cipher FEAL (1987). Other notable examples are the 
block ciphers RC5 (1994), TEA (1994), SPECK (2013) and LEA (2013); the 
stream ciphers Salsa20 and ChaCha (2008); the hash functions BLAKE 
(2008) and Skein (2008) and the MAC algorithm Chaskey (2014). ARX 
algorithms owe their popularity to their simplicity and efficiency 
(especially in software), combined with good security properties. In 
spite of their excellent characteristics, ARX designs suffer from a 
major drawback: the theory for their analysis is significantly less 
developed than their S-box based counterparts such as the AES. In 
particular, no methods exist for proving the security of ARX against two 
of the most powerful cryptanalytic techniques -- differential and linear 
cryptanalysis. In this talk we describe a new algorithm for finding 
differential and linear trails in ARX. It is based on a Matsui-like 
branch-and-bound search strategy, does not use any heuristics and 
computes optimal results. Two practical applications of the technique 
are demonstrated. First, it is applied to block cipher SPECK and the 
best differential trails on reduced round versions are reported. Second, 
the technique is applied in the design of SPARX -- the first ARX cipher 
with provable resistance against single-trail differential and linear 
cryptanalysis.

See you then and there!

Best regards,
Marc Stevens


_______________________________________________
risc-list mailing list
risc-list at cwi.nl
https://lists.cwi.nl/mailman/listinfo/risc-list

More information about the crypto mailing list