[crypto] Fwd: [risc-list] RISC at CWI (Fri Feb 10): Optimal Trails in ARX Ciphers: A New Search Technique and Applications
R. Hirschfeld
ray at unipay.nl
Wed Feb 8 00:04:57 CET 2017
-------- Original Message --------
Subject: [risc-list] RISC at CWI (Fri Feb 10): Optimal Trails in ARX
Ciphers: A New Search Technique and Applications
Date: 2017-02-07 22:30
From: Marc Stevens <marc.stevens at cwi.nl>
To: risc-list at cwi.nl
Dear Colleagues,
we cordially invite you to to a RISC Seminar taking place at CWI
* Friday February 10th, 2017, from 15:30 to 16:15 *
* in CWI, Amsterdam, Room L017 *
Talk:
Vesselin Velichkov (University of Luxembourg, LACS),
*Optimal Trails in ARX Ciphers: A New Search Technique and Applications*
Abstract:
ARX is a class of symmetric-key algorithms based on the simple
arithmetic operations: modular addition, bitwise rotation and
exclusive-OR. The first such designs date back to the 80s with the
proposal of the block cipher FEAL (1987). Other notable examples are the
block ciphers RC5 (1994), TEA (1994), SPECK (2013) and LEA (2013); the
stream ciphers Salsa20 and ChaCha (2008); the hash functions BLAKE
(2008) and Skein (2008) and the MAC algorithm Chaskey (2014). ARX
algorithms owe their popularity to their simplicity and efficiency
(especially in software), combined with good security properties. In
spite of their excellent characteristics, ARX designs suffer from a
major drawback: the theory for their analysis is significantly less
developed than their S-box based counterparts such as the AES. In
particular, no methods exist for proving the security of ARX against two
of the most powerful cryptanalytic techniques -- differential and linear
cryptanalysis. In this talk we describe a new algorithm for finding
differential and linear trails in ARX. It is based on a Matsui-like
branch-and-bound search strategy, does not use any heuristics and
computes optimal results. Two practical applications of the technique
are demonstrated. First, it is applied to block cipher SPECK and the
best differential trails on reduced round versions are reported. Second,
the technique is applied in the design of SPARX -- the first ARX cipher
with provable resistance against single-trail differential and linear
cryptanalysis.
See you then and there!
Best regards,
Marc Stevens
_______________________________________________
risc-list mailing list
risc-list at cwi.nl
https://lists.cwi.nl/mailman/listinfo/risc-list
More information about the crypto
mailing list