Håvard Raddum

Bio: Håvard Raddum is an academic researcher from University of Bergen. The author has contributed to research in topics: Block cipher & Cryptanalysis. The author has an hindex of 13, co-authored 51 publications receiving 545 citations. Previous affiliations of Håvard Raddum include Simula Research Laboratory.

Bit-Pattern Based Integral Attack

Abstract: Integral attacks are well-known to be effective against byte-based block ciphers. In this document, we outline how to launch integral attacks against bit-based block ciphers. This new type of integral attack traces the propagation of the plaintext structure at bit-level by incorporating bit-pattern based notations. The new notation gives the attacker more details about the properties of a structure of cipher blocks. The main difference from ordinary integral attacks is that we look at the pattern the bits in a specific position in the cipher block has through the structure. The bit-pattern based integral attack is applied to Noekeon, Serpent and present reduced up to 5, 6 and 7 rounds, respectively. This includes the first attacks on Noekeon and present using integral cryptanalysis. All attacks manage to recover the full subkey of the final round.

Weaknesses in the temporal key hash of WPA

Abstract: This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key. This is not a practical attack on WPA, but it shows that parts of WPA are weak on their own. Using this attack it is possible to do a TK recovery attack on WPA with complexity O(2105) compared to a brute force attack with complexity O (2128).

Solving Multiple Right Hand Sides linear equations

Abstract: A new method for solving algebraic equation systems common in cryptanalysis is proposed. Our method differs from the others in that the equations are not represented as multivariate polynomials, but as a system of Multiple Right Hand Sides linear equations. The method was tested on scaled versions of the AES. The results overcome significantly what was previously achieved with Grobner Basis related algorithms.

More dual rijndaels

Abstract: It is well known that replacing the irreducible polynomial used in the AES one can produce 240 dual ciphers. In this paper we present 9120 other representations of GF(2 8 ), producing more ciphers dual to the AES. We also show that if the matrix used in the S-box of Rijndael is linear over a larger field than GF(2), this would have implications for the XSL attack.

PORs: Proofs of Retrievability for Large Files

Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

Traitor Tracing with constant transmission rate

Abstract: An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is known from the introduction of Traitor Tracing by Chor, Fiat and Naor. We refer to such schemes as traitor tracing with constant transmission rate. Here we present a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficiently large. Our starting point is the notion of copyrighted function which was presented by Naccache, Shamir and Stern. We first solve the open problem of discrete-log-based and public-key-based copyrighted function. Then, we observe the simple yet crucial relation between (public-key) copyrighted encryption and (public-key) traitor tracing, which we exploit by introducing a generic design paradigm for designing constant transmission rate traitor tracing schemes based on copyrighted encryption functions. Our first scheme achieves the same expansion efficiency as regular ElGamal encryption. The second scheme introduces only a slightly larger (constant) overhead, however, it additionally achieves efficient black-box traitor tracing (against any pirate construction).

A provable-security treatment of the key-wrap problem

Abstract: We give a provable-security treatment for the key-wrap problem, providing definitions, constructions, and proofs. We suggest that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), a notion that we put forward. We also provide an alternative notion, a pseudorandom injection (PRI), which we prove to be equivalent. We provide a DAE construction, SIV, analyze its concrete security, develop a blockcipher-based instantiation of it, and suggest that the method makes a desirable alternative to the schemes of the X9.102 draft standard. The construction incorporates a method to turn a PRF that operates on a string into an equally efficient PRF that operates on a vector of strings, a problem of independent interest. Finally, we consider IV-based authenticated-encryption (AE) schemes that are maximally forgiving of repeated IVs, a goal we formalize as misuse-resistant AE. We show that a DAE scheme with a vector-valued header, such as SIV, directly realizes this goal.

Using Algebraic Geometry

Abstract: Thank you for downloading using algebraic geometry. As you may know, people have search numerous times for their chosen readings like this using algebraic geometry, but end up in malicious downloads. Rather than enjoying a good book with a cup of tea in the afternoon, instead they juggled with some infectious virus inside their computer. using algebraic geometry is available in our book collection an online access to it is set as public so you can download it instantly. Our digital library hosts in multiple countries, allowing you to get the most less latency time to download any of our books like this one. Kindly say, the using algebraic geometry is universally compatible with any devices to read.