Topic
Round function
About: Round function is a research topic. Over the lifetime, 203 publications have been published within this topic receiving 2794 citations.
Papers published on a yearly basis
Papers
More filters
02 Jan 1994
TL;DR: In this paper an algorithm is described that finds collisions for the compression function of MD5 and results in an approximate relation between any four consecutive additive constants.
Abstract: At Crypto '91 Ronald L. Rivest introduced the MD5 Message Digest Algorithm as a strengthened version of MD4, differing from it on six points. Four changes are due to the two existing attacks on the two round versions of MD4. The other two changes should additionally strengthen MD5. However both these changes cannot be described as well-considered. One of them results in an approximate relation between any four consecutive additive constants. The other allows to create collisions for the compression function of MD5. In this paper an algorithm is described that finds such collisions.A C program implementing the algorithm establishes a work load of finding about 216 collisions for the first two rounds of the MD5 compression function to find a collision for the entire four round function. On a 33MHz 80386 based PC the mean run time of this program is about 4 minutes.
258 citations
Journal Article•
TL;DR: An algorithm is described that establishes a work load of about 2 collisions for the first two rounds of the MD5 compression function to a collision for the entire four round function.
Abstract: At Crypto '91 Ronald L. Rivest introduced the MD5 Message Digest Algorithm as a strengthened version of MD4, differing from it on six points. Four changes are due to the two existing attacks on the two round versions of MD4. The other two changes should additionally strengthen MD5. However both these changes cannot be described as well-considered. One of them results in an approximate relation between any four consecutive additive constants. The other allows to create collisions for the compression function of MD5. In this paper an algorithm is described that finds such collisions.A C program implementing the algorithm establishes a work load of finding about 216 collisions for the first two rounds of the MD5 compression function to find a collision for the entire four round function. On a 33MHz 80386 based PC the mean run time of this program is about 4 minutes.
175 citations
Posted Content•
TL;DR: AEZ as mentioned in this paper is a robust authenticated-encryption scheme from the AES round function, which can achieve a peak speed of about 0.7 cpb on the Haswell standard.
Abstract: With a scheme for robust authenticated-encryption a user can select an arbitrary value \(\lambda \!\ge 0\) and then encrypt a plaintext of any length into a ciphertext that’s \(\lambda \) characters longer. The scheme must provide all the privacy and authenticity possible for the requested \(\lambda \). We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call prove-then-prune: prove security and then instantiate with a scaled-down primitive (e.g., reducing rounds for blockcipher calls).
119 citations
08 Sep 2003
TL;DR: Parity code based concurrent error detection (CED) approach against such attacks in substitution-permutation network (SPN) symmetric block ciphers [22] is described.
Abstract: Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. In this paper we will describe parity code based concurrent error detection (CED) approach against such attacks in substitution-permutation network (SPN) symmetric block ciphers [22]. The basic idea compares a carefully modified parity of the input plain text with that of the output cipher text resulting in a simple CED circuitry. An analysis of the SPN symmetric block ciphers reveals that on one hand, permutation of the round outputs does not alter the parity from its input to its output. On the other hand, exclusive-or with the round key and the non-linear substitution function (s-box) modify the parity from their inputs to their outputs. In order to change the parity of the inputs into the parity of outputs of an SPN encryption, we exclusive-or the parity of the SPN round function output with the parity of the round key. We also add to all s-boxes an additional 1-bit binary function that implements the combined parity of the inputs and outputs to the s-box for all its (input, output) pairs. These two modifications are used only by the CED circuitry and do not impact the SPN encryption or decryption. The proposed CED approach is demonstrated on a 16-input, 16-output SPN symmetric block cipher from [1].
119 citations
26 Apr 2015
TL;DR: AEZ as mentioned in this paper is a robust authenticated-encryption scheme from the AES round function, which can achieve a peak speed of about 0.7 cpb on the Haswell standard.
Abstract: With a scheme for robust authenticated-encryption a user can select an arbitrary value \(\lambda \!\ge 0\) and then encrypt a plaintext of any length into a ciphertext that’s \(\lambda \) characters longer. The scheme must provide all the privacy and authenticity possible for the requested \(\lambda \). We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call prove-then-prune: prove security and then instantiate with a scaled-down primitive (e.g., reducing rounds for blockcipher calls).
107 citations