Table of contents

  • This session has been presented June 13, 2008.

Description

  • Speaker

    Orr Dunkelman - ENS-chaire France Telecom

Time-Memory Tradeoff (TMTO) attacks on stream ciphers are a serious security threat and the resistance to this class of attacks is an important criterion in the design of a modern stream cipher. TMTO attacks are especially effective against stream ciphers where a variant of the TMTO attack can make use of multiple data to reduce the off-line and the on-line time complexities of the attack (given a fixed amount of memory).<br/> In this talk we present a new approach to TMTO attacks against stream ciphers using a publicly known initial value (IV): We suggest not to treat the IV as part of the secret key material (as done in current attacks), but rather to choose in advance some IVs and apply a TMTO attack to streams produced using these IVs. We show that while the obtained tradeoff curve is identical to the curve obtained by the current approach, the new technique allows to mount the TMTO attack in a larger variety of settings. For example, if both the secret key and the IV are of length $n$, it is possible to mount an attack with data, time, and memory complexities of 2^{4n/5}, while in the current approach, either the time complexity or the memory complexity is not less than 2^n. We conclude that if the IV length of a stream cipher is less than 1.5 times the key length, there exists an attack on the cipher with data, time, and memory complexities less than the complexity of exhaustive key search.<br/> This is a joint work with Nathan Keller.

Next sessions

  • SoK: Security of the Ascon Modes

    • June 20, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Charlotte Lefevre - Radboud University

    The Ascon authenticated encryption scheme and hash function of Dobraunig et al (Journal of Cryptology 2021) were recently selected as winner of the NIST lightweight cryptography competition. The mode underlying Ascon authenticated encryption (Ascon-AE) resembles ideas of SpongeWrap, but not quite, and various works have investigated the generic security of Ascon-AE, all covering different attack[…]

  • Comprehensive Modelling of Power Noise via Gaussian Processes with Applications to True Random Number Generators

    • June 27, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Maciej Skorski - Laboratoire Hubert Curien

    The talk examines power noise modelling through Gaussian Processes for secure True Random Number Generators.   While revisiting one-sided fractional Brownian motion, we obtain novel contributions by quantifying posterior uncertainty in exact analytical form, establishing quasi-stationary properties, and developing rigorous time-frequency analysis. These results are applied to model oscillator[…]

    • Cryptography

    • TRNG

  • CryptoVerif: a computationally-sound security protocol verifier

    • September 05, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]

    • Cryptography

Show previous sessions
Page top