Progress in Cryptology - INDOCRYPT 2010

Strong Pseudorandompermutations or SPRPs,which were introduced byLuby andRacko? [4], formalize the well established cryptographic notion ofblock ciphers.They provided a construction of SPRP, well known as LRconstruction, which was motivated by the structure of DES[6].The basicbuildingblock is the so called 2n-bit Feistel permutation (or LR round permutation) LR based F K on an n-bitpseudorandomfunction (PRF) F : K n LR (x ,x)=(F (x )?x ,x ),x ,x?{0,1} . F 1 2 K 1 2 1 1 2 K Theirconstruction consists (see Fig 1) offour rounds of Feistel permutations (or three rounds, for PRP), each round involves an application ofanindependent PRF(i.e.with independentrandomkeys K ,K ,K , and K ). More precisely, 1 2 3 4 LR and LR are PRP and SPRP respectively where K ,K ,K K ,K ,K ,K 1 2 3 1 2 3 4 LR := LR := LR (...(LR (·))...). K ,...,K F ,...,F F F 1 r K K K K r r 1 1 After this work, many results are known improvingperformance (reducingthe number of invocations of F )[5] and reducingthekey-sizes (i.e. reusingthe K roundkeys [7,8,10,12,11] orgenerate more keysfromsinglekey by usinga PRF[2]). However there are some limitations.Forexample,wecannotuseas few as single-keyLR (unless wetweak the roundpermutation) orasfew as two-roundsince they are not secure.Distinguishing attacks forsome other LR constructionsarealso known [8]. We list some oftheknow related results (see Table 1). Here all keys K ,K ,... are independently chosen.

Klappentext

This book constitutes the refereed proceedings of the 11th International Conference on Cryptology in India, INDOCRYPT 2010, held in Hyderabad, India, in December 2010. The 22 revised full papers were carefully reviewed and selected from 72 submissions. The papers are organized in topical sections on security of RSA and multivariate schemes; security analysis, pseudorandom permutations and applications; hash functions; attacks on block ciphers and stream ciphers; fast cryptographic computation; cryptanalysis of AES; and efficient implementation.

Inhalt
Invited Talk.- Getting a Few Things Right and Many Things Wrong.- Security of RSA and Multivariate Schemes.- Partial Key Exposure Attack on RSA Improvements for Limited Lattice Dimensions.- Towards Provable Security of the Unbalanced Oil and Vinegar Signature Scheme under Direct Attacks.- CyclicRainbow A Multivariate Signature Scheme with a Partially Cyclic Public Key.- Security Analysis, Pseudorandom Permutations and Applications.- Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols.- Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations.- The Characterization of Luby-Rackoff and Its Optimum Single-Key Variants.- Versatile Prêt à Voter: Handling Multiple Election Methods with a Unified Interface.- Invited Talk.- Cryptographic Hash Functions: Theory and Practice.- Hash Functions.- Cryptanalysis of Tav-128 Hash Function.- Near-Collisions for the Reduced Round Versions of Some Second Round SHA-3 Compression Functions Using Hill Climbing.- Speeding Up the Wide-Pipe: Secure and Fast Hashing.- Attacks on Block Ciphers and Stream Ciphers.- New Boomerang Attacks on ARIA.- Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers.- The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA.- Greedy Distinguishers and Nonrandomness Detectors.- Fast Cryptographic Computation.- Polynomial Multiplication over Binary Fields Using Charlier Polynomial Representation with Low Space Complexity.- Random Euclidean Addition Chain Generation and Its Application to Point Multiplication.- Cryptanalysis of AES.- Attack on a Higher-Order Masking of the AES Based on Homographic Functions.- Improved Impossible Differential Cryptanalysis of 7-Round AES-128.- Cryptanalysis ofa Perturbated White-Box AES Implementation.- Efficient Implementation.- A Program Generator for Intel AES-NI Instructions.- ECC2K-130 on NVIDIA GPUs.- One Byte per Clock: A Novel RC4 Hardware.