References of "Shamir, Adi"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSummary of an Open Discussion on IoT and Lightweight Cryptography
Shamir, Adi; Biryukov, Alex UL; Perrin, Léo Paul UL

in Proceedings of Early Symmetric Crypto workshop, 2017 (2017, April)

This is a summary of the open discussion on IoT security and regulation which took place at the Early Symmetric Crypto (ESC) seminar. Participants have identified that IoT poses critical threat to ... [more ▼]

This is a summary of the open discussion on IoT security and regulation which took place at the Early Symmetric Crypto (ESC) seminar. Participants have identified that IoT poses critical threat to security and privacy. It was agreed that government regulation and dialogue of security researchers with engineers and manufacturers is necessary in order to find proper control mechanisms. [less ▲]

Detailed reference viewed: 800 (14 UL)
Full Text
Peer Reviewed
See detailStructural Cryptanalysis of SASAS
Biryukov, Alex UL; Shamir, Adi

in Journal of Cryptology (2010), 23(4), 505-518

In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including ... [more ▼]

In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 2^16 chosen plaintexts and a few seconds on a single PC to find the 2^17 bits of information in all the unknown elements of the scheme. [less ▲]

Detailed reference viewed: 90 (3 UL)
Full Text
Peer Reviewed
See detailKey Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds
Biryukov, Alex UL; Dunkelman, Orr; Keller, Nathan et al

in EUROCRYPT 2010 (2010)

AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10 ... [more ▼]

AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). While for AES-128, there are no known attacks faster than exhaustive search, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2^176 and 2^99.5 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems. In this paper we aim to increase our understanding of AES security, and we concentrate on attacks with practical complexity, i.e., attacks that can be experimentally verified. We show attacks on reduced-round variants of AES-256 with up to 10 rounds with complexity which is feasible. One of our attacks uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2^120 time). Another attack can break a 10-round version of AES-256 in 2^45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2^172 time). While the full AES-256 cannot be directly broken by these attacks, the fact that 10 rounds can be broken with such a low complexity raises serious concerns about the remaining safety margin offered by AES-256. [less ▲]

Detailed reference viewed: 145 (0 UL)