cryptanalysis of the 10 round hash and full compression
play

Cryptanalysis of the 10-Round Hash and Full Compression Function of - PowerPoint PPT Presentation

Oct 22, 2022 •356 likes •822 views

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga eten Leurent 2 , Florian Mendel 3 , Mar a Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl affer 3 , 1

  1. Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga¨ eten Leurent 2 , Florian Mendel 3 , Mar´ ıa Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl¨ affer 3 , 1 Department of Mathematics, DTU, Denmark, 2 ENS, France, 3 IAIK, TU Graz, Austria, 4 FHNW Windisch, Switzerland, 5 Ingenico, France, 6 ESAT/COSIC, K.U.Leuven and IBBT, Belgium Africacrypt 2010 (initially discussed at ECRYPT2 Hash3 workshop) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 1 / 31

  2. Outline Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 2 / 31

  3. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 3 / 31

  4. Cryptographic Hash Function n ∗ m h ( m ) h Hash function h maps arbitrary length input m to n -bit output h ( m ) Collision Resistance find m , m ′ with m � = m ′ and h ( m ) = h ( m ′ ) birthday attack applies (freedom to choose h ( m ) ) generic complexity: 2 n / 2 Second-Preimage Resistance given m , h ( m ) find m ′ with m � = m ′ and h ( m ) = h ( m ′ ) generic complexity: 2 n Preimage Resistance given h ( m ) find m generic complexity: 2 n Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 4 / 31

  5. Hash Function Cryptanalysis Recent improvements in hash functions cryptanalysis last decade: major weaknesses in many hash functions especially in MD-family of hash functions NIST standard SHA-1 broken NIST SHA-3 competition [Nat07] (2008-2012) find a successor of SHA-1 and SHA-2 similar as AES competition (2000) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 5 / 31

  6. SHA-3 Candidates 64 submissions to NIST call (October 2008) 51 round 1 candidates (December 2008) many broken, too slow, not chosen, ... 14 round 2 candidates (August 2009) chosen by NIST, tweaks allowed 5 finalists (fall 2010) to focus analysis choose winner in 2011 standardize SHA-3 in 2012 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 6 / 31

  7. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  8. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Attacks on Hash Function same requirements for all candidates a lot easier to compare attacks on reduced hash function? still hard to compare different security parameter(s) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  9. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Attacks on Hash Function same requirements for all candidates a lot easier to compare attacks on reduced hash function? still hard to compare different security parameter(s) Collection of SHA-3 Attacks: http://ehash.iaik.tugraz.at/wiki/The SHA-3 Zoo Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  10. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 8 / 31

  11. Description of SHAvite-3-512 M 1 M 2 M 3 M t f f f f H ( m ) IV n n n n cnt salt cnt salt cnt salt cnt salt Designed by Orr Dunkelman and Eli Biham [BD08] Round 2 candidate tweaked Iterated hash function single-pipe construction Haifa design principle Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 9 / 31

  12. SHAvite-3-512 Compression Function h i − 1 M i cnt salt state key update schedule h i block cipher in Davies-Meyer mode state update: 14-round Feistel network (F-function: 4 AES rounds) key schedule: parallel AES rounds with linear mixing layers Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 10 / 31

  13. State Update A i B i C i D i F i F ′ i RK i RK ′ i A i + 1 B i + 1 C i + 1 D i + 1 F i ( x ) = AES ( AES ( AES ( AES ( x ⊕ k 0 0 , i ) ⊕ k 1 0 , i ) ⊕ k 2 0 , i ) ⊕ k 3 0 , i ) AES ( x ) = MixColumns ( ShiftRows ( SubBytes ( x ))) RK i = ( k 0 0 , i , k 1 0 , i , k 2 0 , i , k 3 0 , i ) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 11 / 31

  14. Key Schedule k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 8 0 , 8 0 , 8 0 , 8 1 , 8 1 , 8 1 , 8 1 , 8 AES AES AES AES AES AES AES AES ( s 0 , s 1 , s 2 , s 3) ( s 4 , s 5 , s 6 , s 7) ( s 8 , s 9 , s 10 , s 11) ( s 12 , s 13 , s 14 , s 15) ( s 0 , s 1 , s 2 , s 3) ( s 4 , s 5 , s 6 , s 7) ( s 8 , s 9 , s 10 , s 11) ( s 12 , s 13 , s 14 , s 15) cnt [2] cnt [3] cnt [0] cnt [1] k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 9 0 , 9 0 , 9 0 , 9 1 , 9 1 , 9 1 , 9 1 , 9 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 12 / 31

  15. Key Schedule k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 9 0 , 9 0 , 9 0 , 9 1 , 9 1 , 9 1 , 9 1 , 9 k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 10 0 , 10 0 , 10 0 , 10 1 , 10 1 , 10 1 , 10 1 , 10 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 12 / 31

  16. Key Schedule (schematic) RK 0 RK ′ M = 1024 bit 0 AES ( k i , j ⊕ salt ) (8 × AES ) c 3 c 2 c 1 c 0 Linear Layer 1 RK 1 RK ′ 1 Linear Layer 2 RK 2 RK ′ 2 AES ( k i , j ⊕ salt ) c 2 c 3 c 0 c 1 Linear Layer 1 RK 3 RK ′ 3 Linear Layer 2 RK 4 RK ′ 4 AES ( k i , j ⊕ salt ) Linear Layer 1 RK 5 RK ′ 5 c 1 c 0 c 3 c 2 Linear Layer 2 RK 6 RK ′ 6 Round 1: plain counter words added: cnt = c 0 c 1 c 2 c 3 Round 2: inverted and shuffled counter words added Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 13 / 31

  17. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 14 / 31

  18. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i RK i RK ′ i A i + 1 B i + 1 C i + 1 D i + 1 F i + 1 F ′ i + 1 RK i + 1 RK ′ i + 1 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 RK i + 3 RK ′ i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  19. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 F i + 1 F ′ i + 1 RK i + 1 RK ′ i + 1 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 B i RK ′ RK i + 3 i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  20. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 when does this happen? F i + 1 F ′ i + 1 F i + 3 ( B i + 3 ) = F ′ i + 1 ( D i + 1 ) RK i + 1 RK ′ i + 1 B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 B i RK ′ RK i + 3 i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  21. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 when does this happen? F i + 1 F ′ i + 1 F i + 3 ( B i + 3 ) = F ′ i + 1 ( D i + 1 ) RK i + 1 RK ′ i + 1 or more specific: B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) F i + 2 ( B i + 2 ) = 0 D i + 1 A i + 2 B i + 2 C i + 2 D i + 2 RK i + 3 = RK ′ 0 F i + 2 F ′ i + 1 i + 2 D i + 1 RK i + 2 RK ′ i + 2 second case: B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 two 128-bit conditions F ′ F i + 3 i + 3 but easier to fulfill B i RK ′ RK i + 3 i + 3 conditions can be “interleaved” A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  22. Interleaving interleave cancellation property with same value Z = B i = B i + 4 Z = B i + 2 = B i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 16 / 31

Recommend

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree Center for Cybersecurity, Indian Institute of Technology Kanpur INDOCRYPT 2019, Hyderabad Outline 2 Introduction Hash function Structure of KECCAK

752 views • 50 slides
Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work with Jian Guo and Ling Song ASK 2016, September 2016 1/45 Outline Introduction SHA-3 hash function Specifications of Keccak Main Results

913 views • 65 slides
Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash Functions June 2013 Bart Preneel Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis: basic topics Bart Preneel This is an input to

402 views • 14 slides
Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work with Jian Guo and Ling Song Asiacrypt 2016 1/28 Outline Introduction SHA-3 hash function Linear Structures Linear structures of Keccak-f

474 views • 43 slides
Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven,

A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven,

A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven, Belgium Outline 1 Motivation 2 Application to SHA-1 3 Application to other Hash Functions 4 Summary and Future Work Collision Attacks on the

652 views • 46 slides
New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of

New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of

New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of Computer Science, Technion Israel Institute of Technology Joint work with Eli Biham Cryptoday 2011 p. 1/52 Talk Outline Definition and properties

963 views • 95 slides
Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for

Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for

Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria Outline Motivation 1

602 views • 42 slides
Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian

Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian

Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian Matusiewicz kmatus@ics.mq.edu.au Centre for Advanced Computing Algorithms and Cryptography, Department of Computing, Macquarie University IM PAN, 20

859 views • 55 slides
Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash Functions Bart Preneel KU Leuven - COS IC firstname.lastname@ esat.kuleuven.be Design and S ecurity of Cryptographic Functions, Algorithms and Devices

982 views • 67 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 , Leibo Li 2 , Dawu Gu 1 , Xiaoyun Wang 2,3 , Zhiqiang Liu 1 , Jiazhe Chen 2 , Wei Li 4 1. Shanghai Jiao Tong University, 2. Shangdong University 3.

472 views • 25 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

ECRYPT Bart Preneel Emerging Topics in Cryptographic Design and Cryptanalysis Generic Constructions 30 April- 4 May 2007, Samos Greece for Iterated Hash Functions Outline Generic Constructions Generic Constructions for Iterated Hash

759 views • 10 slides
Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Introduction 1/24 Gatan Leurent Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013 UCL Crypto Group FSE 2013 Cryptanalysis of WIDEA G. Leurent Microelectronics Laboratory UCL Crypto Group

617 views • 32 slides
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X. Standaert , J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL Belgium FSE 2008 Collard B. (UCL

448 views • 33 slides
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES Lorenzo Grassi, IAIK, TU Graz (Austria) March, 2019 www.iaik.tugraz.at Motivation At Eurocrypt 2017, the first secret-key distinguisher for

576 views • 42 slides
Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig - Maria Eichlseder Hash Functions A cryptographic hash function produces cryptographic checksums or fingerprints m Fast H Secure h Security

696 views • 42 slides
Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Description of PRINT CIPHER Differential Cryptanalysis Computing roots of permutations Summary Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations Mohamed Abdelraheem, Gregor Leander and Erik Zenner DTU

639 views • 21 slides
Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent

Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent

Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent Inria, Paris Eurocrypt 2016 m 0 m 1 m 2 K K K Gatan

540 views • 36 slides
Cube-Attack-Like Cryptanalysis of Round-Reduced Keccak Using MILP Ling Song , Jian Guo FSE 2019 @

Cube-Attack-Like Cryptanalysis of Round-Reduced Keccak Using MILP Ling Song , Jian Guo FSE 2019 @

Cube-Attack-Like Cryptanalysis of Round-Reduced Keccak Using MILP Ling Song , Jian Guo FSE 2019 @ Paris, France Song, Guo Cube-Attack-Like Cryptanalysis of Round-Reduced Keccak Using MILP FSE 2019 1 / 27 Outlines 1 Keccak and its Relatives 2

927 views • 33 slides
Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore

Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore

Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore March 11, 2013 1 Outline Backgrounds Specification Previous Analysis Slidex Attack Application Multicollision Application

744 views • 42 slides
Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Cryptanalysis of Classical Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Models for Cryptanalysis Cryptanalysis of

657 views • 20 slides

More recommend