grow cut using representations in cryptanalysis
play

Grow & Cut - Using Representations in Cryptanalysis Alexander - PowerPoint PPT Presentation

Jun 18, 2023 •215 likes •1.71k views

Grow & Cut - Using Representations in Cryptanalysis Alexander Meurer , Ruhr-Universitt Bochum ECRYPT Summer School on Tools, Mykonos, 2012 Motivation Motivation Generic technique for combinatorial problems Simple (no complicated

  1. Knapsack Representation Technique Knapsack Representation Technique Expand H into larger stack H'

  2. Expanding the Knapsack Haystack Expanding the Knapsack Haystack ● Recall: Classical MitM haystack H = {0,1} n/2 x {0} n/2 of size 2 n/2

  3. Expanding the Knapsack Haystack Expanding the Knapsack Haystack ● Recall: Classical MitM haystack H = {0,1} n/2 x {0} n/2 of size 2 n/2 Contains unique Needle ( x 1 , … , x n/2 )

  4. Expanding the Knapsack Haystack Expanding the Knapsack Haystack ● Recall: Classical MitM haystack H = {0,1} n/2 x {0} n/2 of size 2 n/2 ● New expanded haystack H' = { x 2 {0,1} n : wt( x ) = n/4 }

  5. Expanding the Knapsack Haystack Expanding the Knapsack Haystack ● Recall: Classical MitM haystack H = {0,1} n/2 x {0} n/2 of size 2 n/2 ● New expanded haystack H' = { x 2 {0,1} n : wt( x ) = n/4 }

  6. Knapsack Representation Technique Knapsack Representation Technique Expanding H' introduces r many representations N 1 , … , N r

  7. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  8. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  9. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  10. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  11. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  12. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  13. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  14. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) We can choose 2 out of 4 of the 1-entries, so ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) many representations ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  15. Number of Knapsack Representations Number of Knapsack Representations ● Example (n=8) ● Denote x * = ( 1 0 1 1 0 0 1 0) the solution ● x * can be represented as ( 1 0 1 0 0 0 0 0 ) + ( 0 0 0 1 0 0 1 0 ) We can choose 2 out of 4 of the 1-entries, so ( 1 0 0 1 0 0 0 0 ) + ( 0 0 1 0 0 0 1 0 ) In general: many representations many representations ( 1 0 0 0 0 0 1 0 ) + ( 0 0 1 1 0 0 0 0 ) ( 0 0 1 1 0 0 0 0 ) + ( 1 0 0 0 0 0 1 0 ) ( 0 0 1 0 0 0 1 0 ) + ( 1 0 0 1 0 0 0 0 ) ( 0 0 0 1 0 0 1 0 ) + ( 1 0 1 0 0 0 0 0 )

  16. Knapsack Representation Technique Knapsack Representation Technique Examine a 1/r – fraction of H' to fnd one N i

  17. The Cutting Phase The Cutting Phase ● We need to flter out a 2 -n/2 fraction of H' = { x 2 {0,1} n : wt( x ) = n/4 } ● For compute two lists ● Find one (x,y) with over

  18. The Cutting Phase The Cutting Phase ● We need to flter out a 2 -n/2 fraction of H' = { x 2 {0,1} n : wt( x ) = n/4 } ● For compute two lists ● Find one (x,y) with over

  19. The Cutting Phase The Cutting Phase ● We need to flter out a 2 -n/2 fraction of H' = { x 2 {0,1} n : wt( x ) = n/4 } ● For compute two lists ● Find one (x,y) with over

  20. The Cutting Phase The Cutting Phase ● We need to flter out a 2 -n/2 fraction of Complexity H' = { x 2 {0,1} n : wt( x ) = n/4 } ● For compute two lists ● Find one (x,y) with over

  21. The Cutting Phase The Cutting Phase ● We need to flter out a 2 -n/2 fraction of Computing the is in fact Complexity H' = { x 2 {0,1} n : wt( x ) = n/4 } more expensive! ● For compute two lists ● Find one (x,y) with over

  22. - 1 st st Attempt Computing L Computing 1 - 1 Attempt L 1 ● Idea: Do it in a Meet-in-the-Middle way ● Choose a (random) partition ● Merge the lists

  23. - 1 st st Attempt Computing L Computing 1 - 1 Attempt L 1 ● Idea: Do it in a Meet-in-the-Middle way ● Choose a (random) partition ● Merge the lists

  24. - 1 st st Attempt Computing L Computing 1 - 1 Attempt L 1 Choose labels ● Idea: Do it in a Meet-in-the-Middle way ● Choose a (random) partition ● Merge the lists

  25. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes

  26. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes

  27. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes

  28. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes

  29. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes x

  30. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes Complexity* = Max x = 2 0.4057n

  31. st Attempt Complexity Analysis: 1 st Complexity Analysis: 1 Attempt List sizes If assign uniform labels Complexity* = Max x = 2 0.4057n

  32. and ¸ are almost always good L and R are almost always good ¸ ¸ L ¸ R ● Recall ● Example: Good and bad distributed labels (n=20) random a i a i = 0 for i=1,...,n/2

  33. and ¸ are almost always good L and R are almost always good ¸ ¸ L ¸ R ● Recall One can show: Fraction of bad knapsacks (a 1 , … , a n ) is exponentially small! ● Example: Good and bad distributed labels (n=20) random a i a i = 0 for i=1,...,n/2

  34. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Aim: Compute 2 -n/2 fraction of H' = { x 2 2 {0,1} n : wt( x ) = n/4 } ● Idea: Use representations again! ● Decompose x 2 H' as x = y + z where y , z 2 2 H'' and 2 {0,1} n : wt( y ) = n/8 } H'' = { y 2 → Every x has representations ( y , z )

  35. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Aim: Compute 2 -n/2 fraction of H' = { x 2 2 {0,1} n : wt( x ) = n/4 } ● Idea: Use representations again! ● Decompose x 2 H' as x = y + z where y , z 2 2 H'' and 2 {0,1} n : wt( y ) = n/8 } H'' = { y 2 → Every x has representations ( y , z )

  36. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Choose coprime M (1) and M (2) of size 2 0.25n ● Choose random target values (of size 2 0.25n ) with with ● Compute lists ● Merge into

  37. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Choose coprime M (1) and M (2) of size 2 0.25n ● Choose random target values (of size 2 0.25n ) with with ● Compute lists ● Merge into

  38. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Choose coprime M (1) and M (2) of size 2 0.25n ● Choose random target values (of size 2 0.25n ) with with ● Compute lists ● Merge into

  39. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Choose coprime M (1) and M (2) of size 2 0.25n ● Choose random target values (of size 2 0.25n ) with Can be computed as before by a MitM approach! with ● Compute lists ● Merge into

  40. - 2 nd nd Attempt Computing Computing L 1 - 2 Attempt L 1 ● Choose coprime M (1) and M (2) of size 2 0.25n ● Choose random target values (of size 2 0.25n ) with with ● Compute lists ● Merge into

  41. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  42. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  43. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  44. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  45. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  46. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists

  47. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists Two modular constraints:

  48. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists x

  49. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists Complexity = Max = 2 0.3113n Lower bound achieved? x

  50. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists No! Forgot merge costs! x

  51. nd Attempt Complexity Analysis: 2 Complexity Analysis: 2 nd Attempt List sizes Randomly partioned base lists x

  52. Summary (so far) Summary (so far) ● Represenation Technique gives fastest (randomized) algorithm for random hard knapsacks Time Space Brute-Force 2 n 1 MitM 2 n/2 2 n/2 Schroeppel-Shamir 2 n/2 2 n/4 Representations 2 0.3373n 2 0.2936n

  53. Generic Decoding of Random Generic Decoding of Random Binary Linear Codes Binary Linear Codes

  54. Recap Binary Linear Codes Recap Binary Linear Codes ● C = random binary [n,k,d] code ● n = length / k = dimension / d = minimum distance Bounded Distance Decoding (BDD) Bounded Distance Decoding (BDD) ● Given x = c + e with c C · · 2 4 5 d-1 4 5 and w := wt( e ) = d-1 2 2 x · c · · ● Find e and thus c = x + e

  55. Why do we care about BDD? Why do we care about BDD? ● BDD is connected to ● Message Recovery for classical McEliece c = m * G + e ● Key recovery for Stern's identifcation scheme id = H * s ● Hardness of the LPN problem (Learning Parities with noise)

  56. Comparing Running Times Comparing Running Times How to compare performance of decoding algorithms ● Running time T(n,k,d) ● Fixed code rate R = k/n ● For n→∞, k and d are related via Gilbert-Varshamov bound, thus T(n,k,d) = T(n,k) = T(n,R) ● Compare algorithms by complexity coeffcient F(R), i.e. T(n,R) = 2 F(R) • n + o(n)

  57. Comparing Running Times Comparing Running Times How to compare performance of decoding algorithms ● Running time T(n,k,d) Minimize F(R)! Minimize F(R)! ● Fixed code rate R = k/n ● For n→∞, k and d are related via Gilbert-Varshamov bound, thus T(n,k,d) = T(n,k) = T(n,R) ● Compare algorithms by complexity coeffcient F(R), i.e. T(n,R) = 2 F(R) • n + o(n)

  58. Syndrome Decoding Syndrome Decoding (BDD) Given x = c + e with c C and wt( e )=w, fnd e ! 2 ● H = parity check matrix ● Consider syndrome s := s( x ) = H · x = H ·( c + e ) = H · e → Find linear combination of w columns of H matching s weight w n H s n-k = + + =

  59. Syndrome Decoding Syndrome Decoding (BDD) Given x = c + e with c C and wt( e )=w, fnd e ! 2 ● H = parity check matrix ● Consider syndrome s := s( x ) = H · x = H ·( c + e ) = H · e → Find linear combination of w columns of H matching s weight w n Brute-Force complexity Brute-Force complexity H s n-k = + + = T(n,k,d) = T(n,k,d) =

  60. Complexity Coeffcients (BDD) Complexity Coeffcients (BDD) Brute-Force F(R) 0,05 0,06 0,3868

Recommend

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Cryptanalysis of Classical Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Models for Cryptanalysis Cryptanalysis of

657 views • 20 slides
Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and

Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and

Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and Sondre Rnjom March, 2017 www.iaik.tugraz.at Introduction In the case of AES, several alternative representations (algebraic representation [

627 views • 52 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May, 2017 0/35 Cryptanalysis of Affine Cipher Outline Cryptanalysis of Affine Cipher 1 Hypothesis Testing 2 Linear Cryptanalysis 3 0/35

1.52k views • 110 slides
Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and Linear Cryptanalysis Differential cryptanalysis Linear cryptanalysis Iterated block ciphers (DES,

910 views • 53 slides
The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas

The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas

Introduction Previous cryptanalysis techniques The Super-Sbox cryptanalysis Results The Super-Sbox Cryptanalysis Improved Attacks for AES-like Permutations Henri Gilbert and Thomas Peyrin Orange Labs and Ingenico FSE 2010 - Seoul - Korea

1.38k views • 19 slides
Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship between the difference of two inputs and the difference of the corresponding two outputs. - the difference M Z of two strings of bits Z and Z

556 views • 10 slides
Rotational Cryptanalysis in the Presence of Constants Tomer Ashur Yunwen Liu ESAT/COSIC, KU

Rotational Cryptanalysis in the Presence of Constants Tomer Ashur Yunwen Liu ESAT/COSIC, KU

Rotational Cryptanalysis in the Presence of Constants Tomer Ashur Yunwen Liu ESAT/COSIC, KU Leuven, and imec, Belgium FSE, March 2017 1 Table of Contents ARX & Rotational Cryptanalysis Rotational cryptanalysis with constants Experiment

1.12k views • 72 slides
Differential Cryptanalysis The first method which reduced the complexity of attacking DES below

Differential Cryptanalysis The first method which reduced the complexity of attacking DES below

Differential Cryptanalysis The first method which reduced the complexity of attacking DES below (half of) exhaustive search. Differential Cryptanalysis Note : In all the following discussion we ignore the existence of the initial and the final

330 views • 8 slides
GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW & FORTIFY MISSION To cultivate an environment where value- added agricultural producers, operators and growers innovate and thrive. WHAT IS

173 views • 14 slides
Cryptanalysis of LAC G. Leurent (Inria) Cryptanalysis of LAC DIAC 2014 1 / 9 . . . . . . . .

Cryptanalysis of LAC G. Leurent (Inria) Cryptanalysis of LAC DIAC 2014 1 / 9 . . . . . . . .

Description of LAC Differentials and Characteristics Forgery attack Cryptanalysis of LAC G. Leurent (Inria) Cryptanalysis of LAC DIAC 2014 1 / 9 . . . . . . . . Gatan Leurent Inria, France DIAC 2014 2 / 9 Description of LAC DIAC

1.04k views • 36 slides
Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential

Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential

Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential cryptanalysis David Gerault LIMOS, University Clermont Auvergne This presentation is inspired by 4 papers written with Pascal Lafourcade, Marine Minier,

455 views • 26 slides
On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver

On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver

On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver Kullmann Computer Science Department Swansea University http://cs.swan.ac.uk/~csoliver/ Theoretical Foundations of Applied SAT Solving January 24,

722 views • 48 slides
Probabilistic Slide Cryptanalysis and Its Applications to LED-64 and Zorro Hadi Soleimany

Probabilistic Slide Cryptanalysis and Its Applications to LED-64 and Zorro Hadi Soleimany

Probabilistic Slide Cryptanalysis and Its Applications to LED-64 and Zorro Hadi Soleimany Department of Information and Computer Science, Aalto University School of Science, Finland FSE 2014 1 / 21 Outline Introduction Slide Cryptanalysis

712 views • 49 slides
GROW IT TO THE MAX WITH GROWMAX WATER! GROW IT TO THE MAX WITH GROWMAX WATER! ELIMINATE

GROW IT TO THE MAX WITH GROWMAX WATER! GROW IT TO THE MAX WITH GROWMAX WATER! ELIMINATE

Strengthens plant roots Healthier plants, fmowers and vegetables Protects benefjcial micro - organisms in your soil Get maximum efgectjveness from nutrients and fertjlizers GROW IT TO THE MAX WITH GROWMAX WATER! GROW IT TO THE MAX WITH GROWMAX

774 views • 8 slides
On SAT representations of XOR constraints (towards a theory of good SAT representations) Matthew

On SAT representations of XOR constraints (towards a theory of good SAT representations) Matthew

On SAT representations of XOR constraints (towards a theory of good SAT representations) Matthew Gwynne Oliver Kullmann Computer Science Department Swansea University http://cs.swan.ac.uk/~csoliver/papers.html LATA 2014 March 14, 2014 M

608 views • 43 slides
Cryptanalysis of RadioGatn Thomas Fuhr 1 Thomas Peyrin 2 1 Direction Centrale de la Scurit

Cryptanalysis of RadioGatn Thomas Fuhr 1 Thomas Peyrin 2 1 Direction Centrale de la Scurit

Cryptanalysis of RadioGatn Cryptanalysis of RadioGatn Thomas Fuhr 1 Thomas Peyrin 2 1 Direction Centrale de la Scurit des Systmes dInformation 2 Ingenico FSE 2009 - February 22-25 - Leuven Thomas Fuhr , Thomas Peyrin Cryptanalysis

567 views • 28 slides
Visual Representations of Newspaper Information 2 | 25 | Visual Representations of

Visual Representations of Newspaper Information 2 | 25 | Visual Representations of

Jessica Hubrich (German National Library) Visual Representations of Newspaper Information 2 | 25 | Visual Representations of Newspaper Information | 21 April 2016 Inhaltsverzeichnis 1 . Background 1 . Germ an Union Catalogue of

293 views • 25 slides
61A Lecture 16 Announcements String Representations String Representations 4 String

61A Lecture 16 Announcements String Representations String Representations 4 String

61A Lecture 16 Announcements String Representations String Representations 4 String Representations An object value should behave like the kind of data it is meant to represent 4 String Representations An object value should behave like the

1.21k views • 96 slides
Inside Out: Two Jointly Predictive Models for Word Representations and Phrase Representations Fei

Inside Out: Two Jointly Predictive Models for Word Representations and Phrase Representations Fei

Inside Out: Two Jointly Predictive Models for Word Representations and Phrase Representations Fei Sun , Jiafeng Guo, Yanyan Lan, Jun Xu, and Xueqi Cheng ofey.sunfei@gmail.com CAS Key Lab of Network Data Science and Technology Institute of

701 views • 37 slides
Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun

Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun

Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work

659 views • 54 slides
2 0 1 4 - 2 0 1 8 Grow ing four years four years of grow ing Early Career Investigator Think

2 0 1 4 - 2 0 1 8 Grow ing four years four years of grow ing Early Career Investigator Think

2 0 1 4 - 2 0 1 8 Grow ing four years four years of grow ing Early Career Investigator Think Tank in COST Action BIRTH, IS 140 Lucerne University of Applied Sciences and Arts Center for Health Promotion and Participation Prof. Dr. Claudia

716 views • 23 slides
Bilinear Cryptanalysis of Multivariate Schemes Pierre-Alain FOUQUE Crypto Team cole normale

Bilinear Cryptanalysis of Multivariate Schemes Pierre-Alain FOUQUE Crypto Team cole normale

Bilinear Cryptanalysis of Multivariate Schemes Pierre-Alain FOUQUE Crypto Team cole normale suprieure Joint work with Dubois, Stern, Shamir, Macario-Rat Summary Matsumoto-Imai (MI) cryptosystem Cryptanalysis of MI by Patarin

388 views • 21 slides
Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev

Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev

Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev FFI, Norway Univ. of Bergen, Norway 28 March 2019, FSE, Paris Briefly Matsuis Linear Cryptanalysis is based on the distribution of x 1 . .

331 views • 30 slides

More recommend