Côme Berbain scite author profile

Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improving SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

show abstract

QUAD: A Practical Stream Cipher with Provable Security

Berbain

Gilbert

Patarin

2006

View full text Add to dashboard Cite

show abstract

Cryptanalysis of Grain

Berbain

Gilbert

Maximov

2006

View full text Add to dashboard Cite

Abstract. Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 43 computations and 2 38 keystream bits to determine the 80-bit key.

show abstract

An efficient forward private RFID protocol

Berbain

Billet

Etrog

et al. 2009

View full text Add to dashboard Cite

Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions

Patarin¹,

Nachef²,

Berbain³

2006

View full text Add to dashboard Cite

Abstract. In this paper, we describe generic attacks on unbalanced Feistel schemes with contracting functions. These schemes are used to construct pseudo-random permutations from kn bits to kn bits by using d pseudo-random functions from (k − 1)n bits to n bits. We describe known plaintext attacks (KPA) and non-adaptive chosen plaintext attacks (CPA-1) against these schemes with less than 2 kn plaintext/ciphertext pairs and complexity strictly less than O(2 kn ) for a number of rounds d ≤ 2k − 1. Consequently at least 2k rounds are necessary to avoid generic attacks. For k = 3, we found attacks up to 6 rounds, so 7 rounds are required. When d ≥ 2k, we also describe some attacks on schemes with generators, (i.e. schemes where the d pseudo-random functions are generated) and where more than one permutation is required.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Côme Berbain

Sosemanuk, a Fast Software-Oriented Stream Cipher

QUAD: A Practical Stream Cipher with Provable Security

Cryptanalysis of Grain

An efficient forward private RFID protocol

Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions

Contact Info

Product

Resources

About