Thinking Outside the Superbox

Bordes, Nicolas; Daemen, Joan; Kuijsters, Daniël; Assche, Gilles Van

doi:10.1007/978-3-030-84252-9_12

Cited by 12 publications

(9 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This alteration extends the length of the final block, consequently influencing the modular multiplication and modular exponentiation phases when dealing with the larger block size. Furthermore, replacing SHA256 with another cryptographic hash function (CRH) like SHA3 [58] or Keccak [59] has implications for both schemes. In Khadr's scheme, this substitution will make the size of the final block larger ( > 3327 bits).…”

Section: Phasementioning

confidence: 99%

PoEDDP-A Fast RSA-Based Proof of Possession Accumulator of Dynamic Data on the Cloud

Harchaoui,

Younes,

Hibaoui

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The ease of usage and the convenience of cloud computing come with considerable responsibility. The latter, consists of carefully addressing different security aspects of this technology. The integrity and availability of the outsourced data constitute essential considerations for adopters' final decisions. However, the most critical factor is the efficiency of integrity checks, which must prioritize restricted-resource data owners without affecting the performance of the Cloud Service Provider. This paper proposes a secure scheme, called Proof of Exponentiation of Dynamic Data Possession PoEDDP based on RSA-Accumulators. The proof of concept demonstrates that this scheme is 20 times faster compared to other RSA-based cryptographic accumulator schemes. It could be improved to achieve great results with proper optimizations on the larger integer multiplication side. INDEX TERMSRSA-Accumulator, Cloud Storage Security, Data Integrity Verification Protocol, Proof of Exponentiation, Proof of Data Possession. Recently, [9] leveraged group-based accumulators for deterministic integrity check-only in the cloud storage. It

show abstract

Section: Phasementioning

confidence: 99%

PoEDDP-A Fast RSA-Based Proof of Possession Accumulator of Dynamic Data on the Cloud

Harchaoui,

Younes,

Hibaoui

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…When bits cluster in columns it results in a state having a column branch number under λ smaller than the bit branch number under θ. The effect of active bits at the output of θ ending up in the same column after λ is called bit huddling [8]. In this phase, for all R w values we check whether for the 11 states with bit branch number 12 there is bit huddling at the output of λ and keep only those where there is none.…”

Section: Selecting the Offsets Of R Wmentioning

confidence: 99%

“…A study in [8] provides evidence that this approach outperforms MDS-based designs in that they achieve lower upper bounds on the probability of differential trails and the correlation contribution of linear trails for the same amount of computation, often due to lighter rounds. Moreover, the paper shows that they suffer less from clustering of trails.…”

Section: Introductionmentioning

confidence: 99%

Twin Column Parity Mixers and Gaston

Hirch

Daemen

Rohit

et al. 2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We introduce a new type of mixing layer for the round function of cryptographic permutations, called circulant twin column parity mixer (CPM), that is a generalization of the mixing layers in Keccak-f and Xoodoo. While these mixing layers have a bitwise differential branch number of 4 and a computational cost of 2 (bitwise) additions per bit, the circulant twin CPMs we build have a bitwise differential branch number of 12 at the expense of an increase in computational cost: depending on the dimension this ranges between 3 and 3.34 XORs per bit. Our circulant twin CPMs operate on a state in the form of a rectangular array and can serve as mixing layer in a round function that has as non-linear step a layer of S-boxes operating in parallel on the columns. When sandwiched between two ShiftRow-like mappings, we can obtain a columnwise branch number of 12 and hence it guarantees 12 active S-boxes per two rounds in differential trails. Remarkably, the linear branch numbers (bitwise and columnwise alike) of these mappings is only 4. However, we define the transpose of a circulant twin CPM that has linear branch number of 12 and a differential branch number of 4. We give a concrete instantiation of a permutation using such a mixing layer, named Gaston. It operates on a state of 5 × 64 bits and uses χ operating on columns for its nonlinear layer. Most notably, the Gaston round function is lightweight in that it takes as few bitwise operations as the one of NIST lightweight standard Ascon. We show that the best 3-round differential and linear trails of Gaston have much higher weights than those of Ascon. Permutations like Gaston can be very competitive in applications that rely for their security exclusively on good differential properties, such as keyed hashing as in the compression phase of Farfalle.

show abstract

“…The list has 201 entries. In [8] it is reported that all 3-round trails with weight up to 50 are lone Markov trails. The lowest weight, 36, is attained by 4 trail core classes, hence under reasonable assumptions, we have MDP f = 2 −36 .…”

Section: Mdp F and Mndp F Of Xoodoo[3]mentioning

confidence: 99%

“…Clearly, as the weight of trails increases, the likelihood of clustering and dependence of round differentials does increase. Still, as discussed in [8], it is unlikely these effects are noticeable for trails with relatively low weight in permutations with round functions in which no superboxes can be identified. Xoodoo is such a permutation and any trails leading to the best collision attacks would have weight well below the permutation width that is 384.…”

Section: Mdp F and Mndp F Of Xoodoo[3]mentioning

confidence: 99%

On the Security of Keyed Hashing Based on Public Permutations

Fuchs

Rotella

Daemen

2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Doubly-extendable cryptographic keyed functions (deck) generalize the concept of message authentication codes (MAC) and stream ciphers in that they support variable-length strings as input and return variable-length strings as output. A prominent example of building deck functions is Farfalle, which consists of a set of public permutations and rolling functions that are used in its compression and expansion layers. By generalizing the compression layer of Farfalle, we prove its universality in terms of the probability of differentials over the public permutation used in it. As the compression layer of Farfalle is inherently parallel, we compare it to a generalization of a serial compression function inspired by Pelican-MAC. The same public permutation may result in different universalities depending on whether the compression is done in parallel or serial. The parallel construction consistently performs better than the serial one, sometimes by a big factor. We demonstrate this effect using Xoodoo[3], which is a round-reduced variant of the public permutation used in the deck function Xoofff.

show abstract

Thinking Outside the Superbox

Cited by 12 publications

References 28 publications

PoEDDP-A Fast RSA-Based Proof of Possession Accumulator of Dynamic Data on the Cloud

PoEDDP-A Fast RSA-Based Proof of Possession Accumulator of Dynamic Data on the Cloud

Twin Column Parity Mixers and Gaston

On the Security of Keyed Hashing Based on Public Permutations

Contact Info

Product

Resources

About