Ignacio Fernández‐Hernández, Tomer Ashur, Vincent Rijmen,
Data and signal authentication schemes are being proposed to address Global Navigation Satellite Systems' (GNSS) vulnerability to spoofing. Due to the low power of their signals, the bandwidth available for authentication in GNSS is scarce. Since delayed-disclosure protocols, e.g., TESLA (timed-efficient stream loss-tolerant authentication), are efficient in terms of bandwidth and robust to signal impairments, they have been proposed and implemented by GNSS. The length of message authentication codes ( ...
Tópico(s): Mobile Agent-Based Network Management
2021 - Institute of Electrical and Electronics Engineers | IEEE Transactions on Aerospace and Electronic Systems
This monograph is the authoritative guide to Rijndael, the block cipher whose elegance, efficiency, security, and principled design made it the Advanced Encryption Standard (AES). It is a valuable reference for professionals, researchers, and graduate students.
Tópico(s): Chaos-based Image/Signal Encryption
2020 - Springer Nature | Information security and cryptography
Tópico(s): Intelligence, Security, War Strategy
2020 - Springer Nature | Information security and cryptography
Gülsüm Gözde Güzel, Muharrem Tolga Sakallı, Sedat Akleylek, Vincent Rijmen, Yasemin Çengellenmiş,
In this paper, we propose a new matrix form to generate all 3×3 involutory and MDS matrices over F2m and prove that the number of all 3×3 involutory and MDS matrices over F2m is (2m−1)2⋅(2m−2)⋅(2m−4), where m>2. Moreover, we give 3×3 involutory and MDS matrices over F23, F24 and F28 defined by the irreducible polynomials x3+x+1, x4+x+1 and x8+x7+x6+x+1, respectively, by considering the minimum XOR count, which is a metric used in the estimation of hardware implementation cost. Finally, we provide ...
Tópico(s): graph theory and CDMA systems
2019 - Elsevier BV | Information Processing Letters
Jesper Buus Nielsen, Vincent Rijmen,
The EUROCRYPT 2018 proceedings cover cryptographic schemes, protocols and currencies, cryptanalysis, and quantum cryptography.
Tópico(s): Big Data Technologies and Applications
2018 - Springer Science+Business Media | Lecture notes in computer science
Wenying Zhang, Vincent Rijmen,
In this study, the authors propose an accurate approach to model the propagation of the division property of linear layers by the smallest amount of inequalities. The solutions of the inequalities are exactly the division trails of a linear transformation. Therefore, the description is compact and optimal. As applications of their results, they present a 7-round integral distinguisher for both Midori64 and Midori128. The designers of Midori only obtained a 3.5-round integral characteristic. For ...
Tópico(s): Coding theory and cryptography
2018 - Institution of Engineering and Technology | IET Information Security
Víctor Arribas, Begül Bilgin, George Petrides, ⋆Svetla Nikova, Vincent Rijmen,
Glitches entail a great issue when securing a cryptographic implementation in hardware. Several masking schemes have been proposed in the literature that provide security even in the presence of glitches. The key property that allows this protection was introduced in threshold implementations as non-completeness. We address crucial points to ensure the right compliance of this property especially for low-latency implementations. Specifically, we first discuss the existence of a flaw in DSD 2017 ...
Tópico(s): Security and Verification in Computing
2018 - | IACR Transactions on Cryptographic Hardware and Embedded Systems
Meltem Kurt Pehli̇vanoğlu, Muharrem Tolga Sakallı, Sedat Akleylek, N. Jeremi Duru, Vincent Rijmen,
In this study, the authors generalise Hadamard matrix over and propose a new form of Hadamard matrix, which they call generalised Hadamard (GHadamard) matrix. Then, they focus on generating lightweight (involutory) maximum distance separable (MDS) matrices. They also extend this idea to any matrix form, where k is not necessarily a power of 2. The new matrix form, GHadamard matrix, is used to generate new involutory MDS matrices over and , and involutory/non-involutory MDS matrices over by considering ...
Tópico(s): Cryptographic Implementations and Security
2018 - Institution of Engineering and Technology | IET Information Security
Thomas De Cnudde, Begül Bilgin, Benedikt Gierlichs, Ventzislav Nikov, ⋆Svetla Nikova, Vincent Rijmen,
Masking schemes achieve provable security against side-channel analysis by using secret sharing to decorrelate key-dependent intermediate values of the cryptographic algorithm and side-channel information. Masking schemes make assumptions on how the underlying leakage mechanisms of hardware or software behave to account for various physical effects. In this paper, we investigate the effect of the physical placement on the security using leakage assessment on power measurements collected from an ...
Tópico(s): Chaos-based Image/Signal Encryption
2017 - Springer Science+Business Media | Lecture notes in computer science
Ignacio Fernández‐Hernández, Vincent Rijmen, Gonzalo Seco‐Granados, Javier Simón, Irma Rodríguez, J. David Calle,
GNSS vulnerabilities have become evident in the last decade. Authentication of the GNSS signals and data can be an important building block contributing to mitigating these vulnerabilities. This paper presents a Navigation Message Authentication (NMA) scheme based on the Timed Efficient Stream Loss-tolerant Authentication (TESLA) protocol and a novel concept based on a single one-way chain for all senders and cross-authentication. The paper presents an NMA implementation in the Galileo Open Service ( ...
Tópico(s): Bluetooth and Wireless Communication Technologies
2016 - Wiley | NAVIGATION Journal of the Institute of Navigation
Bing Sun, Meicheng Liu, Jian Guo, Vincent Rijmen, Ruilin Li,
Impossible differential and zero correlation linear cryptanalysis are two of the most important cryptanalytic vectors. To characterize the impossible differentials and zero correlation linear hulls which are independent of the choices of the non-linear components, Sun et al. proposed the structure deduced by a block cipher at CRYPTO 2015. Based on that, we concentrate in this paper on the security of the SPN structure and Feistel structure with SP-type round functions. Firstly, we prove that for ...
Tópico(s): Physical Unclonable Functions (PUFs) and Hardware Security
2016 - Springer Science+Business Media | Lecture notes in computer science
Yunwen Liu, Qingju Wang, Vincent Rijmen,
In this paper, we study linear cryptanalysis of the ARX structure by means of automatic search. To evaluate the security of ARX designs against linear cryptanalysis, it is crucial to find (round-reduced) linear trails with maximum correlation. We model the problem of finding optimal linear trails by the boolean satisfiability problem (SAT), translate the propagation of masks through ARX operations into bitwise expressions and constraints, and then solve the problem using a SAT solver. We apply the ...
Tópico(s): Chaos-based Image/Signal Encryption
2016 - Springer Science+Business Media | Lecture notes in computer science
Bing Sun, Meicheng Liu, Jian Guo, Longjiang Qu, Vincent Rijmen,
It has been proved in Eurocrypt 2016 by Sun et al. that if the details of the S-boxes are not exploited, an impossible differential and a zero-correlation linear hull can extend over at most 4 rounds of the AES. This paper concentrates on distinguishing properties of AES-like SPN ciphers by investigating the details of both the underlying S-boxes and the MDS matrices, and illustrates some new insights on the security of these schemes. Firstly, we construct several types of 5-round zero-correlation ...
Tópico(s): Coding theory and cryptography
2016 - Springer Science+Business Media | Lecture notes in computer science
Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, ⋆Svetla Nikova, Ventzislav Nikov, Vincent Rijmen,
Tópico(s): Chaos-based Image/Signal Encryption
2016 - Springer Science+Business Media | Lecture notes in computer science
Wentao Zhang, Zhenzhen Bao, Dongdai Lin, Vincent Rijmen, Bohan Yang, Ingrid Verbauwhede,
In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-network. The substitution layer consists of 16 4×4 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which provides enough flexibility for different application scenario. ...
Tópico(s): Chaos-based Image/Signal Encryption
2015 - Springer Nature | Science China Information Sciences
Bing Sun, Zhiqiang Liu, Vincent Rijmen, Ruilin Li, Lei Cheng, Qingju Wang, Hoda Alkhzaimi, Chao Li,
As two important cryptanalytic methods, impossible differential and integral cryptanalysis have attracted much attention in recent years. Although relations among other cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis. Firstly, by introducing the concept of structure and dual structure, we prove that $$a\rightarrow ...
Tópico(s): Coding theory and cryptography
2015 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Benedikt Gierlichs, ⋆Svetla Nikova, Ventzislav Nikov, Vincent Rijmen,
Embedded cryptographic devices are vulnerable to power analysis attacks. Threshold implementations (TIs) provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. While masking can fail to provide protection due to glitches in the circuit, TIs rely on few assumptions about the hardware and are fully compatible with standard design flows. ...
Tópico(s): Security and Verification in Computing
2015 - Institute of Electrical and Electronics Engineers | IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Wentao Zhang, Zhenzhen Bao, Vincent Rijmen, Meicheng Liu,
In this paper, we present a new classification of 4-bit optimal S-boxes. All optimal 4-bit S-boxes can be classified into 183 different categories, among which we specify 3 platinum categories. Under the design criteria of the PRESENT (or SPONGENT) S-box, there are 8064 different S-boxes up to adding constants before and after an S-box. The 8064 S-boxes belong to 3 different categories, we show that the S-box should be chosen from one out of the 3 categories or other categories for better resistance ...
Tópico(s): graph theory and CDMA systems
2015 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Joan Daemen, Ventzislav Nikov, ⋆Svetla Nikova, Vincent Rijmen, Gilles Van Assche,
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against side-channel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Benedikt Gierlichs, Ventzislav Nikov, ⋆Svetla Nikova, Vincent Rijmen,
Tópico(s): Network Security and Intrusion Detection
2014 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Joan Daemen, Ventzislav Nikov, ⋆Svetla Nikova, Vincent Rijmen, Gilles Van Assche,
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against side-channel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Benedikt Gierlichs, ⋆Svetla Nikova, Ventzislav Nikov, Vincent Rijmen,
Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At Eurocrypt 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new ...
Tópico(s): Physical Unclonable Functions (PUFs) and Hardware Security
2014 - Springer Science+Business Media | Lecture notes in computer science
Andrey Bogdanov, Florian Mendel, Francesco Regazzoni, Vincent Rijmen, Elmar Tischhauser,
In this paper, we propose a new Authenticated Lightweight Encryption algorithm coined ALE. The basic operation of ALE is the AES round transformation and the AES-128 key schedule. ALE is an online single-pass authenticated encryption algorithm that supports optional associated data. Its security relies on using nonces. We provide an optimized low-area implementation of ALE in ASIC hardware and demonstrate that its area is about 2.5 kGE which is almost two times smaller than that of the lightweight ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, Benedikt Gierlichs, ⋆Svetla Nikova, Ventzislav Nikov, Vincent Rijmen,
Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation ...
Tópico(s): Chaos-based Image/Signal Encryption
2014 - Springer Science+Business Media | Lecture notes in computer science
Qingju Wang, Zhiqiang Liu, Kerem Varıcı, Yu Sasaki, Vincent Rijmen, Yosuke Todo,
SIMON family is one of the recent lightweight block cipher designs introduced by NSA. So far there have been several cryptanalytic results on this cipher by means of differential, linear and impossible differential cryptanalysis. In this paper, we study the security of SIMON32, SIMON48/72 and SIMON48/96 by using integral, zero-correlation linear and impossible differential cryptanalysis. Firstly, we present a novel experimental approach to construct the best known integral distinguishers of SIMON32. ...
Tópico(s): Coding theory and cryptography
2014 - Springer Science+Business Media | Lecture notes in computer science
Begül Bilgin, ⋆Svetla Nikova, Ventzislav Nikov, Vincent Rijmen, Natalia Tokareva, Valeriya Vitkup,
Threshold implementation (TI) is a masking method that provides security against first-order DPA with minimal assumptions on the hardware. It is based on multi-party computation and secret sharing. In this paper, we provide an efficient technique to find TIs for all 3 and 4-bit permutations which also covers the set of 3×3 and 4×4 invertible S-boxes. We also discuss alternative methods to construct shared functions by changing the number of variables or shares. Moreover, we further consider the TI ...
Tópico(s): graph theory and CDMA systems
2014 - Springer Science+Business Media | Cryptography and Communications
Andrey Bogdanov, Christina Boura, Vincent Rijmen, Meiqin Wang, Long Wen, Jingyuan Zhao,
In this paper, we reveal a fundamental property of block ciphers: There can exist linear approximations such that their biases ε are deterministically invariant under key difference. This behaviour is highly unlikely to occur in idealized ciphers but persists, for instance, in 5-round AES. Interestingly, the property of key difference invariant bias is independent of the bias value ε itself and only depends on the form of linear characteristics comprising the linear approximation in question as ...
Tópico(s): Coding theory and cryptography
2013 - Springer Science+Business Media | Lecture notes in computer science
Mario Lamberger, Florian Mendel, Martin Schläffer, Christian Rechberger, Vincent Rijmen,
We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the 10-round Whirlpool hash function and compression function. Our results are collisions for 5.5 and near-collisions for 7.5 rounds on the hash function, as well as semi-free-start collisions for 7.5 and semi-free-start near-collisions for 9.5 rounds on the compression function. Additionally, we ...
Tópico(s): Physical Unclonable Functions (PUFs) and Hardware Security
2013 - Springer Science+Business Media | Journal of Cryptology
Florian Mendel, Vincent Rijmen, Deniz Toz, Kerem Varıcı,
In this paper, we present a security analysis of the lightweight block cipher LED proposed by Guo et al. at CHES 2011. Since the design of LED is very similar to the Even-Mansour scheme, we first review existing attacks on this scheme and extend them to related-key and related-key-cipher settings before we apply them to LED. We obtain results for 12 and 16 rounds (out of 32) for LED-64 and 16 and 24 rounds (out of 48) for LED-128. Furthermore, we present an observation on full LED in the related-key- ...
Tópico(s): Coding theory and cryptography
2012 - Springer Science+Business Media | Lecture notes in computer science
Julia Juremi, Salasiah Sulaiman Ramlan Mahmod,
... AES) [1]. Rijndael, submitted by Joan Daemen and Vincent Rijmen is designed for the use with keys of ...
Tópico(s): Coding theory and cryptography
2012 - | International Journal of Cyber-Security and Digital Forensics