## CryptoDB

### Antonio Florez-Gutierrez

#### Publications

Year
Venue
Title
2021
ASIACRYPT
We propose a general technique to improve the key-guessing step of several attacks on block ciphers. This is achieved by defining and studying some new properties of the associated S-boxes and by representing them as a special type of decision trees that are crucial for finding fine-grained guessing strategies for various attack vectors. We have proposed and implemented the algorithm that efficiently finds such trees, and use it for providing several applications of this approach, which include the best known attacks on NOKEON, GIFT, and RECTANGLE.
2021
JOFC
$\mathsf {Gimli}$ Gimli is a family of cryptographic primitives (both a hash function and an AEAD scheme) that has been selected for the second round of the NIST competition for standardizing new lightweight designs. The candidate $\mathsf {Gimli}$ Gimli is based on the permutation $\mathsf {Gimli}$ Gimli , which was presented at CHES 2017. In this paper, we study the security of both the permutation and the constructions that are based on it. We exploit the slow diffusion in $\mathsf {Gimli}$ Gimli and its internal symmetries to build, for the first time, a distinguisher on the full permutation of complexity $2^{64}$ 2 64 . We also provide a practical distinguisher on 23 out of the full 24 rounds of $\mathsf {Gimli}$ Gimli that has been implemented. Next, we give (full state) collision and semi-free start collision attacks on $\mathsf {Gimli}$ Gimli -Hash, reaching, respectively, up to 12 and 18 rounds. On the practical side, we compute a collision on 8-round $\mathsf {Gimli}$ Gimli -Hash. In the quantum setting, these attacks reach 2 more rounds. Finally, we perform the first study of linear trails in $\mathsf {Gimli}$ Gimli , and we find a linear distinguisher on the full permutation.