International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Markku-Juhani Olavi Saarinen

Publications

Year
Venue
Title
2013
FSE
Related-Key Attacks Against Full Hummingbird-2 📺
Markku-Juhani Olavi Saarinen
2012
FSE
2011
FSE
Cryptanalysis of Hummingbird
Markku-Juhani Olavi Saarinen
2010
EPRINT
The PASSERINE Public Key Encryption and Authentication Mechanism
Markku-Juhani Olavi Saarinen
PASSERINE is a lightweight public key encryption mechanism which is based on a hybrid, randomized variant of the Rabin public key encryption scheme. Its design is targeted for extremely low-resource applications such as wireless sensor networks, RFID tags, embedded systems, and smart cards. As is the case with the Rabin scheme, the security of PASSERINE can be shown to be equivalent to factoring the public modulus. On most low-resource implementation platforms PASSERINE offers smaller transmission latency, hardware and software footprint and better encryption speed when compared to RSA or Elliptic Curve Cryptography. This is mainly due to the fact that PASSERINE implementations can avoid expensive big integer arithmetic in favor of a fully parallelizable CRT randomized-square operation. In order to reduce latency and memory requirements, PASSERINE uses Naccache-Shamir randomized multiplication, which is implemented with a system of simultaneous congruences modulo small coprime numbers. The PASSERINE private key operation is of comparable computational complexity to the RSA private key operation. The private key operation is typically performed by a computationally superior recipient such as a base station. The PASSERINE project is entirely open source (hardware and software).
2007
EPRINT
Linearization Attacks Against Syndrome Based Hashes
Markku-Juhani Olavi Saarinen
In MyCrypt 2005, Augot, Finiasz, and Sendrier proposed FSB, a family of cryptographic hash functions. The security claim of the FSB hashes is based on a coding theory problem with hard average-case complexity. In the ECRYPT 2007 Hash Function Workshop, new versions with essentially the same compression function but radically different security parameters and an additional final transformation were presented. We show that hardness of average-case complexity of the underlying problem is irrelevant in collision search by presenting a linearization method that can be used to produce collisions in a matter of seconds on a desktop PC for the variant of FSB with claimed $2^128$ security.
2007
EPRINT
A Meet-in-the-Middle Collision Attack Against the New FORK-256
Markku-Juhani Olavi Saarinen
We show that a $2^{112.9}$ collision attack exists against the FORK-256 Hash Function. The attack is surprisingly simple compared to existing published FORK-256 cryptanalysis work, yet is the best known result against the new, tweaked version of the hash. The attack is based on "splitting" the message schedule and compression function into two halves in a meet-in-the-middle attack. This in turn reduces the space of possible hash function results, which leads to significantly faster collision search. The attack strategy is also applicable to the original version of FORK-256 published in FSE 2006.
2006
EPRINT
Security of VSH in the Real World
Markku-Juhani Olavi Saarinen
In Eurocrypt 2006, Contini, Lenstra, and Steinfeld proposed a new hash function primitive, VSH, very smooth hash. In this brief paper we offer commentary on the resistance of VSH against some standard cryptanalytic attacks, including preimage attacks and collision search for a truncated VSH. Although the authors of VSH claim only collision resistance, we show why one must be very careful when using VSH in cryptographic engineering, where additional security properties are often required.
2003
FSE
2002
FSE
A Time-Memory Tradeoff Attack Against LILI-128
Markku-Juhani Olavi Saarinen
2001
EPRINT
A Time-Memory Tradeoff Attack Against LILI-128
Markku-Juhani Olavi Saarinen
In this note we discuss a novel but simple time-memory tradeoff attack against the stream cipher LILI-128. The attack defeats the security advantage of having an irregular stepping function. The attack requires $2^{46}$ bits of keystream, a lookup table of $2^{45}$ 89-bit words and computational effort which is roughly equivalent to $2^{48}$ DES operations.