International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Vincent Rijmen

Publications

Year
Venue
Title
2022
TOSC
New Key-Recovery Attack on Reduced-Round AES
Navid Ghaedi Bardeh Vincent Rijmen
A new fundamental 4-round property of AES, called the zero-difference property, was introduced by Rønjom, Bardeh and Helleseth at Asiacrypt 2017. Our work characterizes it in a simple way by exploiting the notion of related differences which was introduced and well analyzed by the AES designers. We extend the 4-round property by considering some further properties of related differences over the AES linear layer, generalizing the zero-difference property. This results in a new key-recovery attack on 7-round AES which is the first attack on 7-round AES by exploiting the zero-difference property.
2022
CRYPTO
Differential Cryptanalysis in the Fixed-Key Model 📺
Tim Beyne Vincent Rijmen
A systematic approach to the fixed-key analysis of differential probabilities is proposed. It is based on the propagation of 'quasidifferential trails', which keep track of probabilistic linear relations on the values satisfying a differential characteristic in a theoretically sound way. It is shown that the fixed-key probability of a differential can be expressed as the sum of the correlations of its quasidifferential trails. The theoretical foundations of the method are based on an extension of the difference-distribution table, which we call the quasidifferential transition matrix. The role of these matrices is analogous to that of correlation matrices in linear cryptanalysis. This puts the theory of differential and linear cryptanalysis on an equal footing. The practical applicability of the proposed methodology is demonstrated by analyzing several differentials for RECTANGLE, KNOT, Speck and Simon. The analysis is automated and applicable to other SPN and ARX designs. Several attacks are shown to be invalid, most others turn out to work only for some keys but can be improved for weak-keys.
2021
JOFC
Correction to: Editorial
Vincent Rijmen
2021
JOFC
Editorial
Vincent Rijmen
2020
JOFC
Revisiting the Wrong-Key-Randomization Hypothesis
Tomer Ashur Tim Beyne Vincent Rijmen
Linear cryptanalysis is considered to be one of the strongest techniques in the cryptanalyst’s arsenal. In most cases, Matsui’s Algorithm 2 is used for the key recovery part of the attack. The success rate analysis of this algorithm is based on an assumption regarding the bias of a linear approximation for a wrong key, known as the wrong-key-randomization hypothesis. This hypothesis was refined by Bogdanov and Tischhauser to take into account the stochastic nature of the bias for a wrong key. We provide further refinements to the analysis of Matsui’s Algorithm 2 by considering sampling without replacement. This paper derives the distribution of the observed bias for wrong keys when sampling is done without replacement and shows that less data are required in this scenario. It also develops formulas for the success probability and the required data complexity when this approach is taken. The formulas predict that the success probability may reach a peak and then decrease as more pairs are considered. We provide a new explanation for this behavior and derive the conditions for encountering it. We empirically verify our results and compare them to previous work.
2020
ASIACRYPT
A Bit-Vector Differential Model for the Modular Addition by a Constant 📺
ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR, which achieve the best software performances in low-end microcontrollers. To evaluate the resistance of an ARX cipher against differential cryptanalysis and its variants, the recent automated methods employ constraint satisfaction solvers, such as SMT solvers, to search for optimal characteristics. The main difficulty to formulate this search as a constraint satisfaction problem is obtaining the differential models of the non-linear operations, that is, the constraints describing the differential probability of each non-linear operation of the cipher. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. In this paper, we present the first bit-vector differential model for the n-bit modular addition by a constant input. Our model contains O(log2(n)) basic bit-vector constraints and describes the binary logarithm of the differential probability. We also represent an SMT-based automated method to look for differential characteristics of ARX, including constant additions, and we provide an open-source tool ArxPy to find ARX differential characteristics in a fully automated way. To provide some examples, we have searched for related-key differential characteristics of TEA, XTEA, HIGHT, and LEA, obtaining better results than previous works. Our differential model and our automated tool allow cipher designers to select the best constant inputs for modular additions and cryptanalysts to evaluate the resistance of ARX ciphers against differential attacks.
2019
TCHES
M&M: Masks and Macs against Physical Attacks 📺
Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.
2018
TCHES
Rhythmic Keccak: SCA Security and Low Latency in HW 📺
Glitches entail a great issue when securing a cryptographic implementation in hardware. Several masking schemes have been proposed in the literature that provide security even in the presence of glitches. The key property that allows this protection was introduced in threshold implementations as non-completeness. We address crucial points to ensure the right compliance of this property especially for low-latency implementations. Specifically, we first discuss the existence of a flaw in DSD 2017 implementation of Keccak by Gross et al. in violation of the non-completeness property and propose a solution. We perform a side-channel evaluation on the first-order and second-order implementations of the proposed design where no leakage is detected with up to 55 million traces. Then, we present a method to ensure a non-complete scheme of an unrolled implementation applicable to any order of security or algebraic degree of the shared function. By using this method we design a two-rounds unrolled first-order Keccak-
2016
EUROCRYPT
2016
CRYPTO
2016
CHES
2015
JOFC
2015
FSE
2015
CRYPTO
2015
EUROCRYPT
Threshold Implementations
Vincent Rijmen
2014
ASIACRYPT
2014
FSE
2013
ASIACRYPT
2013
FSE
2012
CHES
2012
ASIACRYPT
2011
JOFC
2010
FSE
2009
ASIACRYPT
2007
ASIACRYPT
2007
ASIACRYPT
2006
FSE
2006
FSE
2005
FSE
2005
FSE
2002
EUROCRYPT
2001
FSE
2001
FSE
2001
FSE
1999
ASIACRYPT
1999
FSE
1999
FSE
1998
ASIACRYPT
1998
FSE
1998
FSE
1997
EUROCRYPT
1997
FSE
1997
FSE
1996
FSE
1994
FSE
1994
FSE
1993
CRYPTO

Program Committees

Eurocrypt 2019 (Program chair)
Eurocrypt 2018 (Program chair)
FSE 2015
Asiacrypt 2013
FSE 2013
Eurocrypt 2012
FSE 2012
Crypto 2011
Eurocrypt 2011
Asiacrypt 2010
Asiacrypt 2009
FSE 2008
Asiacrypt 2008
Asiacrypt 2005
Eurocrypt 2004
Asiacrypt 2004
Asiacrypt 2003
CHES 2003
FSE 2003
FSE 2002 (Program chair)
Eurocrypt 2001
Asiacrypt 2001