## CryptoDB

### Lars R. Knudsen

#### Publications

Year
Venue
Title
2015
EPRINT
2015
FSE
2013
ASIACRYPT
2012
EUROCRYPT
2012
ASIACRYPT
2012
JOFC
We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.
2012
JOFC
At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106.In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).
2011
FSE
2010
EPRINT
Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA-3. Until now, little analysis has been published on its resistance to differential cryptanalysis, the main technique used to attack hash functions. We present a study of Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally.
2010
JOFC
2010
CHES
2009
EUROCRYPT
2009
EUROCRYPT
2009
CRYPTO
2008
FSE
2007
ASIACRYPT
2007
CHES
2007
FSE
2007
EPRINT
We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i-th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.
2005
ASIACRYPT
2005
FSE
2005
FSE
2005
EPRINT
We consider the hash function proposals by Mridul et al.\ presented at FSE 2005. For the proposed $2n$-bit compression functions it is proved that collision attacks require $\Omega(2^{2n/3})$ queries of the functions in question. In this note it is shown that with ${\cal O}(2^{n/3})$ queries one can distinguish the proposed compression functions from a randomly chosen $2n$-bit function with very good probability. Finally we note that our results do not seem to contradict any statements made the designers of the compression functions.
2005
JOFC
2003
FSE
2002
FSE
2002
JOFC
2002
JOFC
2001
CRYPTO
2001
JOFC
2000
CRYPTO
2000
FSE
2000
FSE
2000
JOFC
1999
CRYPTO
1999
EUROCRYPT
1999
FSE
1998
ASIACRYPT
1998
EUROCRYPT
1998
FSE
1998
FSE
1998
FSE
1998
JOFC
1998
JOFC
1997
CRYPTO
1997
EUROCRYPT
1997
FSE
1997
FSE
1996
ASIACRYPT
1996
CRYPTO
1996
EUROCRYPT
1996
EUROCRYPT
1996
FSE
1995
CRYPTO
1995
JOFC
1994
EUROCRYPT
1994
EUROCRYPT
1994
FSE
1993
EUROCRYPT
1993
FSE
1993
FSE
1992
AUSCRYPT
1992
CRYPTO
1992
CRYPTO
1991
ASIACRYPT

CHES 2016
Crypto 2015
Crypto 2013
FSE 2012
Asiacrypt 2012
Asiacrypt 2011
Eurocrypt 2010
Asiacrypt 2010
Asiacrypt 2009
Crypto 2008
Eurocrypt 2008
FSE 2007
Asiacrypt 2007
Crypto 2004
FSE 2004
Eurocrypt 2003
FSE 2003
Eurocrypt 2002
FSE 2001
FSE 2000
Eurocrypt 2000
Eurocrypt 1999
FSE 1999
Crypto 1999
FSE 1998
Crypto 1998
Crypto 1996
Eurocrypt 1995