## CryptoDB

### Hongjun Wu

#### Publications

Year
Venue
Title
2018
TOSC
NORX is a permutation-based authentication scheme which is currently a third-round candidate of the ongoing CAESAR competition. The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation. In this paper, we show that the NORX core permutation is non-ideal with a new distinguishing attack. More specifically, we can distinguish NORX64 permutation with 248.5 queries and distinguish NORX32 permutation with 264.7 queries using carefully crafted differential-linear attacks. We have experimentally verified the distinguishing attack on NORX64 permutation. Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
FSE
2013
ASIACRYPT
2012
ASIACRYPT
2007
CHES
2007
EUROCRYPT
2007
FSE
2006
FSE
2006
FSE
2005
EPRINT
In this report, we point out a serious security flaw in Microsoft Word and Excel. The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. But when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily.
2005
EPRINT
Nawaz, Gupta and Gong recently proposed a 32-bit RC4-like stream cipher. In this paper, we show that the keystream generated from their stream cipher is not random. The keystream can be distinguished from random with only about 100 outputs (3200 bits) in 2 milliseconds on Intel Centrino 1.6GHz processor.
2004
FSE
2004
EPRINT
HC-256 is a software-efficient stream cipher. It generates keystream from a 256-bit secret key and a 256-bit initialization vector. The encryption speed of the C implementation of HC-256 is about 1.9 bits per clock cycle (4.2 cycle/byte) on the Intel Pentium 4 processor. A variant of HC-256 is also introduced in this paper.
2003
EPRINT
Whitenoise is a stream cipher with specification given at http://eprint.iacr.org/2003/249. In this paper, we show that Whitenoise is extremely weak. It can be broken by solving about 80,000 linear equations. And only about 80,000 bytes keystream are needed in the attack.
2002
EPRINT
Filiol and Fontaine recently proposed a family of stream ciphers named COS. COS is based on nonlinear feedback shift registers and was claimed to be with high cryptographic strength. Babbage showed that COS $(2,128)$ Mode II is extremely weak. But Babbage's attack is too expensive to break the COS $(2,128)$ Mode I (the complexity is around $2^{52}$). In this paper, we show that the COS $(2,128)$ Mode I is too weak. With about $2^{16}$-bit known plaintext, the secret information could be recovered with small amount of memory and computation time (less than one second on a Pentium IV Processor).
2001
PKC
2001
PKC
1998
ASIACRYPT
1998
ASIACRYPT

Asiacrypt 2015
Asiacrypt 2013
Asiacrypt 2012
Asiacrypt 2010