International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Kazumaro Aoki

Affiliation: NTT

Publications

Year
Venue
Title
2018
CRYPTO
Fast Correlation Attack Revisited 📺
A fast correlation attack (FCA) is a well-known cryptanalysis technique for LFSR-based stream ciphers. The correlation between the initial state of an LFSR and corresponding key stream is exploited, and the goal is to recover the initial state of the LFSR. In this paper, we revisit the FCA from a new point of view based on a finite field, and it brings a new property for the FCA when there are multiple linear approximations. Moreover, we propose a novel algorithm based on the new property, which enables us to reduce both time and data complexities. We finally apply this technique to the Grain family, which is a well-analyzed class of stream ciphers. There are three stream ciphers, Grain-128a, Grain-128, and Grain-v1 in the Grain family, and Grain-v1 is in the eSTREAM portfolio and Grain-128a is standardized by ISO/IEC. As a result, we break them all, and especially for Grain-128a, the cryptanalysis on its full version is reported for the first time.
2010
EPRINT
Factorization of a 768-bit RSA modulus
This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.
2010
CRYPTO
2009
ASIACRYPT
2009
EUROCRYPT
2009
CRYPTO
2008
ASIACRYPT
2007
ASIACRYPT
2007
EPRINT
Practical Password Recovery on an MD5 Challenge and Response
Yu Sasaki Go Yamamoto Kazumaro Aoki
This paper shows an attack against APOP protocol which is a challenge-and-response protocol. We utilize the Wang's attack to make collisions in MD5, and apply it to APOP protocol. We confirmed that the first 3 octets of secret key can be recovered by several hundred queries under the man-in-the-middle environment.
2007
EPRINT
A kilobit special number field sieve factorization
We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number $2^{1039}-1$. Although this factorization is orders of magnitude `easier' than a factorization of a 1024-bit RSA modulus is believed to be, the methods we used to obtain our result shed new light on the feasibility of the latter computation.
2006
CHES
2004
ASIACRYPT
2004
EPRINT
GNFS Factoring Statistics of RSA-100, 110, ..., 150
GNFS (general number field sieve) algorithm is currently the fastest known algorithm for factoring large integers. Up to the present, several running time estimates for GNFS are announced. These estimates are usually based on the previous factoring results. However, since the previous factoring results were done by various programs and/or computers, it is difficult to compare those running time. We implemented GNFS and factored 100- to 150-digits number on the same environment. This manuscript describes the statistics of these factorings.
2000
EPRINT
The Complete Distribution of Linear Probabilities of MARS' s-box
Kazumaro Aoki
This paper shows the complete linear probability distribution of MARS' s-box. The best bias is $\dfrac{84}{2^9}$ ($=2^{-2.61}$), while the designers' estimation is $\dfrac{64}{2^9}$ and the best previously known bias is $\dfrac{82}{2^9}$.
1997
FSE
1995
CRYPTO
1994
CRYPTO

Program Committees

FSE 2015
FSE 2014
FSE 2013
Asiacrypt 2011
FSE 2006
FSE 2005