Change search
Refine search result
1 - 16 of 16
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Aumasson, Jean-Philippe
    et al.
    FHNW, Windisch, Switzerland.
    Fischer, Simon
    FHNW, Windisch, Switzerland.
    Khazaei, Shahram
    EPFL, Lausanne, Switzerland.
    Meier, Willi
    FHNW, Windisch, Switzerland.
    Rechberger, Christian
    IAIK, Graz, Austria.
    New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba2008In: Fast Software Encryption, FSE 2008, LNCS 5086, 2008, p. 470-488Conference paper (Refereed)
    Abstract [en]

    The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet. We introduce a novel method for differential cryptanalysis of Salsa20 and ChaCha, inspired by correlation attacks and related to the notion of neutral bits. This is the first application of neutral bits in stream cipher cryptanalysis. It allows us to break the 256-bit version of Salsa20/8, to bring faster attacks on the 7-round variant, and to break 6- and 7-round ChaCha. In a second part, we analyze the compression function Rumba, built as the XOR of four Salsa20 instances and returning a 512-bit output. We find collision and preimage attacks for two simplified variants, then we discuss differential attacks on the original version, and exploit a high-probability differential to reduce complexity of collision search from 2^256 to 2^79 for 3-round Rumba. To prove the correctness of our approach we provide examples of collisions and near-collisions on simplified versions.

  • 2.
    Brier, Eric
    et al.
    Ingenico, France.
    Khazaei, Shahram
    EPFL, Switzerland.
    Meier, Willi
    FHNW, Switzerland.
    Peyrin, Thomas
    Ingenico, France.
    Linearization Framework for Collision Attacks: Application to CubeHash and MD62009In: ADVANCES IN CRYPTOLOGY - ASIACRYPT 2009 / [ed] Matsui, M, 2009, p. 560-577Conference paper (Refereed)
    Abstract [en]

    In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a conforming message pair whose differential trail follows a linear trail, a condition function is introduced so that finding a collision is equivalent to finding a preimage of the zero vector under the condition function. Then, the dependency table concept shows how much influence every input bit of the condition function has on each output bit. Careful analysis of the dependency table reveals degrees of freedom that can be exploited in accelerated preimage reconstruction under the condition function. These concepts are applied to an in-depth collision analysis of reduced-round versions of the two SHA-3 candidates Cube Hash and MD6, and are demonstrated to give by far the best currently known collision attacks on these SHA-3 candidates.

  • 3.
    Fischer, Simon
    et al.
    FHNW, Switzerland.
    Khazaei, Shahram
    EPFL, Switzerland.
    Meier, Willi
    FHNW, Switzerland.
    Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers2008In: PROGRESS IN CRYPTOLOGY: AFRICACRYPT 2008  , 2008, p. 236-245Conference paper (Refereed)
    Abstract [en]

    A recent framework for chosen IV statistical distinguishing analysis of stream ciphers is exploited and formalized to provide new methods for key recovery attacks. As an application, a key recovery attack on simplified versions of two eSTREAM Phase 3 candidates is given: For Grain-128 with IV initialization reduced to up to 180 of its 256 iterations, and for Trivium with IV initialization reduced to up to 672 of its 1152 iterations, it is experimentally demonstrated how to deduce a few key bits. Evidence is given that the present analysis is not applicable on Grain-128 or Trivium with full IV initialization.

  • 4.
    Hasanzadeh, Mahdi M.
    et al.
    Zaeim Electronic Industries Company, Tehran, Iran.
    Khazaei, Shahram
    Zaeim Electronic Industries Company, Tehran, Iran.
    Kholosha, Alexander
    The Selmer Center, University of Bergen, Bergen, Norway.
    On IV Setup of Pomaranch2006Conference paper (Refereed)
    Abstract [en]

    Pomaranch is a synchronous bit-oriented stream cipher submitted to eSTREAM, the ECRYPT Stream Cipher Project. Following the recently published chosen IV [1] and correlation [7] key-recovery attacks, the authors changed the configuration of jump registers and introduced two new key-IV setup procedures for the cipher. We call the updated version as Tweaked Pomaranch vs. Original Pomaranch [4]. In this paper we use the findings of [7] to mount a chosen IV key-recovery attack on the Original Pomaranch with computational complexity of O(273.5). The attack is also applicable to the first key-IV setup proposal for Tweaked Pomaranch with computational complexity of O(2 117.7).  The alternative key-IV setup for Tweaked Pomaranch is immune against our attack. Both versions of Pomaranch deal with 128 bit keys.

  • 5.
    Hasanzadeh, Mahdi M.
    et al.
    Zaeim Electronic Industries Company, Tehran, Iran.
    Shakour, Elham
    Zaeim Electronic Industries Company, Tehran, Iran.
    Khazaei, Shahram
    Zaeim Electronic Industries Company, Tehran, Iran.
    Improved Cryptanalysis of Polar Bear2006Conference paper (Refereed)
    Abstract [en]

    In this paper we propose a Guess-and-Determine based initial state recovery attack on Polar Bear, one of the ECRYPT stream cipher project candi-dates. The computational complexity and success probability of our attack are O(231) and 2-26.4 respectively. Our attack can be considered as one with compu-tational complexity of O(257.4) which is much better than the attack recently proposed by J. Mattsson with computational complexity of O(279).

  • 6.
    Helleseth, Tor
    et al.
    The Selmer Center, Department of Informatics, University of Bergen, Norway.
    Jansen, Cees J. A.
    Banksys NV, Brussels, Belgium.
    Khazaei, Shahram
    Zaeim Electronic Industries Company, Tehran, Iran.
    Kholosha, Alexander
    The Selmer Center, Department of Informatics, University of Bergen, Norway.
    Security of Jump Controlled Sequence Generators for Stream Ciphers2006In: Lecture notes in computer science, ISSN 0302-9743, Vol. 4086, p. 141-152Article in journal (Refereed)
    Abstract [en]

    The use of jump control technique provides efficient and secure ways for generating key-stream for stream ciphers. This design approach was recently implemented in some algorithms submitted to eSTREAM, the ECRYPT Stream Cipher Project. However, inappropriately chosen parameters for jumping constructions can completely undermine their security. In this paper we describe a new inherent property of jump registers that allows to construct linear relations in their output. We illustrate our results by building a key-recovery attack on the Pomaranch stream cipher. We also suggest a slight modification to the jump register configuration in Pomaranch that allows to protect against this type of attacks.

  • 7.
    Khazaei, Shahram
    et al.
    EPFL, Lausanne, Switzerland.
    Fischer, Simon
    FHNW, Windisch, Switzerland.
    Meier, Willi
    FHNW, Windisch, Switzerland.
    Reduced Complexity Attacks on the Alternating Step Generator2007In: Selected Areas in Cryptography / [ed] Adams, C; Miri, A; Wiener, M, Springer Berlin/Heidelberg, 2007, p. 1-16Conference paper (Refereed)
    Abstract [en]

    In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR's which produce a given segment of the output sequence. Our results compare well with previous results as they show a greater flexibility with regard to known output of the ASG, which amounts in reduced complexity. We will also give a closed form for the complexity of attacks on ASG (and SG) as presented in [13].

  • 8.
    Khazaei, Shahram
    et al.
    EPFL, Switzerland.
    Knellwolf, Simon
    FHNW, Switzerland.
    Meier, Willi
    FHNW, Switzerland.
    Stefan, Deian
    The Cooper Union, USA.
    Improved Linear Differential Attacks on CubeHash2010In: PROGRESS IN CRYPTOLOGY - AFRICACRYPT 2010 / [ed] Bernstein, DJ; Lange, T, Springer Berlin/Heidelberg, 2010, p. 407-418Conference paper (Refereed)
    Abstract [en]

    This paper presents improved collision attacks on round-reduced variants of the hash function CubeHash, one of the SHA-3 second round candidates. We apply two methods for finding linear differential trails that lead to lower estimated attack complexities when used within the framework introduced by Brier,.Khazaei, Meier and Peyrin at ASIA-CRYPT 2009. The first method yields trails that are relatively dense at the beginning and sparse towards the end. In combination with the condition function concept; such trails lead to much faster collision attacks. We demonstrate this by providing a. real collision for CubeHash-5/96. The second method randomizes the search for highly probable linear differential trails and leads to significantly better attacks for up to eight rounds.

  • 9.
    Khazaei, Shahram
    et al.
    EPFL, Switzerland.
    Meier, Willi
    FHNW, Switzerland.
    New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers2008In: PROGRESS IN CRYPTOLOGY - INDOCRYPT 2008 / [ed] Chowdhury, DR; Rijmen, V; Das, A, Springer Berlin/Heidelberg, 2008, p. 15-26Conference paper (Refereed)
    Abstract [en]

    In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F(C,K) where the attacker has the power to choose the public variable C. In this work we focus on self-synchronizing stream ciphers. First we show how to model these primitives in the above-mentioned general problem by relating appropriate functions F to the underlying ciphers. Then we apply the recently proposed framework presented at AfricaCrypt’08 by Fischer et. al. for dealing with this kind of problems to the proposed T-function based self-synchronizing stream cipher by Klimov and Shamir at FSE’05 and show how to deduce some non-trivial information about the key. We also open a new window for answering a crucial question raised by Fischer et. al. regarding the problem of finding weak IV bits which is essential for their attack.

  • 10.
    Khazaei, Shahram
    et al.
    EPFL, Switzerland.
    Meier, Willi
    FHNW, Switzerland.
    On Reconstruction of RC4 Keys from Internal States2008In: Mathematical Methods In Computer Science / [ed] Calmet, J; Geiselmann, W; MullerQuade, J, Springer Berlin/Heidelberg, 2008, p. 179-189Conference paper (Refereed)
    Abstract [en]

    In this work key recovery algorithms from the known internal states of RC4 are investigated. In particular, we propose a bit-by-bit approach to recover the key by starting from LSB's of the key bytes and ending with their MSB's.

  • 11.
    Khazaei, Shahram
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Moran, T.
    Wikström, Douglas
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    A mix-net from any CCA2 secure cryptosystem2012In: Advances in Cryptology – ASIACRYPT 2012: 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings / [ed] Xiaoyun Wang, Kazue Sako, Springer, 2012, p. 607-625Conference paper (Refereed)
    Abstract [en]

    We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ - 1, k - λ) mix-servers are corrupted. The main component of our construction is a mix-net that outputs the correct result if all mix-servers behaved honestly, and aborts with probability 1 - O(H-(t-1)) otherwise (without disclosing anything about the inputs), where t is an auxiliary security parameter and H is the number of honest parties. The running time of this protocol for long messages is roughly 3tc, where c is the running time of Chaum's mix-net (1981).

  • 12.
    Khazaei, Shahram
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Terelius, Björn
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Wikström, Douglas
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Cryptanalysis of a Universally Verifiable Efficient Re-encryption Mixnet2012Manuscript (preprint) (Other academic)
    Abstract [en]

    We study the heuristically secure mix-net proposed by Puiggal´ı and Guasch (EVOTE2010). We present practical attacks on both correctness and privacy for some sets of parametersof the scheme. Although our attacks only allow us to replace a few inputs, or tobreak the privacy of a few voters, this shows that the scheme can not be proven secure.

  • 13.
    Khazaei, Shahram
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Wikström, Douglas
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Randomized partial checking revisited2013In: Lect. Notes Comput. Sci., 2013, p. 115-128Conference paper (Refereed)
    Abstract [en]

    We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net. We identify serious issues in the original description of mix-nets with RPC and show how to exploit these to break both correctness and privacy, both for Chaumian and homomorphic mix-nets. Our attacks are practical and applicable to real world mix-net implementations, e.g., the Civitas and the Scantegrity voting systems.

  • 14.
    Khazaei, Shahram
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Wikström, Douglas
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Randomized Partial Checking Revisited2012Manuscript (preprint) (Other academic)
    Abstract [en]

    We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net.

    We identify serious issues in the original description of mix-nets with RPC and show how to exploit these to break both correctness and privacy, both for Chaumian and homomorphic mix-nets. Our attacks are practical and applicable to real world mix-net implementations, e.g., the Civitas and the Scantegrity voting systems.

  • 15.
    Kiaei, Mohammad S.
    et al.
    Sharif University of Technology, Tehran, Iran .
    Ghaemmaghami, Shahrokh
    Sharif University of Technology, Tehran, Iran .
    Khazaei, Shahram
    Sharif University of Technology, Tehran, Iran .
    Efficient Fully Format Compliant Selective Scrambling Methods for Compressed Video Streams2006In: Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, AICT/ICIW'06, 2006, p. 42-Conference paper (Refereed)
    Abstract [en]

    Format compliance, a desirable feature of multimedia security systems, means that the secured bitstream resembles the unprotected compressed bitstream. It is called full format compliance, if the scrambled stream can be decoded by a typical decoder. In this paper, we address the issues that are to be carefully taken into account to develop efficient fully format compliant scrambling methods for compressed video. We also propose new selective scrambling methods for securing compressed video streams. The security issues, in different parts of these scrambling methods, are analyzed and their impact on bit-rate and complexity is discussed. We show that our scrambling methods provide significantly higher security and full format compliance, while having less impact on bit-rate and encoding/decoding complexity, as compared to existing semi-format compliant scrambling methods. The proposed techniques are integrated into the baseline mode of H.263 low bit-rate video coding standard.

  • 16.
    Tsunoo, Yukiyasu
    et al.
    NEC Corporation, Kawasaki, Japan.
    Saito, Teruo
    NEC Software Hokuriku Ltd. Hakusan, Japan.
    Shigeri, Maki
    NEC Software Hokuriku Ltd. Hakusan, Japan.
    Suzaki, Tomoyasu
    NEC Software Hokuriku Ltd. Hakusan, Japan.
    Ahmadi, Hadi
    School of Electrical Engineering, Sharif University of Technology, Tehran, Iran..
    Eghlidos, Taraneh
    Electronics Research Center, Sharif University of Technology, Tehran, Iran..
    Khazaei, Shahram
    Zaeim Electronic Industries Company, Tehran, Iran..
    Evaluation of SOSEMANUK with regard to guess-and-determine attacks2006Conference paper (Refereed)
    Abstract [en]

    This paper describes the attack on SOSEMANUK, one of the stream ciphers proposed at eSTREAM (the ECRYPT Stream Ci-pher Project) in 2005. The cipher features the variable secret key length from 128-bit up to 256-bit and 128-bit initial vector. The basic operation of the cipher is performed in a unit of 32 bits i.e. \word", and each word generates keystream. This paper shows the result of guess-and-determine attack made on SOSEMANUK. The attack method enables to determine all of 384-bit internal state just after the initialization, using only 2 4 -word keystream. This attack needs about 2224 computations. Thus, when secret key length is longer than 224-bit, it needs less computational e®ort than an exhaustive key search, to break SOSEMANUK. The results show that the cipher has still the 128-bit security as claimed by its designers.

1 - 16 of 16
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf