Questions tagged [block-cipher]
A block cipher is an encryption algorithm which encrypts fixed-size blocks of plaintext to same-sized blocks of ciphertext. For good ciphers every bit of the ciphertext block depends on every bit of the plaintext block and every bit of the key.
1,126
questions
3
votes
2
answers
113
views
What are advantages/disadvantages of an invertible tweak schedule in a tweakable block cipher?
I have been doing research on a tweakable block cipher called BipBip. This is a rather niche cipher so I'll give a few facts about it for background before asking my question:
The structure is based ...
- 31
0
votes
0
answers
41
views
Parallel block cipher in CTR mode and variable number of threads: how to deal with internal state and permit decryption?
I'm implementing a parallel block cipher (Morus, to be precise) in CTR mode and I'd like to make it flexible with respect to the number of threads. It is not difficult per se, as I can partition the ...
- 101
4
votes
1
answer
187
views
How to prove the conclusion " linear operation $\mathsf{XOR}$ does not affect the division property"?
Division property is proposed as a generalized integral property at Eurocrypt 2015 by Yosuke Todo in his paper Structural evaluation by generalized integral property, And in paper Integral ...
- 143
1
vote
1
answer
48
views
Is there a 4 by 4 NMDS matrix which is better than M= [[0,1,1,1], [1,0,1,1], [1,1,0,1], [1,1,1,0]] used in MIDORI?
Let
$$M= \begin{bmatrix}0&1&1&1\\ 1&0&1&1\\ 1&1&0&1\\ 1&1&1&0\end{bmatrix}$$
which is used in the block ciphers MIDORI and MANTIS. Of course this matrix ...
2
votes
1
answer
70
views
Which was the first cipher that used the Maximum distance separable (MDS) matrix?
MDS matrices are used in the diffusion layer of block ciphers. I am interested in knowing who was the first researcher(s) who used an MDS matrix in their cipher. Thanks in advance.
5
votes
1
answer
1k
views
Can unauthenticated encryption be broken if the encrypted data looks random?
If we have some random data (with length a multiple of block size to avoid padding) and encrypt it with a block cipher with a weak key (maybe it's derived from a four digit number for example), would ...
- 752
1
vote
0
answers
73
views
New Impossible Differential Attacks on AES reduce time complexity
I am interested in the following snippet from the paper New Impossible Differential Attacks on AES.
Analysis of Steps 3–4 of the 7-Round Attack in the 8-Round Attack
The most time consuming steps of ...
- 41
0
votes
1
answer
55
views
Does truncating a CBC ciphertext result in a truncated plaintext?
I want to know why in the CBC cipher, if we truncate the first block in the ciphertext then the corresponding plaintext block is truncated in the same way. I have an equation for the plaintext $m_i$ ...
- 75
2
votes
0
answers
29
views
Can a differential attack on FEAL4 yield multiple valid keys?
For my version of this attack I used the FEAL4 version depicted here http://theamazingking.com/crypto-feal.php and in the book "Applied Cryptanalysis Breaking Ciphers in the Real World -- Mark ...
2
votes
0
answers
46
views
Design criteria of block ciphers in quantum setting
Some design criteria of block ciphers are already known for the resistance against known attacks like differential, linear , boomerang, etc. Does there already exist any study of design criteria of ...
- 31
1
vote
1
answer
106
views
When using AES, is doing encryption followed by decryption with the same key efficient?
It seems that rekeying between block cipher calls of AES is expensive. Meaning that calling $AESenc(K_1,M_1)$ and then calling $AESenc(K_2,M_2)$ with $K_1 \ne K_2$ is slower than calling $AESenc(K_1,...
- 55
1
vote
1
answer
54
views
Differential uniformity of vectorial Boolean function
What could we say about differential uniformity of (a vectorial Boolean function) $F = f+g \pmod 2$ (i.e. XOR) in terms of differential uniformity of $f$ and $g$?
- 31
1
vote
1
answer
189
views
Statistical differences between ciphertexts generated by AES in ECB vs CBC mode?
Given two ciphertexts encrypting the same (natural language) plaintext, where we know that one of the ciphertexts was encrypted with AES-CBC (and unknown IV) and one was encrypted with AES in EBC mode,...
- 113
0
votes
0
answers
19
views
Understanding the Simplified Perspective in OCB Security Proof: Exploring the Role of Collisions and Oracle Models
In the security proof of OCB (Offset Codebook Mode), it appears that only collisions at the input and output of the block cipher are considered.
Typically, security proofs for cryptographic modes ...
- 1
3
votes
1
answer
283
views
Are block ciphers still relevant in 2024?
Is the general approach of block ciphers still relevant when we have secure and performant pure stream ciphers?
For example, TLS 1.3 supports both AES-GCM and chacha20-Poly1305. But I don't understand ...
- 129