08893nam 22008295 450 991014345850332120250730110336.03-540-48519-810.1007/3-540-48519-8(CKB)1000000000211091(SSID)ssj0000323099(PQKBManifestationID)11212799(PQKBTitleCode)TC0000323099(PQKBWorkID)10296392(PQKB)11720453(DE-He213)978-3-540-48519-3(MiAaPQ)EBC3071996(MiAaPQ)EBC6495025(PPN)15516788X(BIP)5692072(EXLCZ)99100000000021109120121227d1999 u| 0engurnn|008mamaatxtccrFast Software Encryption 6th International Workshop, FSE'99 Rome, Italy, March 24-26, 1999 Proceedings /edited by Lars Knudsen1st ed. 1999.Berlin, Heidelberg :Springer Berlin Heidelberg :Imprint: Springer,1999.1 online resource (VIII, 324 p.) Lecture Notes in Computer Science,1611-3349 ;1636Includes index.3-540-66226-X Includes bibliographical references and index.Advanced Encryption Standard -- Improved Analysis of Some Simplified Variants of RC6 -- Linear Cryptanalysis of RC5 and RC6 -- A Revised Version of CRYPTON: CRYPTON V1.0 -- Attack on Six Rounds of CRYPTON -- On the Security of the 128-bit Block Cipher DEAL -- Cryptanalysis of a Reduced Version of the Block Cipher E2 -- On the Decorrelated Fast Cipher (DFC) and Its Theory -- Remotely Keyed Encryption -- Scramble All, Encrypt Small -- Accelerated Remotely Keyed Encryption -- Analysis of Block Ciphers I -- Miss in the Middle Attacks on IDEA and Khufu -- Mod n Cryptanalysis, with Applications against RC5P and M6 -- The Boomerang Attack -- Miscellaneous -- Towards Making Luby-Rackoff Ciphers Optimal and Practical -- A New Characterization of Almost Bent Functions -- Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers -- Modes of Operation -- On the Security of Double and 2-Key Triple Modes of Operation -- On the Construction of Variable-Input-Length Ciphers -- Analysis of Block Ciphers II -- Slide Attacks -- On the Security of CS-Cipher -- Interpolation Attacks of the Block Cipher: SNAKE -- Stream Ciphers -- High-Speed Pseudorandom Number Generation with Small Memory -- SOBER Cryptanalysis.TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 . . . . . . . . . . . . . . . . . . . . . . . 1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0. . . . . . . . . . . . . . . . . . . . . . . . . 31 C. H. Lim AttackonSixRoundsofCRYPTON. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 C. D''Halluin,G. Bijnens,V. Rijmen,andB. Preneel OntheSecurityofthe128-bitBlockCipherDEAL. . . . . . . . . . . . . . . . . . . . . . . . . 60 S. Lucks CryptanalysisofaReducedVersionoftheBlockCipherE2. . . . . . . . . . . . . . . . . 71 M. MatsuiandT. Tokita OntheDecorrelatedFastCipher(DFC)andItsTheory. . . . . . . . . . . . . . . . . . . . 81 L. R. KnudsenandV. Rijmen RemotelyKeyedEncryption ScrambleAll,EncryptSmall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 M. Jakobsson,J. P. Stern,andM. Yung AcceleratedRemotelyKeyedEncryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 S. Lucks AnalysisofBlockCiphersI MissintheMiddleAttacksonIDEAandKhufu. . . . . . . . . . . . . . . . . . . . . . . . . . . 124 E. Biham,A. Biryukov,andA. Shamir ModnCryptanalysis,withApplicationsagainstRC5PandM6. . . . . . . . . . . . 139 J. Kelsey,B. Schneier,andD. Wagner TheBoomerangAttack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 D. Wagner Miscellaneous TowardsMakingLuby-Racko CiphersOptimalandPractical . . . . . . . . . . . . . 171 S. Patel,Z. Ramzan,andG. S. Sundaram ANewCharacterizationofAlmostBentFunctions. . . . . . . . . . . . . . . . . . . . . . . . . 186 A. Canteaut,P. Charpin,andH. Dobbertin ImprimitivePermutationGroupsandTrapdoorsinIteratedBlockCiphers. 201 K. G. Paterson VIII TableofContents ModesofOperation OntheSecurityofDoubleand2-KeyTripleModesofOperation. . . . . . . . . . . 215 H. HandschuhandB. Preneel OntheConstructionofVariable-Input-LengthCiphers. . . . . . . . . . . . . . . . . . . . 231 M. BellareandP. Rogaway AnalysisofBlockCiphersII SlideAttacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 A. BiryukovandD. Wagner OntheSecurityofCS-Cipher. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 S. Vaudenay InterpolationAttacksoftheBlockCipher:SNAKE. . . . . . . . . . . . . . . . . . . . . . . . 275 S. Moriai,T. Shimoyama,andT. Kaneko StreamCiphers High-SpeedPseudorandomNumberGenerationwithSmallMemory. . . . . . . 290 W. Aiello,S. Rajagopalan,andR. Venkatesan SOBERCryptanalysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 D. BleichenbacherandS. Patel AuthorIndex. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 ImprovedAnalysisof SomeSimpli edVariantsofRC6 1 2 1 1 ScottContini ,RonaldL. Rivest ,M. J. B. Robshaw ,andYiqunLisaYin 1 RSALaboratories,2955CampusDrive SanMateo,CA94403,USA fscontini,matt,yiqung@rsa. com 2 M. I. T. LaboratoryforComputerScience,545TechnologySquare Cambridge,MA02139,USA rivest@theory. lcs. mit.Lecture Notes in Computer Science,1611-3349 ;1636CryptographyData encryption (Computer science)Computer programmingAlgorithmsCoding theoryInformation theoryElectronic data processingManagementCryptologyProgramming TechniquesAlgorithmsCoding and Information TheoryIT OperationsCryptography.Data encryption (Computer science)Computer programming.Algorithms.Coding theory.Information theory.Electronic data processingManagement.Cryptology.Programming Techniques.Algorithms.Coding and Information Theory.IT Operations.005.82Knudsen Lars1962-FSE'99MiAaPQMiAaPQMiAaPQBOOK9910143458503321Fast Software Encryption772084UNINA