Alexander Maximov

Fast computation of large distributions and its cryptographic applications

Algebra and Number Theory.- Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log.- Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log?.- Adapting Density Attacks to Low-Weight Knapsacks.- Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains.- Multiparty Computation.- Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation.- Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations.- Revealing Additional Information in Two-Party Computations.- Zero Knowledge and Secret Sharing.- Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation.- Parallel Multi-party Computation from Linear Multi-secret Sharing Schemes.- Updatable Zero-Knowledge Databases.- Information and Quantum Theory.- Simple and Tight Bounds for Information Reconciliation and Privacy Amplification.- Quantum Anonymous Transmissions.- Privacy and Anonymity.- Privacy-Preserving Graph Algorithms in the Semi-honest Model.- Spreading Alerts Quietly and the Subgroup Escape Problem.- A Sender Verifiable Mix-Net and a New Proof of a Shuffle.- Universally Anonymizable Public-Key Encryption.- Cryptanalytic Techniques.- Fast Computation of Large Distributions and Its Cryptographic Applications.- An Analysis of the XSL Algorithm.- Stream Cipher Cryptanalysis.- New Applications of Time Memory Data Tradeoffs.- Linear Cryptanalysis of the TSC Family of Stream Ciphers.- A Practical Attack on the Fixed RC4 in the WEP Mode.- A Near-Practical Attack Against B Mode of HBB.- Block Ciphers and Hash Functions.- New Improvements of Davies-Murphy Cryptanalysis.- A Related-Key Rectangle Attack on the Full KASUMI.- Some Attacks Against a Double Length Hash Proposal.- A Failure-Friendly Design Principle for Hash Functions.- Bilinear Maps.- Identity-Based Hierarchical Strongly Key-Insulated Encryption and Its Application.- Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps.- Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps.- Key Agreement.- Modular Security Proofs for Key Agreement Protocols.- A Simple Threshold Authenticated Key Exchange from Short Secrets.- Examining Indistinguishability-Based Proof Models for Key Establishment Protocols.- Provable Security.- Server-Aided Verification: Theory and Practice.- Errors in Computational Complexity Proofs for Protocols.- Signatures.- Universal Designated Verifier Signature Proof (or How to Efficiently Prove Knowledge of a Signature).- Efficient Designated Confirmer Signatures Without Random Oracles or General Zero-Knowledge Proofs.- Universally Convertible Directed Signatures.Let X-1, X-2, ... , X-k be independent n bit random variables. If they have arbitrary distributions, we show how to compute distributions like Pr{X-1 circle plus X-2 circle plus (...) circle plus X-k} and Pr{X-1 boxed plus X-2 boxed plus (...) boxed plus X-k} in complexity O(kn2(n)). Furthermore, if X-1, X-2, ... X-k are uniformly distributed we demonstrate a large class of functions F(X-1, X-2, ... X-k), for which we can compute their distributions efficiently. These results have applications in linear cryptanalysis of stream ciphers as well as block ciphers. A typical example is the approximation obtained when additions modulo 2(n) are replaced by bitwise addition. The efficiency of such an approach is given by the bias of a distribution of the above kind. As an example, we give a new improved distinguishing attack on the stream cipher SNOW 2.0.

A Stream Cipher Proposal: Grain-128

A new stream cipher, Grain-128, is proposed. The design is very small in hardware and it targets environments with very limited resources in gate count, power consumption, and chip area. Grain-128 supports key size of 128 bits and IV size of 96 bits. The design is very simple and based on two shift registers, one linear and one nonlinear, and an output function

The Grain Family of Stream Ciphers

A new family of stream ciphers, Grain, is proposed. Two variants, a 80-bit and a 128-bit variant are specified, denoted Grain and Grain-128 respectively. The designs target hardware environments where gate count, power consumption and memory are very limited. Both variants are based on two shift registers and a nonlinear output function. The ciphers also have the additional feature that the speed can be easily increased at the expense of extra hardware.

Cryptanalysis of grain

Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 243 computations and 238 keystream bits to determine the 80-bit key.

An improved correlation attack on a5/1

A new approach to attack A5/1 is proposed. The proposed attack is a refinement of a previous attack by Ekdahl and Johansson. We make two important observations that lead to a new attack with improved performance.

Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers

At FSE 2004 two new stream ciphers VMPC and RC4A have been proposed. VMPC is a generalisation of the stream cipher RC4, whereas RC4A is an attempt to increase the security of RC4 by introducing an additional permuter in the design. This paper is the first work presenting attacks on VMPC and RC4A. We propose two linear distinguishing attacks, one on VMPC of complexity 254, and one on RC4A of complexity 258. We investigate the RC4 family of stream ciphers and show some theoretical weaknesses of such constructions.

Attack the dragon

Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NLFSR and produce the keystream. The internal state of the cipher is 1088 bits, i.e., any kinds of TMD attacks are not applicable. In this paper we present two statistical distinguishers that distinguish Dragon from a random source both requiring around O(2155) words of the keystream. In the first scenario the time complexity is around O(2155+32) with the memory complexity O(232), whereas the second scenario needs only O(2155) of time, but O(296) of memory. The attack is based on a statistical weakness introduced into the keystream by the filter function F. This is the first paper presenting an attack on Dragon, and it shows that the cipher does not provide full security when the key of size 256 bits is used.

A linear distinguishing attack on Scream

A linear distinguishing attack on the stream cipher Scream is proposed. When the keystream is of length 298 words, the distinguisher has a detectable advantage. When the keystream length is around 2120 the advantage is very close to 1. This shows certain weaknesses of Scream. In the process, the paper introduces new general ideas on how to improve the performance of linear distinguishing attacks on stream ciphers.