An Braeken
Katholieke Universiteit Leuven
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by An Braeken.
international conference on cryptology in india | 2005
An Braeken; Bart Preneel
In this paper, we analyze the algebraic immunity of symmetric Boolean functions. The algebraic immunity is a property which measures the resistance against the algebraic attacks on symmetric ciphers. We identify a set of lowest degree annihilators for symmetric functions and propose an efficient algorithm for computing the algebraic immunity of a symmetric function. The existence of several symmetric functions with maximum algebraic immunity is proven. In this way, we have found a new class of functions which have good implementation properties and maximum algebraic immunity.
theory and application of cryptographic techniques | 2003
Alex Biryukov; Christophe De Cannièere; An Braeken; Bart Preneel
This paper presents two algorithms for solving the linear and the affine equivalence problem for arbitrary permutations (S-boxes). For a pair of n × n-bit permutations the complexity of the linear equivalence algorithm (LE) is O(n32n). The affine equivalence algorithm (AE) has complexity O(n322n). The algorithms are efficient and allow to study linear and affine equivalences for bijective S-boxes of all popular sizes (LE is efficient up to n ≤ 32). Using these tools new equivalent representations are found for a variety of ciphers: Rijndael, DES, Camellia, Serpent, Misty, Kasumi, Khazad, etc. The algorithms are furthermore extended for the case of non-bijective n to m-bit S-boxes with a small value of |n - m| and for the case of almost equivalent S-boxes. The algorithms also provide new attacks on a generalized Even-Mansour scheme. Finally, the paper defines a new problem of S-box decomposition in terms of Substitution Permutations Networks (SPN) with layers of smaller S-boxes. Simple information-theoretic bounds are proved for such decompositions.
the cryptographers track at the rsa conference | 2005
An Braeken; Christopher Wolf; Bart Preneel
The Unbalanced Oil and Vinegar scheme (UOV) is a signature scheme based on multivariate quadratic equations. It uses m equations and n variables. A total of v of these are called “vinegar variables”. In this paper, we study its security from several points of view. First, we are able to demonstrate that the constant part of the affine transformation does not contribute to the security of UOV and should therefore be omitted. Second, we show that the case n ≥ 2m is particularly vulnerable to Grobner basis attacks. This is a new result for UOV over fields of odd characteristic. In addition, we investigate a modification proposed by the authors of UOV, namely to chose coefficients from a small subfield. This leads to a smaller public key. But due to the smaller key-space, this modification is insecure and should therefore be avoided. Finally, we demonstrate a new attack which works well for the case of small v. It extends the affine approximation attack from Youssef and Gong against the Imai-Matsumoto Scheme B for odd characteristic and applies it against UOV. This way, we point out serious vulnerabilities in UOV which have to be taken into account when constructing signature schemes based on UOV.
international workshop on security | 2004
Christopher Wolf; An Braeken; Bart Preneel
In this paper, we study the new class step-wise Triangular Schemes (STS) of public key cryptosystems (PKC) based on multivariate quadratic polynomials. In these schemes, we have m the number of equations, n the number of variables, L the number of steps/layers, r the number of equations/variables per step, and q the size of the underlying field. We present two attacks on the STS class by exploiting the chain of the kernels of the private key polynomials. The first attack is an inversion attack which computes the message/signature for given ciphertext/message in O(mn3Lqr + n2Lrqr), the second is a structural attack which recovers an equivalent version of the secret key in O(mn3Lqr + mn4) operations. Since the legitimate user has workload qr for decrypting/computing a signature, the attacks presented in this paper are very efficient. As an application, we show that two special instances of STS, namely RSE(2)PKC and RSSE(2)PKC, recently proposed by Kasahara and Sakai, are insecure.
international conference on selected areas in cryptography | 2005
An Braeken; Joseph Lano
A vast amount of literature on stream ciphers is directed to the cryptanalysis of LFSR-based filters and combiners, resulting in various cryptanalytic attacks. In this paper, we present a unified framework for the security of a design against these attacks based on the properties of the LFSR(s) and the Boolean function used. It is explained why building nonlinear filters seems more practical than building nonlinear combiners. We also investigate concrete building blocks that offer a good trade-off in their resistance against these various attacks, and can at the same time be used to build a low-cost synchronous stream cipher for hardware applications.
international conference on cryptology in india | 2004
An Braeken; Ventzislav Nikov; Svetla Nikova; Bart Preneel
By considering a new metric, we generalize cryptographic properties of Boolean functions such as resiliency and propagation characteristics. These new definitions result in a better understanding of the properties of Boolean functions and provide a better insight in the space defined by this metric. This approach leads to the construction of “hand-made” Boolean functions, i.e., functions for which the security with respect to some specific monotone sets of inputs is considered, instead of the security with respect to all possible monotone sets with the same cardinality, as in the usual definitions. This approach has the advantage that some trade-offs between important properties of Boolean functions can be relaxed.
international colloquium on automata languages and programming | 2005
An Braeken; Yuri L. Borissov; Svetla Nikova; Bart Preneel
This paper presents an efficient approach to the classification of the affine equivalence classes of cosets of the first order Reed-Muller code with respect to cryptographic properties such as correlation-immunity, resiliency and propagation characteristics. First, we apply the method to completely classify with this respect all the 48 classes into which the general affine group AGL(2,5) partitions the cosets of RM(1,5). Second, after distinguishing the 34 affine equivalence classes of cosets of RM(1,6) in RM(3,6) we perform the same classification for these classes.
Designs, Codes and Cryptography | 2006
Christopher Wolf; An Braeken; Bart Preneel
AbstractIn 2003 and 2004, Kasahara and Sakai suggested the two schemes RSE(2)PKC and RSSE(2)PKC, respectively. Both are examples of public key schemes based onn
Lecture Notes in Computer Science | 2005
An Braeken; Bart Preneel
3rd International Conference on Theoretical Computer Science 2004 | 2004
An Braeken; Christopher Wolf; Bart Preneel
mathcal{M}