Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Håvard Raddum is active.

Publication


Featured researches published by Håvard Raddum.


Mobile Computing and Communications Review | 2004

Weaknesses in the temporal key hash of WPA

Vebjørn Moen; Håvard Raddum; Kjell Hole

This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key. This is not a practical attack on WPA, but it shows that parts of WPA are weak on their own. Using this attack it is possible to do a TK recovery attack on WPA with complexity O(2105) compared to a brute force attack with complexity O (2128).


fast software encryption | 2008

Bit-Pattern Based Integral Attack

Muhammad Reza Z'aba; Håvard Raddum; Matthew Henricksen; Ed Dawson

Integral attacks are well-known to be effective against byte-based block ciphers. In this document, we outline how to launch integral attacks against bit-based block ciphers. This new type of integral attack traces the propagation of the plaintext structure at bit-level by incorporating bit-pattern based notations. The new notation gives the attacker more details about the properties of a structure of cipher blocks. The main difference from ordinary integral attacks is that we look at the pattern the bits in a specific position in the cipher block has through the structure. The bit-pattern based integral attack is applied to Noekeon, Serpent and present reduced up to 5, 6 and 7 rounds, respectively. This includes the first attacks on Noekeon and present using integral cryptanalysis. All attacks manage to recover the full subkey of the final round.


Designs, Codes and Cryptography | 2008

Solving Multiple Right Hand Sides linear equations

Håvard Raddum; Igor A. Semaev

A new method for solving algebraic equation systems common in cryptanalysis is proposed. Our method differs from the others in that the equations are not represented as multivariate polynomials, but as a system of Multiple Right Hand Sides linear equations. The method was tested on scaled versions of the AES. The results overcome significantly what was previously achieved with Gröbner Basis related algorithms.


international conference on selected areas in cryptography | 2007

MRHS equation systems

Håvard Raddum

We show how to represent a non-linear equation over GF(2) using linear systems with multiple right hand sides. We argue that this representation is particularly useful for constructing equation systems describing ciphers using an S-box as the only means for non-linearity. Several techniques for solving systems of such equations were proposed in earlier work, and are also explained here. Results from experiments with DES are reported. Finally we use our representation to link a particular problem concerning vector spaces to the security of ciphers with S-boxes as the only non-linear operation.


AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard | 2004

More dual rijndaels

Håvard Raddum

It is well known that replacing the irreducible polynomial used in the AES one can produce 240 dual ciphers. In this paper we present 9120 other representations of GF(28), producing more ciphers dual to the AES. We also show that if the matrix used in the S-box of Rijndael is linear over a larger field than GF(2), this would have implications for the XSL attack.


SETA'12 Proceedings of the 7th international conference on Sequences and Their Applications | 2012

Solving compressed right hand side equation systems with linear absorption

Thorsten Ernst Schilling; Håvard Raddum

In this paper we describe an approach for solving complex multivariate equation systems related to algebraic cryptanalysis. The work uses the newly introduced Compressed Right Hand Sides (CRHS) representation, where equations are represented using Binary Decision Diagrams (BDD). The paper introduces a new technique for manipulating a BDD, similar to swapping variables in the well-known sifting-method. Using this technique we develop a new solving method for CRHS equation systems. The new algorithm is successfully tested on systems representing reduced variants of Trivium.


workshop in information security theory and practice | 2010

Security analysis of mobile phones used as OTP generators

Håvard Raddum; Lars Hopland Nestås; Kjell Hole

The Norwegian company Encap has developed protocols enabling individuals to use their mobile phones as one-time password (OTP) generators. An initial analysis of the protocols reveals minor security flaws. System-level testing of an online bank utilizing Encaps solution then shows that several attacks allow a malicious individual to turn his own mobile phone into an OTP generator for another individuals bank account. Some of the suggested countermeasures to thwart the attacks are already incorporated in an updated version of the online banking system.


international conference on arithmetic of finite fields | 2010

Solving equation systems by agreeing and learning

Thorsten Ernst Schilling; Håvard Raddum

We study sparse non-linear equation systems defined over a finite field. Representing the equations as symbols and using the Agreeing algorithm we show how to learn and store new knowledge about the system when a guess-and-verify technique is used for solving. Experiments are then presented, showing that our solving algorithm compares favorably to MiniSAT in many instances.


SETA '08 Proceedings of the 5th international conference on Sequences and Their Applications | 2008

On the Number of Linearly Independent Equations Generated by XL

Sondre Rønjom; Håvard Raddum

Solving multivariate polynomial equation systems has been the focus of much attention in cryptography in the last years. Since most ciphers can be represented as a system of such equations, the problem of breaking a cipher naturally reduces to the task of solving them. Several papers have appeared on a strategy known as eXtended Linearization(XL) with a view to assessing its complexity. However, its efficiency seems to have been overestimated and its behaviour has yet to be fully understood. Our aim in this paper is to fill in some of these gaps in our knowledge of XL. In particular, by examining how dependencies arise from multiplication by monomials, we give a formula from which the efficiency of XL can be deduced for multivariate polynomial equations over


selected areas in cryptography | 2001

A Differential Attack on Reduced-Round SC2000

Håvard Raddum; Lars R. Knudsen

\mathbb{F}_2.

Collaboration


Dive into the Håvard Raddum's collaboration.

Top Co-Authors

Avatar

Lars R. Knudsen

Technical University of Denmark

View shared research outputs
Top Co-Authors

Avatar

Louis Granboulan

École Normale Supérieure

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Eli Biham

Technion – Israel Institute of Technology

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Ed Dawson

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar
Researchain Logo
Decentralizing Knowledge