Niels Ferguson

Improved Cryptanalysis of Rijndael

We improve the best attack on Rijndael reduced to 6 rounds from complexity 272 to 244. We also present the first known attacks on 7- and 8-round Rijndael. The attacks on 8-round Rijndael work for 192- bit and 256-bit keys. Finally, we discuss the key schedule of Rijndael and describe a related-key attack that can break 9-round Rijndael with 256-bit keys.

Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive

Helix is a high-speed stream cipher with a built-in MAC functionality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can effectively switch keys on a per-message basis without additional overhead.

A Simple Algebraic Representation of Rijndael

We show that there is a very straightforward closed algebraic formula for the Rijndael block cipher. This formula is highly structured and far simpler then algebraic formulations of any other block cipher we know. The security of Rijndael depends on a new and untested hardness assumption: it is computationally infeasible to solve equations of this type. The lack of research on this new assumption raises concerns over the wisdom of using Rijndael for security-critical applications.

Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator

We describe the design of Yarrow, a family of cryptographic pseudo-random number generators (PRNG). We describe the concept of a PRNG as a separate cryptographic primitive, and the design principles used to develop Yarrow. We then discuss the ways that PRNGs can fail in practice, which motivates our discussion of the components of Yarrow and how they make Yarrow secure. Next, we define a specific instance of a PRNG in the Yarrow family that makes use of available technology today. We conclude with a brief listing of open questions and intended improvements in future releases.

Security Weaknesses in a Randomized Stream Cipher

TriStrata appears to have implemented a variation of Maurer’s randomised cipher. We define a variation of Maurer’s cipher that appears to be similar to the TriStrata version, and show several cryptanalytical attacks against our variant.