Progress in cryptology -- INDOCRYPT 2010 : 11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010 : proceedings

Strong Pseudorandompermutations or SPRPs,which were introduced byLuby andRacko? [4], formalize the well established cryptographic notion ofblock ciphers.They provided a construction of SPRP, well known as LRconstruction, which was motivated by the structure of DES[6].The basicbuildingblock is the so called 2n-bit Feistel permutation (or LR round permutation) LR based F K on an n-bitpseudorandomfunction (PRF) F : K n LR (x ,x)=(F (x )?x ,x ),x ,x?{0,1} . F 1 2 K 1 2 1 1 2 K Theirconstruction consists (see Fig 1) offour rounds of Feistel permutations (or three rounds, for PRP), each round involves an application ofanindependent PRF(i.e.with independentrandomkeys K ,K ,K , and K ). More precisely, 1 2 3 4 LR and LR are PRP and SPRP respectively where K ,K ,K K ,K ,K ,K 1 2 3 1 2 3 4 LR := LR := LR (...(LR (*))...). K ,...,K F ,...,F F F 1 r K K K K r r 1 1 After this work, many results are known improvingperformance (reducingthe number of invocations of F )[5] and reducingthekey-sizes (i.e. reusingthe K roundkeys [7,8,10,12,11] orgenerate more keysfromsinglekey by usinga PRF[2]). However there are some limitations.Forexample,wecannotuseas few as single-keyLR (unless wetweak the roundpermutation) orasfew as two-roundsince they are not secure. Distinguishing attacks forsome other LR constructionsarealso known [8]. We list some oftheknow related results (see Table 1). Here all keys K ,K ,...are independently chosen.

Invited Talk.- Getting a Few Things Right and Many Things Wrong.- Security of RSA and Multivariate Schemes.- Partial Key Exposure Attack on RSA – Improvements for Limited Lattice Dimensions.- Towards Provable Security of the Unbalanced Oil and Vinegar Signature Scheme under Direct Attacks.- CyclicRainbow – A Multivariate Signature Scheme with a Partially Cyclic Public Key.- Security Analysis, Pseudorandom Permutations and Applications.- Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols.- Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations.- The Characterization of Luby-Rackoff and Its Optimum Single-Key Variants.- Versatile Prêt à Voter: Handling Multiple Election Methods with a Unified Interface.- Invited Talk.- Cryptographic Hash Functions: Theory and Practice.- Hash Functions.- Cryptanalysis of Tav-128 Hash Function.- Near-Collisions for the Reduced Round Versions of Some Second Round SHA-3 Compression Functions Using Hill Climbing.- Speeding Up the Wide-Pipe: Secure and Fast Hashing.- Attacks on Block Ciphers and Stream Ciphers.- New Boomerang Attacks on ARIA.- Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers.- The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA.- Greedy Distinguishers and Nonrandomness Detectors.- Fast Cryptographic Computation.- Polynomial Multiplication over Binary Fields Using Charlier Polynomial Representation with Low Space Complexity.- Random Euclidean Addition Chain Generation and Its Application to Point Multiplication.- Cryptanalysis of AES.- Attack on a Higher-Order Masking of the AES Based on Homographic Functions.- Improved Impossible Differential Cryptanalysis of 7-Round AES-128.- Cryptanalysis ofa Perturbated White-Box AES Implementation.- Efficient Implementation.- A Program Generator for Intel AES-NI Instructions.- ECC2K-130 on NVIDIA GPUs.- One Byte per Clock: A Novel RC4 Hardware.