Fast software encryption : 8th International Workshop, FSE 2001, Yokohama, Japan, April 2-4, 2001 : revised papers

Fast Software Encryption is an eight-year-old workshop on symmetric cryp- graphy, including the design and cryptanalysis of block and stream ciphers, as well as hash functions. The ?rst Fast Software Encryption Workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, Rome in 1999, and New York in 2000. This Fast Software Encryption Workshop, FSE 2001, was held from 2-4 April 2001 in Yokohama, Japan, in cooperation with the Institute of Industrial Science, of the University of Tokyo. This year a total of 46 papers were submitted to FSE 2001. After a t- month review process, 27 papers were accepted for presentation at the workshop. In addition, we were fortunate to be able to organize a special talk by Bart Preneel on the NESSIE project, a European initiative to evaluate cryptographic algorithms. The committee of this workshop was: General Chair Hideki Imai (The University of Tokyo) Program Committee Ross Anderson (Cambridge Univ. ) Eli Biham (Technion) Cunsheng Ding (Singapore) Henri Gilbert (France Telecom) Dieter Gollman (Microsoft) Thomas Johansson (Lund Univ. ) Lars Knudsen (Bergen Univ. ) James Massey (Denmark) Mitsuru Matsui (Mitsubishi Electric, Chair) Kaisa Nyberg (Nokia) Bart Preneel (Katholieke Univ. Leuven) Bruce Schneier (Counterpane) We would like to thank all submitting authors and the committee members for their hard work. We are also appreciative of the ?nancial support provided by Mitsubishi Electric Corporation.

Cryptanalysis of Block Ciphers I.- The Saturation Attack - A Bait for Twofish.- Linear Cryptanalysis of Reduced Round Serpent.- Cryptanalysis of the Mercy Block Cipher.- Hash Functions and Boolean Functions.- Producing Collisions for PANAMA.- The RIPEMDL and RIPEMDR Improved Variants of MD4 Are Not Collision Free.- New Constructions of Resilient Boolean Functions with Maximal Nonlinearity.- Modes of Operations.- Optimized Self-Synchronizing Mode of Operation.- Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes.- Incremental Unforgeable Encryption.- Cryptanalysis of Stream Ciphers I.- ZIP Attacks with Reduced Known Plaintext.- Cryptanalysis of the SEAL 3.0 Pseudorandom Function Family.- Cryptanalysis of SBLH.- A Practical Attack on Broadcast RC4.- Cryptanalysis of Block Ciphers II.- Improved Square Attacks against Reduced-Round Hierocrypt.- Differential Cryptanalysis of Q.- Differential Cryptanalysis of Nimbus.- Cryptanalysis of Stream Ciphers II.- Fast Correlation Attack Algorithm with List Decoding and an Application.- Bias in the LEVIATHAN Stream Cipher.- Analysis of SSC2.- Pseudo-Randomness.- Round Security and Super-Pseudorandomness of MISTY Type Structure.- New Results on the Pseudorandomness of Some Blockcipher Constructions.- FSE2001 Special Talk.- NESSIE: A European Approach to Evaluate Cryptographic Algorithms.- Cryptanalysis of Block Ciphers III.- Related Key Attacks on Reduced Round KASUMI.- Security of Camellia against Truncated Differential Cryptanalysis.- Impossible Differential Cryptanalysis of Zodiac.- Design and Evaluation.- The Block Cipher SC2000.- Flaws in Differential Cryptanalysis of Skipjack.- Efficient Algorithms for Computing Differential Properties of Addition.