Fast software encryption : 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009 : revised selected papers

FastSoftwareEncryption2009wasthe16thin a seriesofworkshopsonsymm- ric key cryptography. Starting from 2002, it is sponsored by the International Association for Cryptologic Research (IACR). FSE 2009 was held in Leuven, Belgium, after previous venues held in Cambridge, UK (1993, 1996), Leuven, Belgium (1994, 2002), Haifa, Israel (1997), Paris, France (1998, 2005), Rome, Italy (1999), New York, USA (2000), Yokohama, Japan (2001), Lund, Sweden (2003), New Delhi, India (2004), Graz, Austria (2006), Luxembourg, Lux- bourg (2007), and Lausanne, Switzerland (2008). The workshop's main topic is symmetric key cryptography, including the designoffast andsecuresymmetrickeyprimitives,suchas block ciphers,stream ciphers, hash functions, message authentication codes, modes of operation and iteration, as well as the theoretical foundations of these primitives. This year, 76 papers were submitted to FSE including a large portion of papers on hash functions, following the NIST SHA-3 competition, whose wo- shop was held just after FSE in the same location. From the 76 papers, 24 were accepted for presentation. It is my pleasure to thank all the authors of all s- missions for the high-quality research, which is the base for the scienti?c value of the workshop. The review process was thorough (each submission received the attention of at least three reviewers), and at the end, besides the accepted papers, the Committee decided that the merits of the paper "Blockcipher-Based Hashing Revisited" entitled the authors to receive the best paper award. I wish to thank all Committee members and the referees for their hard and dedicated work.

Stream Ciphers.- Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium.- An Efficient State Recovery Attack on X-FCSR-256.- Key Collisions of the RC4 Stream Cipher.- Invited Talk.- Intel's New AES Instructions for Enhanced Performance and Security.- Theory of Hash Functions.- Blockcipher-Based Hashing Revisited.- On the Security of Tandem-DM.- Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Applications to MD6.- Hash Functions Analysis I.- Cryptanalysis of RadioGatun.- Preimage Attacks on Reduced Tiger and SHA-2.- Cryptanalysis of the LAKE Hash Family.- Block Ciphers Analysis.- New Cryptanalysis of Block Ciphers with Low Algebraic Degree.- Algebraic Techniques in Differential Cryptanalysis.- Multidimensional Extension of Matsui's Algorithm 2.- Hash Functions Analysis II.- Meet-in-the-Middle Attacks on SHA-3 Candidates.- Practical Collisions for EnRUPT.- The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grostl.- Block Ciphers.- Revisiting the IDEA Philosophy.- Cryptanalysis of the ISDB Scrambling Algorithm (MULTI2).- Beyond-Birthday-Bound Security Based on Tweakable Block Cipher.- Theory of Symmetric Key.- Enhanced Target Collision Resistant Hash Functions Revisited.- Message Authentication Codes.- MAC Reforgeability.- New Distinguishing Attack on MAC Using Secret-Prefix Method.- Fast and Secure CBC-Type MAC Algorithms.- HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption.