The MAGMA algebra system I: the user language
Journal of Symbolic Computation - Special issue on computational algebra and number theory: proceedings of the first MAGMA conference
The Design of Rijndael
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A Scalable and Provably Secure Hash-Based RFID Protocol
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
A Hash-based Pseudonymization Infrastructure for RFID Systems
SECPERU '06 Proceedings of the Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing
New Stream Cipher Designs
Ultra-Lightweight Implementations for Smart Devices --- Security for 1000 Gate Equivalents
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Distinguisher and Related-Key Attack on the Full AES-256
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Sponge-based pseudo-random number generators
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Pushing the limits: a very compact and a threshold implementation of AES
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Combining compression functions and block cipher-based hash functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Efficient authentication for low-cost RFID systems
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
A case against currently used hash functions in RFID protocols
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Authenticating pervasive devices with human protocols
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Duplexing the sponge: single-pass authenticated encryption and other applications
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
SPN-hash: improving the provable resistance against differential collision attacks
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
The GLUON family: a lightweight hash function family based on FCSRs
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Compression functions using a dedicated blockcipher for lightweight hashing
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Randomness analysis on LED block ciphers
Proceedings of the Fifth International Conference on Security of Information and Networks
Improved rebound attack on the finalist grøstl
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Recursive diffusion layers for block ciphers and hash functions
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Lightweight cryptography for the cloud: exploit the power of bitslice implementation
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Low-latency encryption: is "Lightweight = light + wait"?
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Differential analysis of the LED block cipher
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
3kf9: enhancing 3GPP-MAC beyond the birthday bound
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Improved (and practical) public-key authentication for UHF RFID tags
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
On the implementation aspects of sponge-based authenticated encryption for pervasive devices
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Compact implementation and performance evaluation of hash functions in ATtiny devices
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Multipurpose cryptographic primitive ARMADILLO3
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Light-weight primitive, feather-weight security: a cryptanalytic knock-out
Proceedings of the Workshop on Embedded Systems Security
Pushing the limits of SHA-3 hardware implementations to fit on RFID
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
FIDES: lightweight authenticated cipher with side-channel resistance for constrained hardware
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
RFID security is currently one of the major challenges cryptography has to face, often solved by protocols assuming that an ontag hash function is available. In this article we present the PHOTON lightweight hash-function family, available in many different flavors and suitable for extremely constrained devices such as passive RFID tags. Our proposal uses a sponge-like construction as domain extension algorithm and an AES-like primitive as internal unkeyed permutation. This allows us to obtain the most compact hash function known so far (about 1120 GE for 64-bit collision resistance security), reaching areas very close to the theoretical optimum (derived from the minimal internal state memory size). Moreover, the speed achieved by PHOTON also compares quite favorably to its competitors. This is mostly due to the fact that unlike for previously proposed schemes, our proposal is very simple to analyze and one can derive tight AES-like bounds on the number of active Sboxes. This kind of AES-like primitive is usually not well suited for ultra constrained environments, but we describe in this paper a new method for generating the column mixing layer in a serial way, lowering drastically the area required. Finally, we slightly extend the sponge framework in order to offer interesting trade-offs between speed and preimage security for small messages, the classical use-case in hardware.