Rigorous Time/Space Trade-offs for Inverting Functions
SIAM Journal on Computing
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Hold your sessions: an attack on java session-id generation
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Improved time-memory trade-offs with multiple data
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
A survey of recent developments in cryptographic algorithms for smart cards
Computer Networks: The International Journal of Computer and Telecommunications Networking
Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables
ACM Transactions on Information and System Security (TISSEC)
Treatment of the initial value in Time-Memory-Data Tradeoff attacks on stream ciphers
Information Processing Letters
The Grain Family of Stream Ciphers
New Stream Cipher Designs
Analysis of RC4 and Proposal of Additional Layers for Better Security Margin
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Improved Cryptanalysis of the Common Scrambling Algorithm Stream Cipher
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
On guess and determine cryptanalysis of LFSR-based stream ciphers
IEEE Transactions on Information Theory
Revisiting correlation-immunity in filter generators
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Variants of the distinguished point method for cryptanalytic time memory trade-offs
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Stream ciphers using a random update function: study of the entropy of the inner state
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Cryptography for network security: failures, successes and challenges
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Loiss: a byte-oriented stream cipher
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
A critique of some chaotic-map and cellular automata-based stream ciphers
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
On the effectiveness of TMTO and exhaustive search attacks
IWSEC'06 Proceedings of the 1st international conference on Security
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
A new variant of time memory trade-off on the improvement of thing and ying's attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.06 |
Time/memory tradeoff (TMTO) is a generic method of inverting oneway functions. In this paper, we focus on identifying candidate oneway functions hidden in cryptographic algorithms, inverting which will result in breaking the algorithm. The results we obtain on stream and block ciphers are the most important ones. For streamciphers using IV, we show that if the IV is shorter than the key, then the algorithm is vulnerable to TMTO. Further, from a TMTO point of view, it makes no sense to increase the size of the internal state of a streamcipher without increasing the size of the IV. This has impact on the recent ECRYPT call for streamcipher primitives and clears an almost decade old confusion on the size of key versus state of a streamcipher. For blockciphers, we consider various modes of operations and show that to different degrees all of these are vulnerable to TMTO attacks. In particular, we describe multiple data chosen plaintext TMTO attacks on the CBC and CFB modes of operations. This clears a quarter century old confusion on this issue starting from Hellman’s seminal paper in 1980 to Shamir’s invited talk at Asiacrypt 2004. We also provide some new applications of TMTO and a set of general guidelines for applying TMTO attacks.