Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Why Textbook ElGamal and RSA Encryption Are Insecure
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The design of a stream cipher LEX
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Analysis of Grain's initialization algorithm
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
| Hi-index | 0.00 |
VEST is a set of four stream cipher families submitted by S. O'Neil, B. Gittins and H. Landman to the eSTREAM call for stream cipher proposals of the European project ECRYPT. The state of any family member is made of three components: a counter, a counter diffusor and a core accumulator. We show that collisions can be found in the counter during the IV Setup. Moreover they can be combined with a collision in the linear counter diffusor to form collisions on the whole cipher. As a consequence, it is possible to retrieve 53 bits of the keyed state of the stream cipher by performing a chosen IV attack. For the default member of a VEST family, we present a "long" IV attack which requires 222.24 IV setups, and a "short" IV attack which requires 228.73 IV setups on average. The 53 bits retrieved can be used to reduce the complexity of the exhaustive key search. The chosen IV attack can be turned into a chosen message attack on a MAC based on VEST.