Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Practical Cryptography for Data Internetworks
Practical Cryptography for Data Internetworks
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Limitations of the Even-Mansour Construction
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Construction of a Cioher From a Single Pseudorandom Permutation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
How to Strengthen DES Using Existing Hardware
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
On the Strength of Simply-Iterated Feistel Ciphers with Whitening Keys
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Risks with Raw-Key Masking - The Security Evaluation of 2-Key XCBC
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Fast Multimedia Encryption in JAVA: Using Unbalanced Luby/Rackoff Ciphers
ECMAST '99 Proceedings of the 4th European Conference on Multimedia Applications, Services and Techniques
Efficient Amplification of the Security of Weak Pseudo-random Function Generators
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Lectures on Data Security, Modern Cryptology in Theory and Practice, Summer School, Aarhus, Denmark, July 1998
Recent Developments in the Design of Conventional Cryptographic Algorithms
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
On the Security of Double and 2-Key Triple Modes of Operation
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
On Security of the 128-Bit Block Cipher DEAL
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Probing Attacks on Tamper-Resistant Devices
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Secret External Encodings Do Not Prevent Transient Fault Analysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Security of Cyclic Double Block Length Hash Functions
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
A survey of confidential data storage and deletion methods
ACM Computing Surveys (CSUR)
Collision resistant double-length hashing
ProvSec'10 Proceedings of the 4th international conference on Provable security
Indifferentiable security analysis of popular hash functions with prefix-free padding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Advanced slide attacks revisited: realigning slide on DES
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
HCTR: a variable-input-length enciphering mode
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Design and analysis of password-based key derivation functions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
On the security of tweakable modes of operation: TBC and TAE
ISC'05 Proceedings of the 8th international conference on Information Security
On the security bounds of CMC, EME, EME+ and EME* modes of operation
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
The collision security of MDC-4
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Weimar-DM: a highly secure double-length compression function
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
PRINCE: a low-latency block cipher for pervasive computing applications
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
The block cipher DESX is defined by DESXk.k1.ka(x) = k2 ⊕ DESk(k1 ⊕ x), where ⊕ denotes bitwise exclusive-or. This construction was first suggested by Ron Rivest as a computationally-cheap way to protect DES against exhaustive key-search attacks. This paper proves, in a formal model, that the DESX construction is sound. We show that, when F is an idealized block cipher, FXk.k1.k2(x)= K2 ⊕ Fk(k1 ⊕ x) is substantially more resistant to key search than is F. In fact, our analysis says that FX has an effective key length of at least ϰ+n - 1 - lg m bits, where ϰ, is the key length of F, n is the block Iength, and m bounds the number of (x, FXk(x)) pairs the adversary can obtain.