Yiqun Lisa Yin scite author profile

Abstract.In this paper, we analyze the security of HMAC and NMAC, both of which are hash-based message authentication codes. We present distinguishing, forgery, and partial key recovery attacks on HMAC and NMAC using collisions of MD4, MD5, SHA-0, and reduced SHA-1. Our results demonstrate that the strength of a cryptographic scheme can be greatly weakened by the insecurity of the underlying hash function.

show abstract

On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm

Kaliski¹,

Yin²

1995

View full text Add to dashboard Cite

This paper analyzes the security of the RC5 encryption algorithm against differential and linear cryptanalysis. RC5 is a new block cipher recently designed by Ron Rivest. It has a variable word size, a variable number of rounds, and a variable-length secret key. In RC5, the secret key is used to fill an expanded key table which is then used in encryption. Both our differential and linear attacks on RC5 recover every bit of the expanded key table without any exhaustive search. However, the plaintext requirement is strongly dependent on the number of rounds. For 64-bit block size, our differential attack on nine-round RC5 uses 2*5 chosen plaintext pairs (about the same as DES), while 2" pairs are needed for 12-round RC5. Similarly, our linear attack on five-round RC5 uses 2*' known plaintexts (about the same as DES), and the plaintext requirement is impractical for more than six rounds. We conjecture that the linear approximations used in our linear cryptanalysis are optimal. Thus, we conclude that Rivest's suggested use of 12 rounds is sufficient to make differential and linear cryptanalysis of RC5 impractical.

show abstract

Efficient Methods for Integrating Traceability and Broadcast Encryption

Gafni

Staddon²,

Yin³

1999

View full text Add to dashboard Cite

In many applications for content distribution, broadcast channels are used to transmit information from a distribution center to a large set of users. Broadcast encryption schemes enable the center to prevent certain users from recovering the information that is broadcast in encrypted form, while traceability schemes enable the center to trace users who collude to produce pirate decoders. In this paper, we study general methods for integrating traceability and broadcasting capability. In particular, we present a method for adding any desired level of broadcasting capability to any traceability scheme and a method for adding any desired level of traceability to any broadcast encryption scheme. To support our general methods, we also present new constructions of broadcast encryption schemes which are close to optimal in terms of the total number keys required. Our new schemes are the first to be both maximally resilient and fully scalable.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yiqun Lisa Yin

Finding Collisions in the Full SHA-1

Efficient Collision Search Attacks on SHA-0

Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions

On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm

Efficient Methods for Integrating Traceability and Broadcast Encryption

Contact Info

Product

Resources

About