At CRYPTO 2017 and IEEE Transactions on Computers in 2018, Todo et al. proposed the
division property based cube attack method making it possible to launch cube attacks with …

Abstract At Asiacrypt 2014, Sun et al. proposed a MILP model [20] to search for differential
characteristics of bit-oriented block ciphers. In this paper, we improve this model to search …

Abstract The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the
preimage resistance of many hash functions, including but not limited to the full MD5 …

Since Keccak was selected as the SHA-3 standard, both its hash mode and keyed mode
have attracted lots of third-party cryptanalysis. Especially in recent years, there is progress in …

We present new preimage attacks on standard Keccak-224 and Keccak-256 that are
reduced to 3 and 4 rounds. An allocating approach is used in the attacks, and the whole …

In a recent presentation, we promoted the use of 12-round instances of Keccak, collectively
called “TurboSHAKE”, in post-quantum cryptographic schemes, but without defining them …

The cube attack is one of the most important cryptanalytic techniques against Trivium. Many
key-recovery attacks based on cube attacks have been established. However, few attacks …

In this paper, we propose a new MILP modeling to find better or even optimal choices of
conditional cubes, under the general framework of conditional cube attacks. These choices …

GIFT is a lightweight block cipher that was proposed by Banik et al. at CHES 2017, which is
said to be a direct improvement over PRESENT since “that provides a much increased …

The cube attack extracts the information of secret key bits by recovering the coefficient called
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …