Paper 2018/292
Linear Biases in AEGIS Keystream
Brice Minaud
Abstract
AEGIS is an authenticated cipher introduced at SAC 2013, which takes advantage of AES-NI instructions to reach outstanding speed in software. Like LEX, Fides, as well as many sponge-based designs, AEGIS leaks part of its inner state each round to form a keystream. In this paper, we investigate the existence of linear biases in this keystream. Our main result is a linear mask with bias
Note: This article was originally published at SAC 2014, but was not available on ePrint until now.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. SAC 2014
- DOI
- 10.1007/978-3-319-13051-4_18
- Keywords
- Linear CryptanalysisAEGIS
- Contact author(s)
- brice minaud @ gmail com
- History
- 2018-03-28: received
- Short URL
- https://ia.cr/2018/292
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/292, author = {Brice Minaud}, title = {Linear Biases in {AEGIS} Keystream}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/292}, year = {2018}, doi = {10.1007/978-3-319-13051-4_18}, url = {https://eprint.iacr.org/2018/292} }