# Search results for: Lars R. Knudsen

Lecture Notes in Computer Science > Topics in Cryptology — CT-RSA 2001 > Symmetric Cryptography > 70-83

**practical security**against linear and differential attacks on Feistel ciphers. We give examples of such Feistel ciphers (practically) resistant to differential attacks, linear attacks and other attacks.

Lecture Notes in Computer Science > Advances in Cryptology — CRYPTO 2000 > Message Authentication > 184-196

Lecture Notes in Computer Science > Advances in Cryptology — CRYPT0’ 95 > Cryptanalysis II > 274-286

*K**, such that for many plaintexts the outputs after 6 rounds of encryption are equal. The output transformation causes the ciphertexts to differ in one of the 8 bytes. Also, the same types of keys encrypt even more pairs of plaintexts different...

Lecture Notes in Computer Science > Advances in Cryptology — CRYPTO’ 99 > Secret-Key Cryptography > 165-180

*GF*(2) into a combinatorial optimization problem. We convert the Boolean equation system into an equation...

Lecture Notes in Computer Science > Fast Software Encryption > MACs > 182-191

Lecture Notes in Computer Science > Advances in Cryptology - ASIACRYPT 2005 > Block Ciphers and Hash Functions > 462-473

*et al*proposed a method to turn an

*n*-bit compression function into a 2

*n*-bit compression function. In the black-box model, the security of this double length hash proposal against collision attacks is proven, if no more than Ω(2

^{2n/3}) oracle queries to the underlying

*n*-bit function are made. We explore the security of this hash proposal regarding several classes of attacks...

Lecture Notes in Computer Science > Advances in Cryptology — EUROCRYPT ’96 > Cryptanalysis II > 224-236

Lecture Notes in Computer Science > Advances in Cryptology - EUROCRYPT 2009 > Hash Cryptanalysis > 106-120

*n*-bit block cipher into a 2

*n*-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with

*n*= 128, it has complexity 2

^{124.5}, which is to be compared to the birthday attack having complexity 2

^{128}. The preimage attacks...

Lecture Notes in Computer Science > Advances in Cryptology — EUROCRYPT ’93 > Hash Functions > 286-292

*Algorithmic Research Ltd*and is currently being used in practice in the German banking world. AR hash is based on DES and a variant of the CBC mode. It produces a 128 bit hash value. In this paper, we present two attacks on AR hash. The first one constructs in one DES encryption two messages with the same hash value. The second one finds, given an arbitrary...

Lecture Notes in Computer Science > Advances in Cryptology — EUROCRYPT ’96 > Cryptanalysis II > 237-244