BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Laboratoire de Mathématiques de Versailles - ECPv6.3.5//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:Laboratoire de Mathématiques de Versailles X-ORIGINAL-URL:https://lmv.math.cnrs.fr X-WR-CALDESC:évènements pour Laboratoire de Mathématiques de Versailles REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:Europe/Paris BEGIN:DAYLIGHT TZOFFSETFROM:+0100 TZOFFSETTO:+0200 TZNAME:CEST DTSTART:20200329T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0200 TZOFFSETTO:+0100 TZNAME:CET DTSTART:20201025T010000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=Europe/Paris:20200312T103000 DTEND;TZID=Europe/Paris:20200312T120000 DTSTAMP:20240329T064222 CREATED:20200306T100641Z LAST-MODIFIED:20200313T085200Z UID:7544-1584009000-1584014400@lmv.math.cnrs.fr SUMMARY:CRYPTO : Yann Rotella (UVSQ LMV) : On generating collisions in blinded keyed hashing DESCRIPTION:In this work\, we analyze keyed-hashing modes with respect to collision resistance in a blinded keyed hashing model for the attacker in both serial and parallel constructions to do compression functions in cryptography. \nThe serial construction is used in CBC-MAC for blockcipher-based or DonkeySponge for Permutation-based\, while the parallel one is used in P-MAC (blockcipher-based) or Farfalle (Permutation-based). \nWe try to obtain collisions in this setting by using differential trails existing in the inner permutation (or underlying blockcipher). Eventually\, we mount two different attack strategies for both constructions\, by using a single trail core. Our attack takes use of a huge set of trails\, all sharing the same trail core. \nMore precisely\, the expected number of inputs that we need to take into account for finding a collision is 2^W where W is defined as the sum of the weoghts of the round differentials starting from the 2nd round and where the weight of the last round is divided by 2. Also\, in the case of the parallel construction\, W is twice as large as in the case of the serial construction. \nSo in the case of a collision attack based on a single trail core\, under reasonable assumptions the parallel construction offers twice the security level than the serial construction. \nThis is joint work with Joan Daemen and Jonathan Fuchs. \nCRYPTO : Yann Rotella (UVSQ LMV) : On generating collisions in blinded keyed hashing URL:https://lmv.math.cnrs.fr/evenenement/crypto-yann-rotella-uvsq-lmv-on-generating-collisions-in-blinded-keyed-hashing/ LOCATION:Bâtiment Descartes\, salle 301 CATEGORIES:Séminaire CRYPTO END:VEVENT END:VCALENDAR