We provide a page listing papers on sponge functions and another page on Keccak. The papers in these two pages are not repeated here.

G. Van Assche, *Blahtexml and
multi-target document generation*, The Zpravodaj of the
Czechoslovak TeX Users Group **3**, p. 137
(2012) [Abstract] [Document]

Blahtex and Blahtexml are open-source tools for converting mathematical expressions written in the TeX syntax into MathML. This article focuses on a particular use case, where the source of a scientiﬁc document is written in XML and can be the input for a variety of output formats, ranging from LaTeX articles to documents in OpenDocument format to web pages. We show that Blahtexml can play a central role in such a context, where the author wishes to enter equations in the TeX syntax and yet enable his document for publication not only with TeX but also in MathML-based formats.

G. Van Assche, *A rotational
distinguisher on Shabal’s keyed permutation and its impact on the
security proofs*, NIST hash-forum mailing list, March 24th, 2010
(2010) [Abstract] [Document]

In this short note, we apply a rotational distinguisher to the keyed permutation of the SHA-3 candidate Shabal. We then discuss its applicability in the scope of Shabal’s mode of operation and its impact on the security proofs.

J. Daemen and G. Van Assche,
*Producing Collisions for Panama, Instantaneously*, in Fast
Software Encryption 2007 (FSE 2007) (2007) [Abstract] [Document]

We present a practical
attack on the Panama hash function that generates a collision in
2^{6} evaluations of the state updating function. Our
attack improves that of Rijmen and coworkers that had a complexity
2^{82}, too high to produce a collision in practice. This
improvement comes mainly from the use of techniques to transfer
conditions on the state to message words instead of trying many
message pairs and using the ones for which the conditions are
satisfied. Our attack works for any arbitrary prefix message,
followed by a pair of suffix messages with a given difference. We
give an example of a collision and make the collision-generating
program available. Our attack does not affect the Panama stream
cipher, that is still unbroken to the best of our knowledge.

G. Bertoni, J. Daemen,
M. Peeters and G. Van Assche, *RadioGatún, a
belt-and-mill hash function*, in NIST Second Cryptographic Hash
Workshop (2006) [Abstract] [Document]
[Presentation]

We present an approach to design cryptographic hash functions that builds on and improves the one underlying the Panama hash function. We discuss the properties of the resulting hash functions that need to be investigated and give a concrete design called RadioGatún that is quite competitive with SHA-1 in terms of performance. We are busy performing an analysis of RadioGatún and present in this paper some preliminary results.

J. Daemen and G. Van Assche,
*Distinguishing Stream Ciphers with Convolutional Filters*, in
Security and Cryptography for Networks (2006) [Abstract] [Document]

This paper presents a new type of distinguisher for the shrinking generator and the alternating-step generator with known feedback polynomial and for the multiplexor generator. For the former the distinguisher is more efficient than existing ones and for the latter it results in a complete breakdown of security. The distinguisher is conceptually very simple and lends itself to theoretical analysis leading to reliable predictions of its probability of success.

K.-C. Nguyen, G. Van Assche and
N. J. Cerf, *Side-Information Coding with Turbo Codes
and its Application to Quantum Key Distribution*, in Proceedings
of 2004 International Symposium on Information Theory and its
Applications (ISITA2004) (2004) [Abstract] [Document]

Turbo coding is a powerful class of error correcting codes, which can achieve performances close to the Shannon limit. The turbo principle can be applied to the problem of side-information source coding, and we investigate here its application to the reconciliation problem occuring in a continuous-variable quantum key distribution protocol.

G. Van Assche, S. Iblisdir and
N. J. Cerf, *Secure Coherent-state Quantum Key
Distribution Protocols with Efficient Reconciliation*, Phys.
Rev. A **71**, p. 052304 (2005) [Abstract] [Document]

We study the equivalence of a realistic quantum key distribution protocol using coherent states and homodyne detection with a formal entanglement purification protocol. Maximally entangled qubit pairs that one can extract in the formal protocol correspond to secret key bits in the realistic protocol. More specifically, we define a qubit encoding scheme that allows the formal protocol to produce more than one entangled qubit pair per entangled oscillator pair or, equivalently for the realistic protocol, more than one secret key bit per coherent state. The entanglement parameters are estimated using quantum tomography. We analyze the properties of the encoding scheme and investigate the resulting secret key rate in the important case of the attenuation channel.

J. Cardinal, S. Fiorini and
G. Van Assche, *On Minimum Entropy Graph Colorings*, in
Proceedings of 2004 IEEE International Symposium on Information
Theory (ISIT'2004) (2004) [Abstract] [Full text document] [Document as in the proceedings]
[Slides (light
background)] [Slides
(dark background)]

We study properties of
graph colorings that minimize the quantity of color information
with respect to a given probability distribution on the vertices.
The minimum entropy of any coloring is the *chromatic
entropy*. Applications of the chromatic entropy are found in
coding with side information and digital image partition coding. We
show that minimum entropy colorings are hard to compute even if a
minimum cardinality coloring is given, the distribution is uniform,
and the graph is planar. We also consider the minimum number of
colors in a minimum entropy coloring, and show that this number can
be arbitrarily larger than the chromatic number, even for
restricted families of uniformely weighted graphs.

S. Iblisdir, G. Van Assche and
N. J. Cerf, *Security of Quantum Key Distribution with
Coherent States and Homodyne Detection*, Phys.
Rev. Lett. **93**, p. 170502 (2004) [Abstract] [Document]

We assess the security of a quantum key distribution protocol relying on the transmission of Gaussian-modulated coherent states and homodyne detection. This protocol is shown to be equivalent to an entanglement purification protocol using CSS codes followed by key extraction, and is thus secure against any eavesdropping strategy.

J. Cardinal and G. Van Assche,
*Construction of a Shared Secret Key Using Continuous
Variables*, in Proceedings of 2003 IEEE Information Theory
Workshop (ITW 2003) (2003) [Abstract]
[Full text document] [Document as in the
proceedings]

Motivated by recent advances
in quantum cryptography with continuous variables, we study the
problem of extracting a shared digital secret key from two
correlated real values. Alice has access to a real value
*X _{A}*, and Bob to another value

*X*such that

_{B}*I*(

*X*;

_{A}*X*)>0. They wish to convert their values into a shared secret digital information while leaking as little information as possible to Eve. We show how the problem can be decomposed in two subproblems known in other contexts. The first is the design of a

_{B}*quantizer*that maximizes a mutual information criterion, the second is known as

*coding with side information*.

F. Grosshans, G. Van Assche,
J. Wenger, R. Brouri, N. J. Cerf and
P. Grangier, *Quantum key distribution using
gaussian-modulated coherent states*, Nature **421**, p.
238 (2003) [Abstract] [Document] [Supplementary
information]

Quantum continuous variables are being explored as an alternative means to implement quantum key distribution, which is usually based on single photon counting. The former approach is potentially advantageous because it should enable higher key distribution rates. Here we propose and experimentally demonstrate a quantum key distribution protocol based on the transmission of gaussian-modulated coherent states (consisting of laser pulses containing a few hundred photons) and shot-noise-limited homodyne detection; squeezed or entangled beams are not required. Complete secret key extraction is achieved using a reverse reconciliation technique followed by privacy amplification. The reverse reconciliation technique is in principle secure for any value of the line transmission, against gaussian individual attacks based on entanglement and quantum memories. Our table-top experiment yields a net key transmission rate of about 1.7 megabits per second for a loss-free line, and 75 kilobits per second for a line with losses of 3.1 dB. We anticipate that the scheme should remain effective for lines with higher losses, particularly because the present limitations are essentially technical, so that significant margin for improvement is available on both the hardware and software.

J. Cardinal and G. Van Assche,
*Joint Entropy-Constrained Multiterminal Quantization*, in
Proceedings of 2002 IEEE International Symposium on Information
Theory (ISIT'2002) (2002) [Abstract] [Full text document] [Document as in the
proceedings]

As a rate-distortion extension to the Slepian-Wolf problem, we study the entropy-constrained design of a multiterminal quantizer for coding two correlated continuous sources. The designed quantizer can then be combined with a lossless encoder operating close to the Slepian-Wolf bound. Two design methods are presented, both optimizing a Lagrangian cost measure involving the distortion and the information rate. The first method is a simple descent algorithm, while the second is based on index reuse of a high-resolution quantizer. Numerical results are displayed. The soundness of the index reuse method is shown, while confirming the advantages of entropy constraints over simple entropy limitations.

P. Navez and G. Van Assche, *A
method for secure transmission: Quantum Cryptography*, Technopol
IT-Scan (2002) [Abstract] [Texte en français (in French)]
[Tekst in het Nederlands (in
Dutch)] [Text in
English]

At the cutting edge of technology, quantum cryptography guarantees absolute confidentiality for information exchanged via an optic fibre. The secret of this ability lies in the possibility of storing information in the elementary constituent of light: the photon.

N. J. Cerf, S. Iblisdir and
G. Van Assche, *Cloning and Cryptography with Quantum
Continuous Variables*, Eur. Phys. J. D **18**, p.
211 (2001) [Abstract] [Document]

The cloning of quantum
variables with continuous spectra is investigated. We define a
Gaussian 1-to-2 cloning machine that copies equally well two
conjugate variables such as position and momentum or the two
quadrature components of a light mode. The resulting cloning
fidelity for coherent states, namely *F* = 2/3, is shown to be
optimal. An asymmetric version of this Gaussian cloner is then used
to assess the security of a continuous-variable quantum key
distribution scheme that allows two remote parties to share a
Gaussian key. The information versus disturbance tradeoff
underlying this continuous quantum cryptographic scheme is then
analyzed for the optimal individual attack. Methods to convert the
resulting Gaussian keys into secret key bits are also studied.
Finally, the extension of the Gaussian cloner to
*N*-to-*M* continuous cloners is discussed, and it is
shown how to implement these cloners for light modes, using a
phase-insensitive optical amplifier and beam splitters. In
addition, a phase-conjugate input modes continuous cloner is
defined, yielding *M* clones and *M'* anticlones from
*N* replicas of a coherent state and *N'* replicas of its
phase-conjugate (with *M'*-*M*=*N'*-*N*). This
novel kind of cloners is shown to outperform the standard
*N*-to-*M* cloners in some cases.

N. J. Cerf, M. Lévy and
G. Van Assche, *Quantum Distribution of Gaussian Keys using
Squeezed States*, Phys. Rev. A **63**, p. 052311
(2001) [Abstract] [Document]

A continuous key-distribution scheme is proposed that relies on a pair of conjugate quantum variables. It allows two remote parties to share a secret Gaussian key by encoding it into one of the two quadrature components of a single-mode electromagnetic field. The resulting quantum cryptographic information versus disturbance trade-off is investigated for an individual attack based on the optimal continuous cloning machine. It is shown that the information gained by the eavesdropper then simply equals the information lost by the receiver.

G. Van Assche, J. Cardinal and
N. J. Cerf, *Reconciliation of a Quantum-Distributed
Gaussian Key*, IEEE Trans. Inform. Theory **50**, p. 394
(2004) [Abstract] [Document] [Poster presented at
CVQIP'02]

Two parties, Alice and Bob, wish to distill a binary secret key out of a list of correlated variables that they share after running a quantum key distribution protocol based on continuous-spectrum quantum carriers. We present a novel construction that allows the legitimate parties to get equal bit strings out of correlated variables by using a classical channel, with as few leaked information as possible. This opens the way to securely correcting non-binary key elements. In particular, the construction is refined to the case of Gaussian variables as it applies directly to recent continuous-variable protocols for quantum key distribution.

J. Daemen, M. Peeters, G. Van
Assche and V. Rijmen, *The Noekeon Block Cipher*, in The
First Open Nessie Workshop (2000) [Abstract] [Noekeon
specifications]

In this document we describe the cipher Noekeon. First we present the design rationale and specify the cipher. Subsequently, we motivate the design choices and discuss the resistance of the cipher against known attacks. This is followed by a discussion on the implementation aspects and the references. In the appendix we explain how the propagation analysis was conducted.

J. Daemen, M. Peeters and
G. Van Assche, *Bitslice Ciphers and Power Analysis
Attacks*, in Fast Software Encryption 2000
(2000) [Abstract] [Document]

In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed by Goubin and Patarin. We apply the technique to BaseKing, a variant of 3-Way. We introduce an alternative method to protect against power analysis specific for BaseKing. Finally, we discuss the applicability of the methods to the other known bitslice ciphers 3-Way and Serpent.