Research Papers

We provide a page listing papers on sponge functions and another page on Keccak. The papers in these two pages are not repeated here.

G. Van Assche, Blahtexml and multi-target document generation, The Zpravodaj of the Czechoslovak TeX Users Group 3, p. 137 (2012) [Abstract] [Document]

Blahtex and Blahtexml are open-source tools for converting mathematical expressions written in the TeX syntax into MathML. This article focuses on a particular use case, where the source of a scientific document is written in XML and can be the input for a variety of output formats, ranging from LaTeX articles to documents in OpenDocument format to web pages. We show that Blahtexml can play a central role in such a context, where the author wishes to enter equations in the TeX syntax and yet enable his document for publication not only with TeX but also in MathML-based formats.

G. Van Assche, A rotational distinguisher on Shabal’s keyed permutation and its impact on the security proofs, NIST hash-forum mailing list, March 24th, 2010 (2010) [Abstract] [Document]

In this short note, we apply a rotational distinguisher to the keyed permutation of the SHA-3 candidate Shabal. We then discuss its applicability in the scope of Shabal’s mode of operation and its impact on the security proofs.

J. Daemen and G. Van Assche, Producing Collisions for Panama, Instantaneously, in Fast Software Encryption 2007 (FSE 2007) (2007) [Abstract] [Document]

We present a practical attack on the Panama hash function that generates a collision in 26 evaluations of the state updating function. Our attack improves that of Rijmen and coworkers that had a complexity 282, too high to produce a collision in practice. This improvement comes mainly from the use of techniques to transfer conditions on the state to message words instead of trying many message pairs and using the ones for which the conditions are satisfied. Our attack works for any arbitrary prefix message, followed by a pair of suffix messages with a given difference. We give an example of a collision and make the collision-generating program available. Our attack does not affect the Panama stream cipher, that is still unbroken to the best of our knowledge.

G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, RadioGatún, a belt-and-mill hash function, in NIST Second Cryptographic Hash Workshop (2006) [Abstract] [Document] [Presentation]

We present an approach to design cryptographic hash functions that builds on and improves the one underlying the Panama hash function. We discuss the properties of the resulting hash functions that need to be investigated and give a concrete design called RadioGatún that is quite competitive with SHA-1 in terms of performance. We are busy performing an analysis of RadioGatún and present in this paper some preliminary results.

J. Daemen and G. Van Assche, Distinguishing Stream Ciphers with Convolutional Filters, in Security and Cryptography for Networks (2006) [Abstract] [Document]

This paper presents a new type of distinguisher for the shrinking generator and the alternating-step generator with known feedback polynomial and for the multiplexor generator. For the former the distinguisher is more efficient than existing ones and for the latter it results in a complete breakdown of security. The distinguisher is conceptually very simple and lends itself to theoretical analysis leading to reliable predictions of its probability of success.

K.-C. Nguyen, G. Van Assche and N. J. Cerf, Side-Information Coding with Turbo Codes and its Application to Quantum Key Distribution, in Proceedings of 2004 International Symposium on Information Theory and its Applications (ISITA2004) (2004) [Abstract] [Document]

Turbo coding is a powerful class of error correcting codes, which can achieve performances close to the Shannon limit. The turbo principle can be applied to the problem of side-information source coding, and we investigate here its application to the reconciliation problem occuring in a continuous-variable quantum key distribution protocol.

G. Van Assche, S. Iblisdir and N. J. Cerf, Secure Coherent-state Quantum Key Distribution Protocols with Efficient Reconciliation, Phys. Rev. A 71, p. 052304 (2005) [Abstract] [Document]

We study the equivalence of a realistic quantum key distribution protocol using coherent states and homodyne detection with a formal entanglement purification protocol. Maximally entangled qubit pairs that one can extract in the formal protocol correspond to secret key bits in the realistic protocol. More specifically, we define a qubit encoding scheme that allows the formal protocol to produce more than one entangled qubit pair per entangled oscillator pair or, equivalently for the realistic protocol, more than one secret key bit per coherent state. The entanglement parameters are estimated using quantum tomography. We analyze the properties of the encoding scheme and investigate the resulting secret key rate in the important case of the attenuation channel.

J. Cardinal, S. Fiorini and G. Van Assche, On Minimum Entropy Graph Colorings, in Proceedings of 2004 IEEE International Symposium on Information Theory (ISIT'2004) (2004) [Abstract] [Full text document] [Document as in the proceedings] [Slides (light background)] [Slides (dark background)]

We study properties of graph colorings that minimize the quantity of color information with respect to a given probability distribution on the vertices. The minimum entropy of any coloring is the chromatic entropy. Applications of the chromatic entropy are found in coding with side information and digital image partition coding. We show that minimum entropy colorings are hard to compute even if a minimum cardinality coloring is given, the distribution is uniform, and the graph is planar. We also consider the minimum number of colors in a minimum entropy coloring, and show that this number can be arbitrarily larger than the chromatic number, even for restricted families of uniformely weighted graphs.

S. Iblisdir, G. Van Assche and N. J. Cerf, Security of Quantum Key Distribution with Coherent States and Homodyne Detection, Phys. Rev. Lett. 93, p. 170502 (2004) [Abstract] [Document]

We assess the security of a quantum key distribution protocol relying on the transmission of Gaussian-modulated coherent states and homodyne detection. This protocol is shown to be equivalent to an entanglement purification protocol using CSS codes followed by key extraction, and is thus secure against any eavesdropping strategy.

J. Cardinal and G. Van Assche, Construction of a Shared Secret Key Using Continuous Variables, in Proceedings of 2003 IEEE Information Theory Workshop (ITW 2003) (2003) [Abstract] [Full text document] [Document as in the proceedings]

Motivated by recent advances in quantum cryptography with continuous variables, we study the problem of extracting a shared digital secret key from two correlated real values. Alice has access to a real value XA, and Bob to another value XB such that I(XA;XB)>0. They wish to convert their values into a shared secret digital information while leaking as little information as possible to Eve. We show how the problem can be decomposed in two subproblems known in other contexts. The first is the design of a quantizer that maximizes a mutual information criterion, the second is known as coding with side information.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf and P. Grangier, Quantum key distribution using gaussian-modulated coherent states, Nature 421, p. 238 (2003) [Abstract] [Document] [Supplementary information]

Quantum continuous variables are being explored as an alternative means to implement quantum key distribution, which is usually based on single photon counting. The former approach is potentially advantageous because it should enable higher key distribution rates. Here we propose and experimentally demonstrate a quantum key distribution protocol based on the transmission of gaussian-modulated coherent states (consisting of laser pulses containing a few hundred photons) and shot-noise-limited homodyne detection; squeezed or entangled beams are not required. Complete secret key extraction is achieved using a reverse reconciliation technique followed by privacy amplification. The reverse reconciliation technique is in principle secure for any value of the line transmission, against gaussian individual attacks based on entanglement and quantum memories. Our table-top experiment yields a net key transmission rate of about 1.7 megabits per second for a loss-free line, and 75 kilobits per second for a line with losses of 3.1 dB. We anticipate that the scheme should remain effective for lines with higher losses, particularly because the present limitations are essentially technical, so that significant margin for improvement is available on both the hardware and software.

J. Cardinal and G. Van Assche, Joint Entropy-Constrained Multiterminal Quantization, in Proceedings of 2002 IEEE International Symposium on Information Theory (ISIT'2002) (2002) [Abstract] [Full text document] [Document as in the proceedings]

As a rate-distortion extension to the Slepian-Wolf problem, we study the entropy-constrained design of a multiterminal quantizer for coding two correlated continuous sources. The designed quantizer can then be combined with a lossless encoder operating close to the Slepian-Wolf bound. Two design methods are presented, both optimizing a Lagrangian cost measure involving the distortion and the information rate. The first method is a simple descent algorithm, while the second is based on index reuse of a high-resolution quantizer. Numerical results are displayed. The soundness of the index reuse method is shown, while confirming the advantages of entropy constraints over simple entropy limitations.

P. Navez and G. Van Assche, A method for secure transmission: Quantum Cryptography, Technopol IT-Scan (2002) [Abstract] [Texte en français (in French)] [Tekst in het Nederlands (in Dutch)] [Text in English]

At the cutting edge of technology, quantum cryptography guarantees absolute confidentiality for information exchanged via an optic fibre. The secret of this ability lies in the possibility of storing information in the elementary constituent of light: the photon.

N. J. Cerf, S. Iblisdir and G. Van Assche, Cloning and Cryptography with Quantum Continuous Variables, Eur. Phys. J. D 18, p. 211 (2001) [Abstract] [Document]

The cloning of quantum variables with continuous spectra is investigated. We define a Gaussian 1-to-2 cloning machine that copies equally well two conjugate variables such as position and momentum or the two quadrature components of a light mode. The resulting cloning fidelity for coherent states, namely F = 2/3, is shown to be optimal. An asymmetric version of this Gaussian cloner is then used to assess the security of a continuous-variable quantum key distribution scheme that allows two remote parties to share a Gaussian key. The information versus disturbance tradeoff underlying this continuous quantum cryptographic scheme is then analyzed for the optimal individual attack. Methods to convert the resulting Gaussian keys into secret key bits are also studied. Finally, the extension of the Gaussian cloner to N-to-M continuous cloners is discussed, and it is shown how to implement these cloners for light modes, using a phase-insensitive optical amplifier and beam splitters. In addition, a phase-conjugate input modes continuous cloner is defined, yielding M clones and M' anticlones from N replicas of a coherent state and N' replicas of its phase-conjugate (with M'-M=N'-N). This novel kind of cloners is shown to outperform the standard N-to-M cloners in some cases.

N. J. Cerf, M. Lévy and G. Van Assche, Quantum Distribution of Gaussian Keys using Squeezed States, Phys. Rev. A 63, p. 052311 (2001) [Abstract] [Document]

A continuous key-distribution scheme is proposed that relies on a pair of conjugate quantum variables. It allows two remote parties to share a secret Gaussian key by encoding it into one of the two quadrature components of a single-mode electromagnetic field. The resulting quantum cryptographic information versus disturbance trade-off is investigated for an individual attack based on the optimal continuous cloning machine. It is shown that the information gained by the eavesdropper then simply equals the information lost by the receiver.

G. Van Assche, J. Cardinal and N. J. Cerf, Reconciliation of a Quantum-Distributed Gaussian Key, IEEE Trans. Inform. Theory 50, p. 394 (2004) [Abstract] [Document] [Poster presented at CVQIP'02]

Two parties, Alice and Bob, wish to distill a binary secret key out of a list of correlated variables that they share after running a quantum key distribution protocol based on continuous-spectrum quantum carriers. We present a novel construction that allows the legitimate parties to get equal bit strings out of correlated variables by using a classical channel, with as few leaked information as possible. This opens the way to securely correcting non-binary key elements. In particular, the construction is refined to the case of Gaussian variables as it applies directly to recent continuous-variable protocols for quantum key distribution.

J. Daemen, M. Peeters, G. Van Assche and V. Rijmen, The Noekeon Block Cipher, in The First Open Nessie Workshop (2000) [Abstract] [Noekeon specifications]

In this document we describe the cipher Noekeon. First we present the design rationale and specify the cipher. Subsequently, we motivate the design choices and discuss the resistance of the cipher against known attacks. This is followed by a discussion on the implementation aspects and the references. In the appendix we explain how the propagation analysis was conducted.

J. Daemen, M. Peeters and G. Van Assche, Bitslice Ciphers and Power Analysis Attacks, in Fast Software Encryption 2000 (2000) [Abstract] [Document]

In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed by Goubin and Patarin. We apply the technique to BaseKing, a variant of 3-Way. We introduce an alternative method to protect against power analysis specific for BaseKing. Finally, we discuss the applicability of the methods to the other known bitslice ciphers 3-Way and Serpent.