Episode 2: Breaking Lightweight Symmetric Cryptography!
Léo Perrin talks about how his team at INRIA was able to find
serious breaks in the Gimli family of lightweight symmetric
primitives, and why NIST's lightweight cryptography competition
even matters in the first place, especially with block ciphers like
A
34 Minuten
Podcast
Podcaster
In-depth, substantive discussions on the latest news and research in applied cryptography.
Beschreibung
vor 5 Jahren
Aside from working on a competition for standardizing post-quantum
primitives, the United States National Institute of Standards and
Technology, or NIST, has also organized a lightweight cryptography
competition meant to attract designs for symmetric primitives, such
as hash functions and authenticated encryption ciphers, that work
in use cases where even AES is not an adequately speedy standard.
Among the submissions to NIST’s lightweight cryptography
competition has been Gimli, a family of cryptographic primitives
comprised of a hash function and of an authenticated encryption
with associated data (AEAD) cipher. Named after the Lord of the
Rings Dwarf warrior and authored by a long list of accomplished
cryptographers, Gimli looked like a promising submission -- until a
team of cryptanalysts at INRIA produced a surprising set of results
outlining some potentially serious weaknesses in Gimli’s current
design. In their paper, which recently was declared as the winner
of the IACR Asiacrypt 2020 Best Paper Award, Antonio Flórez
Gutiérrez, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, André
Schrottenloher and Ferdinand Sibleyras from the INRIA research
institute here in France presented some very strong results against
Gimli’s security. But why does Gimli even matter? Why aren’t AES,
ChaCha20-Poly1305, and BLAKE2 enough, even for the most
performance-constrained scenarios? And how did this team of
researchers succeed in obtaining such serious results on a family
of cryptographic primitives that was certainly designed with care
and expertise? Links and papers discussed in the show: * New
results on Gimli: full-permutation distinguishers and improved
collisions (https://eprint.iacr.org/2020/744) * Lower Bounds on the
Degree of Block Ciphers (https://eprint.iacr.org/2020/1051) *
Saturnin lightweight cryptography
(https://project.inria.fr/saturnin/) Music composed by Toby Fox and
performed by Sean Schafianski
(https://seanschafianski.bandcamp.com/). Special Guest: Léo Perrin.
primitives, the United States National Institute of Standards and
Technology, or NIST, has also organized a lightweight cryptography
competition meant to attract designs for symmetric primitives, such
as hash functions and authenticated encryption ciphers, that work
in use cases where even AES is not an adequately speedy standard.
Among the submissions to NIST’s lightweight cryptography
competition has been Gimli, a family of cryptographic primitives
comprised of a hash function and of an authenticated encryption
with associated data (AEAD) cipher. Named after the Lord of the
Rings Dwarf warrior and authored by a long list of accomplished
cryptographers, Gimli looked like a promising submission -- until a
team of cryptanalysts at INRIA produced a surprising set of results
outlining some potentially serious weaknesses in Gimli’s current
design. In their paper, which recently was declared as the winner
of the IACR Asiacrypt 2020 Best Paper Award, Antonio Flórez
Gutiérrez, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, André
Schrottenloher and Ferdinand Sibleyras from the INRIA research
institute here in France presented some very strong results against
Gimli’s security. But why does Gimli even matter? Why aren’t AES,
ChaCha20-Poly1305, and BLAKE2 enough, even for the most
performance-constrained scenarios? And how did this team of
researchers succeed in obtaining such serious results on a family
of cryptographic primitives that was certainly designed with care
and expertise? Links and papers discussed in the show: * New
results on Gimli: full-permutation distinguishers and improved
collisions (https://eprint.iacr.org/2020/744) * Lower Bounds on the
Degree of Block Ciphers (https://eprint.iacr.org/2020/1051) *
Saturnin lightweight cryptography
(https://project.inria.fr/saturnin/) Music composed by Toby Fox and
performed by Sean Schafianski
(https://seanschafianski.bandcamp.com/). Special Guest: Léo Perrin.
Weitere Episoden
49 Minuten
vor 2 Jahren
53 Minuten
vor 2 Jahren
52 Minuten
vor 2 Jahren
47 Minuten
vor 4 Jahren
43 Minuten
vor 4 Jahren
In Podcasts werben
Kommentare (0)