Attacking the affine parts of SFLASH

19Citations
Citations of this article
18Readers
Mendeley users who have this article in their library.
Get full text

Abstract

The signature scheme SFLASH has been accepted as candidate in the NESSIE (New European Scheme for Signatures, Integrity, and Encryption) project. We show that recovering the two secret affine mappings F237 → F237in SFLASH can easily be reduced to the task of revealing two linear mappings F237 → F237 . In particular, the 74 bits representing these affine parts do by no means contribute a factor of 274 to the effort required for mounting an attack against the system. This raises some doubts about the design of this NESSIE candidate.

Cite

CITATION STYLE

APA

Geiselmann, W., Steinwandt, R., & Beth, T. (2001). Attacking the affine parts of SFLASH. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2260, pp. 355–359). Springer Verlag. https://doi.org/10.1007/3-540-45325-3_31

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free