|
||
|
16 March 2014 CAESAR Submissions Published
Date: 17 Mar 2014 00:00:36 -0000 I've now posted all 56 CAESAR submissions (1510 pages of PDFs from 136 designers, or 187 counted with multiplicity): http://competitions.cr.yp.to/caesar-submissions.html Most of the submissions meet the requirements of the call for submissions. Some don't, giving the CAESAR secretary the option to eliminate the submissions. In a few cases the violations are so severe that this option should probably be exercised, but I've decided to give the submitters a brief opportunity to fix their PDFs (without switching to different ciphers). In particular, don't be surprised for now if you notice a few underspecified ciphers. ---Dan
Date: 17 Mar 2014 00:28:58 -0000 Quite a few of the submissions are "mode" submissions that advertise proofs of security, often starting from the assumption that AES is secure. In most of these cases it should be safe to replace AES with reduced-round AES, but the minimum safe number of rounds will vary from one mode to another. So here's a challenge for cryptanalysts: figure out how many rounds of AES-GCM, AES-COPA, etc. you can actually break. Everyone knows that reduced-round cryptanalysis is the right way to understand primitives such as AES, and I'm sure we'll see reduced-round cryptanalysis of many of the non-"mode" submissions; but I've seen very little literature on reduced-round cryptanalysis of, e.g., AES-CTR or AES-CBC, never mind authenticated ciphers such as AES-GCM. I would guess that AES-CBC needs at least two more rounds than AES-CTR to be secure. ---Dan _____ Visit this group at http://groups.google.com/group/crypto-competitions
|