Marcel Nageler

Marcel Nageler
Graz University of Technology | TU Graz · Institute for Applied Information Processing and Communications

Master of Science

About

6
Publications
341
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
30
Citations
Introduction
Skills and Expertise
Cryptography
Cryptanalysis

Publications

Publications (6)
The QARMAv2 Family of Tweakable Block Ciphers
Article
Full-text available
  • Sep 2023
We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through n...
View
Figure 1: The Merkle-Damgård construction with permutation (MDP) used...
Figure 2: The compression function of Romulus-H based on Hirose's DBL...
Figure 5: The idea of joint differential characteristics illustrated on...
Figure 7: Joint cellwise characteristic for 14 rounds of Romulus-H with...
+1 Results and bounds on the number of active S-boxes based on different...
Finding Collisions for Round-Reduced Romulus-H
Article
Full-text available
  • Mar 2023
The hash function Romulus-H is a finalist in the NIST Lightweight Cryptography competition. It is based on the Hirose double block-length (DBL) construction which is provably secure when used with an ideal block cipher. However, in practice, ideal block ciphers can only be approximated. Therefore, the security of concrete instantiations must be cry...
View
Figure 5: The round function of WARP.
Figure 6: Sandwich distinguisher for 9 rounds of WARP.
Figure 10: The round function of TWINE.
Figure 11: The round function of LBlock.
+3 Figure 12: Sandwich distinguisher for 14 rounds of WARP.
Throwing Boomerangs into Feistel Structures: Application to CLEFIA, WARP, LBlock, LBlock-s and TWINE
Article
Full-text available
  • Sep 2022
Automatic tools to search for boomerang distinguishers have seen significant advances over the past few years. However, most previous work has focused on ciphers based on a Substitution Permutation Network (SPN), while analyzing the Feistel structure is of great significance. Boukerrou et al. recently provided a theoretical framework to formulate t...
View
Figure 10: The round function of TWINE.
Figure 11: The round function of LBlock.
Summary of boomerang distinguishers for WARP, CLEFIA, TWINE, and LBlock.
Comparison between the theoretical and experimental probabilities of...
+2 Number of MILP constraints to encode the pb-DDTs of CLEFIA S-box...
Throwing Boomerangs into Feistel Structures: Application to CLEFIA, WARP, LBlock, LBlock-s and TWINE
Preprint
Full-text available
  • Jun 2022
Automatic tools to search for boomerang distinguishers have seen significant advances over the past few years. However, most of the previous works in this context focus on ciphers based on a Substitution Permutation Network (SPN), while analyzing the Feistel structure is of great significance. Although Boukerrou et al. provided a theoretical framew...
View
Fig. 3: Information gained by faulting two rounds of single-key DEFAULT.
Fig. 9: The linear spaces used in the attack on DEFAULT.
Fig. 11: Number of faults needed to recover the key (n = 10 000).
Information-Combining Differential Fault Attacks on DEFAULT
Chapter
Full-text available
  • May 2022
Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They arg...
View
Bounds for the inverse squared correlation contribution c −2 of the...
Analyzing the Linear Keystream Biases in AEGIS
Article
Full-text available
  • Jan 2020
AEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered slight biases in the keystream based on linear ch...
View

Network

Cited
View All
Cited By
View All