## Fast Software Encryption: 10th International Workshop, FSE 2003, LUND, Sweden, February 24-26, 2003, Revised Papers, Volume 10Fast Software Encryption is now a 10-year-old workshop on symmetric crypt- raphy, including the design and cryptanalysis of block and stream ciphers, as well as hash functions. The ?rst FSE workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, Rome in 1999, New York in 2000, Yokohama in 2001, and Leuven in 2002. This Fast Software Encryption workshop, FSE 2003, was held February 24– 26, 2003 in Lund, Sweden. The workshop was sponsored by IACR (International Association for Cryptologic Research) and organized by the General Chair, Ben Smeets, in cooperation with the Department of Information Technology, Lund University. Thisyearatotalof71papersweresubmittedtoFSE2003.Afteratwo-month reviewing process, 27 papers were accepted for presentation at the workshop. In addition, we were fortunate to have in the program an invited talk by James L. Massey. The selection of papers was di?cult and challenging work. Each submission was refereed by at least three reviewers. I would like to thank the program c- mittee members, who all did an excellent job. In addition, I gratefully ackno- edge the help of a number of colleagues who provided reviews for the program committee. They are: Kazumaro Aoki, Alex Biryukov, Christophe De Canni` ere, Nicolas Courtois, Jean-Charles Faug` ere, Rob Johnson, Pascal Junod, Joseph Lano, Marine Minier, Elisabeth Oswald, H? avard Raddum, and Markku-Juhani O. Saarinen. |

### What people are saying - Write a review

We haven't found any reviews in the usual places.

### Contents

Block Cipher Cryptanalysis | 1 |

Rectangle Attacks on 49Round SHACAL1 | 31 |

Khazad and Anubis | 45 |

Linear Redundancy in SBoxes | 74 |

Stream Cipher Cryptanalysis | 87 |

On the Resynchronization Attack | 100 |

MACs | 129 |

A Concrete Security Analysis for 3GPPMAC | 154 |

Improving the Upper Bound on the Maximum Differential | 247 |

Linear Approximations of Addition Modulo 2n | 261 |

Block Ciphers and Systems of Quadratic Equations | 274 |

New Designs | 290 |

A New HighPerformance Stream Cipher | 307 |

Fast Encryption and Authentication | 330 |

PARSHA256 A New Parallelizable Hash Function | 347 |

Modes of Operation | 362 |

New Attacks against Standardized MACs | 170 |

Side Channel Attacks | 192 |

A New Class of Collision Attacks and Its Application to DES | 206 |

Further Observations on the Structure of the AES Algorithm | 223 |

The Security of OneBlocktoMany Modes of Operation | 376 |

397 | |

### Common terms and phrases

3GPP-MAC Advances in Cryptology adversary algorithm bent functions binary block cipher Boolean functions bytes candidate CBC MAC CBC-MAC chosen plaintexts ciphertext collision collision attacks complexity compression function Computer Science construction correlation counter cryptographic Cryptology decryption defined denote differential cryptanalysis differential probability distinguisher equations exhaustive search Fast Software Encryption function f H H H hash function Helix implementation initialization vector iterations key bits key schedule key stream keystream Khazad Lecture Notes Lemma length LFSR linear approximations linear cryptanalysis linear layer LNCS MAC algorithm MAC tags mask modes of operation modulo n-bit NESSIE nonlinear Notes in Computer obtain OMAC output bits paper plateaued functions polynomial processor proof properties pseudorandom queries random function requires Rijndael RMAC round secret key Serpent SHACAL-1 Springer-Verlag stream cipher subkey Table Theorem upper bound values variables vectors words