BEANIE – A 32-bit Cipher for Cryptographic Mitigations Against Software Attacks

In modern CPU architectures, various security features to mitigate software attacks can be found. Examples of such features are logical isolation, memory tagging or shadow stacks. Basing such features on cryptographic isolation instead of...

View Full Research

Dialga: A Family of Low-Latency Tweakable Block Ciphers Using Multiple Linear Layers

In this paper, we propose Dialga, a family of low-latency tweakable block ciphers designed to support 128/256-bit tweaks and 256-bit keys. Dialga achieves significantly small latency by leveraging multiple novel strategies. These include t...

View Full Research

How to Implement Authenticated Encryption on XTS-Enabled Devices

XTS is a block cipher mode for storage encryption. IEEE and NIST have standardized it, and it is widely deployed in real-world applications, including FileVault2, Bitlocker, and dm-crypt. However, it is well-known that XTS provides limited...

View Full Research

On the Plaintext Awareness of AEAD Schemes

Plaintext-awareness of AEAD schemes is one of the more obscure and easily misunderstood notions. Originally proposed by Andreeva et al., Mennink and Talnikar showed in 2025 that the original definitions are vague and leave too much room fo...

View Full Research

Cube Attacks with Elimination Strategy: Key Recovery Attacks on Trivium

In this paper, we present a novel framework for cube attacks named cube attacks with elimination strategy. The core idea is to find specific key conditions and cubes such that their superpolies under these key conditions can be efficiently...

View Full Research

Multi-User Security Bound for Mixed Filter Permutators in the Random Oracle Model

At Eurocrypt’16, Méaux et al. designed a construction for symmetric ciphers that can be efficiently evaluated with Fully Homomorphic Encryption, dubbed Filter Permutator. They also specify FLIP, a family of Filter Permutators. Creating FiL...

View Full Research

Preface to Volume 2026, Issue 1

View Full Research

Indifferentiability of the Sponge Hash Family: New Attacks and the Optimal Construction

The sponge construction is subject to an indifferentiability security bound of c/2 bits, where c denotes the capacity. For a given b-bit permutation, the sponge construction allows sacrificing the rate r = b − c to achieve the theoreticall...

View Full Research

Cryptanalysis of TFHE-Friendly Cipher FRAST

FRAST is a TFHE-friendly stream cipher that was published at FSE 2025. The cipher is defined over Z16, and makes extensive use of negacyclic S-boxes over Z16 as they are less costly in TFHE. Like many FHE-friendly ciphers, FRAST randomizes...

View Full Research

Quantum Truncated Differential Attacks Using Convolutions

This paper focuses on quantum key-recovery attacks on block ciphers. Previous works on quantum differential and truncated differential attacks like [Kaplan et al., ToSC 2016] have shown that classical algorithms for key-recovery, typically...

View Full Research

Practical Preimage Attack on 5-Round Keccak[r=640, c=160]

Internal differential cryptanalysis has recently yielded a series of new results in the preimage cryptanalysis of round-reduced Keccak. While these existing attacks share a similar high-level framework, they differ in their technical detai...

View Full Research

A Known-Plaintext Attack with Minimal Data Complexity on 25-Round CRAFT

We present the first known-plaintext attack on up to 25 rounds of the tweakable block cipher Craft. These attacks require only two known plaintextciphertext pairs to recover the full key, and work independent of the used tweaks. Given the...

View Full Research

Cube and Integral Attacks on ChiLow-32

The protection of executable code in embedded systems requires efficient mechanisms that ensure confidentiality and integrity. Belkheyar et al. recently proposed the Authenticated Code Encryption (ACE) framework, with ChiLow as the first A...

View Full Research

Differential-Linear Cryptanalysis and Cube Attacks on ChiLow

ChiLow is a family of tweakable block ciphers specifically designed for embedded code encryption, proposed at EUROCRYPT 2025. Its novel nested tweakkey schedule and a variant of the χ function significantly enhance latency and energy effic...

View Full Research

Walsh Spectrum Puncturing Revisited: Toward Automated Linear Key Recovery Attacks

Linear cryptanalysis has long served as a cornerstone in the security analysis of symmetric-key cryptanalytic primitives. Through more than 30 years of community efforts, it has become routine to use automated tools to search for the optim...

View Full Research