Trace:

zoo_guidelines

This shows you the differences between two versions of the page.

Next revision | Previous revision Next revision Both sides next revision | ||

zoo_guidelines [19/03/2014 18:34:31] mmeh created |
zoo_guidelines [02/10/2014 12:55:10] damianv [Type] |
||
---|---|---|---|

Line 20: | Line 20: | ||

* **AES-K[n]** (when the underlying block cipher is n rounds of AES with key size K. Omit -K for AES-128) | * **AES-K[n]** (when the underlying block cipher is n rounds of AES with key size K. Omit -K for AES-128) | ||

* **AES-like** (when based on some modified version of AES) | * **AES-like** (when based on some modified version of AES) | ||

+ | * **Named BC** (e.g. LED-80, when some other named block cipher is used) | ||

* **Sponge[p]** (when based on a Sponge-like construction. Can replace p with a named permutation, which can either be part of the submission or existing permutation, e.g. Keccak) | * **Sponge[p]** (when based on a Sponge-like construction. Can replace p with a named permutation, which can either be part of the submission or existing permutation, e.g. Keccak) | ||

* **FSR** (based on feedback shift register(s)) | * **FSR** (based on feedback shift register(s)) | ||

* **ARX** (modular addition, rotation and XOR) | * **ARX** (modular addition, rotation and XOR) | ||

* **LRX** (logical operations, rotation and XOR) | * **LRX** (logical operations, rotation and XOR) | ||

+ | * **Comp[f]** (when based on a compression function. Can replace f with a named compression function, which can either be part of the submission or existing permutation, e.g. SHA256) | ||

+ | To specify several options for parameter sets, curly braces can be used, e.g. BC/{AES,LED-80} for a block cipher based scheme which uses AES-128 and LED-80. | ||

==== Parallelizable (E/D) ==== | ==== Parallelizable (E/D) ==== | ||

Specify separately whether the scheme is parallelizable in encryption (E) and decryption (D). Valid options for both cases are: | Specify separately whether the scheme is parallelizable in encryption (E) and decryption (D). Valid options for both cases are: | ||

Line 42: | Line 45: | ||

* **MAX online** (leaks only the LCP (longest common prefix) of plaintexts) | * **MAX online** (leaks only the LCP (longest common prefix) of plaintexts) | ||

* **LCP+X** (leaks LCP and XOR of next plaintext block) | * **LCP+X** (leaks LCP and XOR of next plaintext block) | ||

+ | * **A+N** (when there is some level of security if all associated data + nonce pairs are unique) | ||

* **None** (when all security is lost if nonce is repeated) | * **None** (when all security is lost if nonce is repeated) | ||

==== Inverse free ==== | ==== Inverse free ==== | ||

- | State whether the scheme requires the inverse of the underlying primitive when considering . ONLY applicable for block cipher- or permutation-based modes. Valid options are: | + | State whether the scheme requires the inverse of the underlying primitive. ONLY applicable for block cipher- or permutation-based modes. Valid options are: |

* **Yes** | * **Yes** | ||

* **No** | * **No** | ||

* **N/A** (for when not applicable, see above) | * **N/A** (for when not applicable, see above) |

zoo_guidelines.txt ยท Last modified: 20/02/2015 09:53:58 by mmeh

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported