This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
zoo_guidelines [19/03/2014 18:34:31] mmeh created |
zoo_guidelines [06/10/2014 15:07:46] damianv [Type] |
||
---|---|---|---|
Line 20: | Line 20: | ||
* **AES-K[n]** (when the underlying block cipher is n rounds of AES with key size K. Omit -K for AES-128) | * **AES-K[n]** (when the underlying block cipher is n rounds of AES with key size K. Omit -K for AES-128) | ||
* **AES-like** (when based on some modified version of AES) | * **AES-like** (when based on some modified version of AES) | ||
+ | * **Named BC** (e.g. LED-80, when some other named block cipher is used) | ||
* **Sponge[p]** (when based on a Sponge-like construction. Can replace p with a named permutation, which can either be part of the submission or existing permutation, e.g. Keccak) | * **Sponge[p]** (when based on a Sponge-like construction. Can replace p with a named permutation, which can either be part of the submission or existing permutation, e.g. Keccak) | ||
* **FSR** (based on feedback shift register(s)) | * **FSR** (based on feedback shift register(s)) | ||
* **ARX** (modular addition, rotation and XOR) | * **ARX** (modular addition, rotation and XOR) | ||
* **LRX** (logical operations, rotation and XOR) | * **LRX** (logical operations, rotation and XOR) | ||
+ | * **Comp[f]** (when based on a compression function. Can replace f with a named compression function, which can either be part of the submission or existing compression function, e.g. SHA256) | ||
+ | To specify several options for parameter sets, curly braces can be used, e.g. BC/{AES,LED-80} for a block cipher based scheme which uses AES-128 and LED-80. | ||
==== Parallelizable (E/D) ==== | ==== Parallelizable (E/D) ==== | ||
Specify separately whether the scheme is parallelizable in encryption (E) and decryption (D). Valid options for both cases are: | Specify separately whether the scheme is parallelizable in encryption (E) and decryption (D). Valid options for both cases are: | ||
Line 42: | Line 45: | ||
* **MAX online** (leaks only the LCP (longest common prefix) of plaintexts) | * **MAX online** (leaks only the LCP (longest common prefix) of plaintexts) | ||
* **LCP+X** (leaks LCP and XOR of next plaintext block) | * **LCP+X** (leaks LCP and XOR of next plaintext block) | ||
+ | * **A+N** (when there is some level of security if all associated data + nonce pairs are unique) | ||
* **None** (when all security is lost if nonce is repeated) | * **None** (when all security is lost if nonce is repeated) | ||
==== Inverse free ==== | ==== Inverse free ==== | ||
- | State whether the scheme requires the inverse of the underlying primitive when considering . ONLY applicable for block cipher- or permutation-based modes. Valid options are: | + | State whether the scheme requires the inverse of the underlying primitive. ONLY applicable for block cipher- or permutation-based modes. Valid options are: |
* **Yes** | * **Yes** | ||
* **No** | * **No** | ||
* **N/A** (for when not applicable, see above) | * **N/A** (for when not applicable, see above) |