web02.fireside.fm Sat, 25 Apr 2026 12:17:38 -0500 Fireside (https://fireside.fm) Cryptography FM - Episodes Tagged with “Cryptanalysis” https://cryptography.fireside.fm/tags/cryptanalysis Tue, 20 Jul 2021 16:00:00 +0200 Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. en-us episodic In-depth, substantive discussions on the latest news and research in applied cryptography. Symbolic Software Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. no cryptography Symbolic Software nadim@symbolic.software Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2! https://cryptography.fireside.fm/20 b60866a9-b2e2-4f18-afa5-9e85ed75887d Tue, 20 Jul 2021 16:00:00 +0200 Symbolic Software 20 Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2! full Symbolic Software Were GPRS's encryption ciphers deliberately backdoored? Nadim discusses this question with cryptanalysts Gaëtan Leurent and Håvard Raddum. 42:56 no A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design. Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 (https://eprint.iacr.org/2021/819) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Gaëtan Leurent and Håvard Raddum. gprs,cryptanalysis A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design.

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Gaëtan Leurent and Håvard Raddum.

Links:

]]> A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design.

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Gaëtan Leurent and Håvard Raddum.

Links:

]]> Episode 2: Breaking Lightweight Symmetric Cryptography! https://cryptography.fireside.fm/2 c92ef410-d45c-4ab4-977e-c4bacff9ed30 Tue, 06 Oct 2020 16:00:00 +0200 Symbolic Software 2 Episode 2: Breaking Lightweight Symmetric Cryptography! full Symbolic Software Léo Perrin talks about how his team at INRIA was able to find serious breaks in the Gimli family of lightweight symmetric primitives, and why NIST's lightweight cryptography competition even matters in the first place, especially with block ciphers like AES dominating the industry. 34:24 no Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography competition meant to attract designs for symmetric primitives, such as hash functions and authenticated encryption ciphers, that work in use cases where even AES is not an adequately speedy standard. Among the submissions to NIST’s lightweight cryptography competition has been Gimli, a family of cryptographic primitives comprised of a hash function and of an authenticated encryption with associated data (AEAD) cipher. Named after the Lord of the Rings Dwarf warrior and authored by a long list of accomplished cryptographers, Gimli looked like a promising submission -- until a team of cryptanalysts at INRIA produced a surprising set of results outlining some potentially serious weaknesses in Gimli’s current design. In their paper, which recently was declared as the winner of the IACR Asiacrypt 2020 Best Paper Award, Antonio Flórez Gutiérrez, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, André Schrottenloher and Ferdinand Sibleyras from the INRIA research institute here in France presented some very strong results against Gimli’s security. But why does Gimli even matter? Why aren’t AES, ChaCha20-Poly1305, and BLAKE2 enough, even for the most performance-constrained scenarios? And how did this team of researchers succeed in obtaining such serious results on a family of cryptographic primitives that was certainly designed with care and expertise? Links and papers discussed in the show: * New results on Gimli: full-permutation distinguishers and improved collisions (https://eprint.iacr.org/2020/744) * Lower Bounds on the Degree of Block Ciphers (https://eprint.iacr.org/2020/1051) * Saturnin lightweight cryptography (https://project.inria.fr/saturnin/) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Léo Perrin. cryptanalysis,gimli Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography competition meant to attract designs for symmetric primitives, such as hash functions and authenticated encryption ciphers, that work in use cases where even AES is not an adequately speedy standard.

Among the submissions to NIST’s lightweight cryptography competition has been Gimli, a family of cryptographic primitives comprised of a hash function and of an authenticated encryption with associated data (AEAD) cipher. Named after the Lord of the Rings Dwarf warrior and authored by a long list of accomplished cryptographers, Gimli looked like a promising submission -- until a team of cryptanalysts at INRIA produced a surprising set of results outlining some potentially serious weaknesses in Gimli’s current design.

In their paper, which recently was declared as the winner of the IACR Asiacrypt 2020 Best Paper Award, Antonio Flórez Gutiérrez, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, André Schrottenloher and Ferdinand Sibleyras from the INRIA research institute here in France presented some very strong results against Gimli’s security.

But why does Gimli even matter? Why aren’t AES, ChaCha20-Poly1305, and BLAKE2 enough, even for the most performance-constrained scenarios? And how did this team of researchers succeed in obtaining such serious results on a family of cryptographic primitives that was certainly designed with care and expertise?

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Léo Perrin.

Sponsored By:

]]> Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography competition meant to attract designs for symmetric primitives, such as hash functions and authenticated encryption ciphers, that work in use cases where even AES is not an adequately speedy standard.

Among the submissions to NIST’s lightweight cryptography competition has been Gimli, a family of cryptographic primitives comprised of a hash function and of an authenticated encryption with associated data (AEAD) cipher. Named after the Lord of the Rings Dwarf warrior and authored by a long list of accomplished cryptographers, Gimli looked like a promising submission -- until a team of cryptanalysts at INRIA produced a surprising set of results outlining some potentially serious weaknesses in Gimli’s current design.

In their paper, which recently was declared as the winner of the IACR Asiacrypt 2020 Best Paper Award, Antonio Flórez Gutiérrez, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, André Schrottenloher and Ferdinand Sibleyras from the INRIA research institute here in France presented some very strong results against Gimli’s security.

But why does Gimli even matter? Why aren’t AES, ChaCha20-Poly1305, and BLAKE2 enough, even for the most performance-constrained scenarios? And how did this team of researchers succeed in obtaining such serious results on a family of cryptographic primitives that was certainly designed with care and expertise?

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guest: Léo Perrin.

Sponsored By:

]]>