Gaetan Leurent
==============

Title: Security issues with small block sizes

Abstract:
The field of lightweight cryptography is very active, with many block
ciphers proposed recently to achieve various notions of
lightweight-ness.  In this talk we will focus on how to use these block
ciphers for encryption or authentication, using a mode of operation.
Indeed, the security proofs of classical modes of operation (CBC, CTR,
CBC-MAC, ...) are only valid up to the birthday bound.  Since many
lightweight block ciphers have a small block size (typically 64 bits),
this security might be insufficient in practice.

We will discuss birthday distinguishers against modes of operations,
their impact for practical attacks, and how to avoid this issue.