Selected Publications

In Journal of Mathematical Cryptology, 2018.

Cryptographic primitives from coding theory are some of the most promising candidates for NIST’s Post-Quantum Cryptography Standardization process. In this paper, we introduce a variety of techniques to improve operations on dyadic matrices, a particular type of symmetric matrices that appear in the automorphism group of certain linear codes. Besides the independent interest, these techniques find an immediate application in practice. In fact, one of the candidates for the Key Exchange functionality, called DAGS, makes use of quasi-dyadic matrices to provide compact keys for the scheme.
In MathCrypt, 2018.

The most important pre-quantum threat to AES-128 is the 1994 van Oorschot–Wiener parallel rho method, a low-communication parallel pre-quantum multi-target preimage-search algorithm. This algorithm uses a mesh of p small processors, each running for approximately $2^{128}/pt$ fast steps, to find one of $t$ independent AES keys $k_1$, …, $k_t$, given the ciphertexts AES_k_1(0), …,AES_k_t(0) for a shared plaintext $0$. NIST has claimed a high post-quantum security level for AES-128, starting from the following rationale: Grover’s algorithm requires a long-running serial computation, which is difficult to implement in practice. In a realistic attack, one has to run many smaller instances of the algorithm in parallel, which makes the quantum speedup less dramatic. NIST has also stated that resistance to multi-key attacks is desirable; but, in a realistic parallel setting, a straightforward multi-key application of Grover’s algorithm costs more than targeting one key at a time. This paper introduces a different quantum algorithm for multi-target preimage search. This algorithm shows, in the same realistic parallel setting, that quantum preimage search benefits asymptotically from having multiple targets. The new algorithm requires a revision of NIST’s AES-128, AES-192, and AES-256 security claims.
In SAC, 2017.

Recent Publications

. DAGS: Reloaded Revisiting Dyadic Key Encapsulation. Eprint Report, 2018.


. DAGS: Key Encapsulation using Dyadic GS Codes. In Journal of Mathematical Cryptology, 2018.


. Designing Efficient Dyadic Operations for Cryptographic Applications. In MathCrypt, 2018.

Preprint PDF

. A new class of irreducible pentanomial. In JCEN, 2018.


. DAGS: Key Encapsulation using Dyadic GS Codes. NIST Submission, 2017.

PDF Code

. Attacks in Stream Ciphers: A Survey. Eprint Report, 2014.

Preprint PDF

Recent Posts

Report Starting one more surf «report» about Gran Canarias. It is middle of February, we find a nice place to surf. I mean, every video was with nice waves and happy people surfing. In the first day here, we went to «Playa de La Pared» and the waves weren’t the most exciting, it was 1 to 1.5 meters and it crashed direct. So, no walls to «play». However, it was a good


Report It was end of October, I went to proper surf, that is, I was staying more than one week in Peniche. I knew Portugal (I have surfed in Ribera d’Ilhas - Ericeira in June of 2016) and it is a nice place to surf. In the first day, we didn’t have great waves and it was something like 0.5m. However, when we reached the third day of the trip a massive swell arrived there.


Surf Trip to Portucal ERICEIRA


Report It was January 29th, I was going for a summerschool in Tenerife and I saw some videos about surfing. Unfortunately, I didn’t have much time to go to surf. I just surfed two days in Tenerife. It is possible to see that the wave is completely different from Brazil. In special, it is very different from Florianopolis However, it was a nice opportunity to surf fast waves. I think that the principal from waves from Tenerife is that it is more fast and deep than the waves in Brazil.


Surf in Florianopolis I have a special feeling for Florianopolis. It was the city that I learned to surf. Here, I am going to put the collection of pictures that I have from this awesome place. Florianopolis, Brazil .



  • gustavo[at]cryptme[dot]in
  • Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB EINDHOVEN
  • F77335B6 498FE552 502F05D9 F2A5C9CC 5884804E
  • 0xE2E3D43F