On the Design of Secure and Fast Double Block Length Hash Functions

In this work the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of n-bit and a key length of 2n-bit, is reconsidered. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose uncovered flaws in the necessary conditions given by Satoh et al. and Hirose. Preimage and second preimage attacks are presented on Hirose's two examples which were left as an open problem. Therefore, although all the rate-1 hash functions in this general class are failed to be optimally (second) preimage resistant, the necessary conditions are refined for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the refined conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in the compression function has the key length is equal to the block length, while the other is doubled

Authentication of Electronic Records: Limitations of Indian Legal Approach

Paper based documents have inherent authenticity and high evidentiary value for obvious reasons. The documents are permanent record of the contractual relationship of the parties and their contents cannot be so easily altered, modified or changed and even if any change is effected that can be easily detected. This is the reason that the Indian Evidence Act, 1872 excludes oral evidence in presence of documentary evidence. The moot point is that can an electronic record be treated equivalent to paper based record? In other words, can an electronic record have all the properties of the physical document appended with the hand written signature? This is necessitated by the fact that there are different laws in India providing that a contract is not valid unless it is in writing and signed by the parties. An attempt is made in this paper to analyze the provisions prescribing authentication of electronic records in India to demonstrate inherent limitations in them. To overcome these limitations, a new model of authentication is proposed which is based on digital signature combined with time stamping service

HeW: AHash Function based on Lightweight Block Cipher FeW

A new hash function HeW: A hash function based on light weight block cipher FeW is proposed in this paper. The compression function of HeW is based on block cipher FeW. It is believed that key expansion algorithm of block cipher slows down the performance of the overlying hash function. Thereby, block ciphers become a less favourable choice to design a compression function. As a countermeasure, we cut down the key size of FeW from 80-bit to 64-bit and provide a secure and efficient key expansion algorithm for the modified key size. FeW based compression function plays a vital role to enhance the efficiency of HeW. We test the hash output for randomness using the NIST statistical test suite and test the avalanche effect, bit variance and near collision resistance. We also give the security estimates of HeW against differential cryptanalysis, length extension attack, slide attack and rotational distinguisher.

NaSHA

We propose the NaSHA-(m, k, r) family of cryptographic hash functions, based on quasigroup transformations. We use huge quasigroups defined by extended Feistel networks from small bijections and a novel design principle: the quasigroup used in every iteration of the compression function is different and depends on the processed message block. We present in all details of the implementations of NaSHA-(m, 2, 6) where m in {224, 256, 384, 512}

Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform

We analyse the Double-Mix Merkle-Damgaard construction (DMMD) used in the AURORA family of hash functions. We show that DMMD falls short of providing the expected level of security. Specically, we are able to find 2nd pre-images for AURORA-512 in time 2^{291}, and collisions in time 2^{234.4}. A limited-memory variant finds collisions in time 2^{249}

Slide Attacks on a Class of Hash Functions

Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatún. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatún, MAC, sponge function.

Hash function requirements for Schnorr signatures

We provide two necessary conditions on hash functions for the Schnorr signature scheme to be secure, assuming compact group representations such as those which occur in elliptic curve groups. We also show, via an argument in the generic group model, that these conditions are sufficient. Our hash function security requirements are variants of the standard notions of preimage and second preimage resistance. One of them is in fact equivalent to the Nostradamus attack by Kelsey and Kohno (Eurocrypt, Lecture Notes in Computer Science 4004: 183-200, 2006), and, when considering keyed compression functions, both are closely related to the ePre and eSec notions by Rogaway and Shrimpton (FSE, Lecture Notes in Computer Science 3017: 371-388, 2004). Our results have a number of interesting implications in practice. First, since security does not rely on the hash function being collision resistant, Schnorr signatures can still be securely instantiated with SHA-1/SHA-256, unlike DSA signatures. Second, we conjecture that our properties require O(2 n ) work to solve for a hash function with n-bit output, thereby allowing the use of shorter hashes and saving twenty-five percent in signature size. And third, our analysis does not reveal any significant difference in hardness between forging signatures and computing discrete logarithms, which plays down the importance of the loose reductions in existing random-oracle proofs, and seems to support the use of "normal-size” group

MGR HASH FUNCTION

GOST-R is a Russian Standard Cryptographic Hash function which was first introduced in 1994 by Russian Federal for information processing, information security and digital signature. In 2012, it was updated to GOST-R 34.11-2012 and replaced older one for all its applications from January 2013. GOST-R is based on modified Merkle-Damg\aa rd construction. Here, we present a modified version of GOST-R (MGR-hash). The modified design is based on wide pipe construction which is also a modified Merkle-Damg\aa rd construction. MGR is much more secure as well as three times faster than GOST-R. AES like block cipher has been used in designing the compression function of MGR because AES is one of the most efficient and secure block cipher and it has been evaluated for more than 12 years. We will also analyze the MGR hash function with respect to its security and efficiency

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO