A Generic attack on CubeHash, a SHA-3 candidate

A secure cryptographic hashing function should be resistant to three different scenarios: First, a cryptographic hashing function must be preimage resistant, that is, it should be infeasible for an attacker to construct a message such that it produces a known hash output value. Second, a cryptographic hashing function must be second preimage resistant, or it should be infeasible for an attacker to construct a message such that it has the same hash output value as another known message. Third, a cryptographic hashing function must be collision resistant, which means that it should be infeasible for an attacker to find any two different messages such that their hash output values are the same. The current Secure Hash Algorithm (SHA) family, namely SHA-1 and SHA-2, were designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST). Recent advances in cryptanalysis of hash functions have led to concerns about the collision resistance in the SHA family. To address these concerns, NIST has opened a public worldwide competition known as the SHA-3 competition to find the new hash function, which will become SHA-3. Each candidate hash function is scrutinized by the public, and candidates with found weaknesses are dropped from advancing to the next rounds of the competition. The goal is that the strongest hash function will emerge at the end of the competition, and this hash function will be free for everyone to use. This thesis implemented a generic attack against the collision resistance of small variants of one candidate in the SHA-3 competition, CubeHash. A unique hash-chaining approach was used to find the collisions, and the parallelization of several FPGAs lead to parallelization measurements and analysis to see if a linear speedup could be obtained

Evolution of the StreamHash hash function family

This paper describes the evolution of StreamHash cryptographic hash function family proposed by the author. The first member of the StreamHash family was StreamHash (now called StreamHash1) function, accepted for the first round of SHA-3 competition organized by the US government standards agency NIST†. The competition has been started in order to select a new SHA-3 standard as the successor of SHA-2 family of cryptographic hash functions. Function StreamHash2 mostly addresses security weaknesses identified during the SHA-3 competition, while the sketch of function StreamHash3 attempts to improve resistance to side-channel attacks and performance properties. The paper starts with an overview of basic properties of cryptographic hash functions followed by the description of the StreamHash family design principles and its basic structure. Subsequent sections illustrate the way each subsequent function uses lessons learnt while designing and testing the previous one

Evolutionary Game for Mining Pool Selection in Blockchain Networks

In blockchain networks adopting the proof-of-work schemes, the monetary incentive is introduced by the Nakamoto consensus protocol to guide the behaviors of the full nodes (i.e., block miners) in the process of maintaining the consensus about the blockchain state. The block miners have to devote their computation power measured in hash rate in a crypto-puzzle solving competition to win the reward of publishing (a.k.a., mining) new blocks. Due to the exponentially increasing difficulty of the crypto-puzzle, individual block miners tends to join mining pools, i.e., the coalitions of miners, in order to reduce the income variance and earn stable profits. In this paper, we study the dynamics of mining pool selection in a blockchain network, where mining pools may choose arbitrary block mining strategies. We identify the hash rate and the block propagation delay as two major factors determining the outcomes of mining competition, and then model the strategy evolution of the individual miners as an evolutionary game. We provide the theoretical analysis of the evolutionary stability for the pool selection dynamics in a case study of two mining pools. The numerical simulations provide the evidence to support our theoretical discoveries as well as demonstrating the stability in the evolution of miners' strategies in a general case.Comment: Submitted to IEEE Wireless Communication Letter

Security of the SHA-3 candidates Keccak and Blue Midnight Wish: Zero-sum property

The SHA-3 competition for the new cryptographic standard was initiated by National Institute of Standards and Technology (NIST) in 2007. In the following years, the event grew to one of the top areas currently being researched by the CS and cryptographic communities. The first objective of this thesis is to overview, analyse, and critique the SHA-3 competition. The second one is to perform an in-depth study of the security of two candidate hash functions, the finalist Keccak and the second round candidate Blue Midnight Wish. The study shall primarily focus on zero-sum distinguishers. First we attempt to attack reduced versions of these hash functions and see if any vulnerabilities can be detected. This is followed by attacks on their full versions. In the process, a novel approach is utilized in the search of zero-sum distinguishers by employing SAT solvers. We conclude that while such complex attacks can theoretically uncover undesired properties of the two hash functions presented, such attacks are still far from being fully realized due to current limitations in computing power

Whirlwind: a new cryptographic hash function

A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6

On Optimized FPGA Implementations of the SHA-3 Candidate Groestl

The National Institute of Standards and Technology (NIST) has started a competition for a new secure hash standard. In this context third party implementations of all proposed hash functions are regarded as an important part of the competition. We chose to implement the Groestl hash function for FPGAs, for its resemblance to AES. More precisely we developed two optimized versions, one optimized for throughput, the other one for area. Both implementations improve the results and estimates presented in the original submission to the competition. The performance of both implementations may be improved further, thus Groestl seems to be a good candidate for implementations on medium sized FPGAs. Besides that, it is shown that Groestl needs a significant amount of resources, which will hinder its use for automotive applications

Cube attacks on cryptographic hash functions

Cryptographic hash functions are a vital part of our current computer sys- tems. They are a core component of digital signatures, message authentica- tion codes, file checksums, and many other protocols and security schemes. Recent attacks against well-established hash functions have led NIST to start an international competition to develop a new hashing standard to be named SHA-3. In this thesis, we provide cryptanalysis of some of the SHA-3 candidates. We do this using a new cryptanalytical technique introduced a few months ago called cube attacks. In addition to summarizing the technique, we build on it by providing a framework for estimating its potential effectiveness for cases too computationally expensive to test. We then show that cube at- tacks can not only be applied to keyed cryptosystems but also to hash func- tions by way of a partial preimage attack. We successfully apply this attack to reduced-round variants of the ESSENCE and Keccak SHA-3 candidates and provide a detailed analysis of how and why the cube attacks succeeded. We also discuss the limits of theoretically extending these attacks to higher rounds. Finally, we provide some preliminary results of applying cube attacks to other SHA-3 candidates