Cryptographic Hash Functions in Groups and Provable Properties

We consider several "provably secure" hash functions that compute simple sums in a well chosen group (G,*). Security properties of such functions provably translate in a natural way to computational problems in G that are simple to define and possibly also hard to solve. Given k disjoint lists Li of group elements, the k-sum problem asks for gi ∊ Li such that g1 * g2 *...* gk = 1G. Hardness of the problem in the respective groups follows from some "standard" assumptions used in public-key cryptology such as hardness of integer factoring, discrete logarithms, lattice reduction and syndrome decoding. We point out evidence that the k-sum problem may even be harder than the above problems. Two hash functions based on the group k-sum problem, SWIFFTX and FSB, were submitted to NIST as candidates for the future SHA-3 standard. Both submissions were supported by some sort of a security proof. We show that the assessment of security levels provided in the proposals is not related to the proofs included. The main claims on security are supported exclusively by considerations about available attacks. By introducing "second-order" bounds on bounds on security, we expose the limits of such an approach to provable security. A problem with the way security is quantified does not necessarily mean a problem with security itself. Although FSB does have a history of failures, recent versions of the two above functions have resisted cryptanalytic efforts well. This evidence, as well as the several connections to more standard problems, suggests that the k-sum problem in some groups may be considered hard on its own, and possibly lead to provable bounds on security. Complexity of the non-trivial tree algorithm is becoming a standard tool for measuring the associated hardness. We propose modifications to the multiplicative Very Smooth Hash and derive security from multiplicative k-sums in contrast to the original reductions that related to factoring or discrete logarithms. Although the original reductions remain valid, we measure security in a new, more aggressive way. This allows us to relax the parameters and hash faster. We obtain a function that is only three times slower compared to SHA-256 and is estimated to offer at least equivalent collision resistance. The speed can be doubled by the use of a special modulus, such a modified function is supported exclusively by the hardness of multiplicative k-sums modulo a power of two. Our efforts culminate in a new multiplicative k-sum function in finite fields that further generalizes the design of Very Smooth Hash. In contrast to the previous variants, the memory requirements of the new function are negligible. The fastest instance of the function expected to offer 128-bit collision resistance runs at 24 cycles per byte on an Intel Core i7 processor and approaches the 17.4 figure of SHA-256. The new functions proposed in this thesis do not provably achieve a usual security property such as preimage or collision resistance from a well-established assumption. They do however enjoy unconditional provable separation of inputs that collide. Changes in input that are small with respect to a well defined measure never lead to identical output in the compression function

Analysis of BCNS and Newhope Key-exchange Protocols

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. Following increasing interest from both companies and government agencies in building quantum computers, a number of works have proposed instantiations of practical post-quantum key-exchange protocols based on hard problems in lattices, mainly based on the Ring Learning With Errors (R-LWE) problem. In this work we present an analysis of Ring-LWE based key-exchange mechanisms and compare two implementations of Ring-LWE based key-exchange protocol: BCNS and NewHope. This is important as NewHope protocol implementation outperforms state-of-the art elliptic curve based Diffie-Hellman key-exchange X25519, thus showing that using quantum safe key-exchange is not only a viable option but also a faster one. Specifically, this thesis compares different reconciliation methods, parameter choices, noise sampling algorithms and performance

Security Protocol Suite for Preventing Cloud-based Denial-of-Service Attacks

Cloud systems, also known as cloud services, are among the primary solutions of the information technology domain. Cloud services are accessed through an identity authentication process. These authentication processes have become increasingly vulnerable to adversaries who may perform denial-of-service (DoS) attacks to make cloud services inaccessible. Several strong authentication protocols have been employed to protect conventional network systems. Nevertheless, they can cause a DoS threat when implemented in the cloud-computing system. This is because the comprehensive verification process may exhaust the cloud resources and shut down cloud’s services. This thesis proposes a novel cloud-based secure authentication (CSA) protocol suite that provides a smart authentication approach not only for verifying the users’ identities but also for building a strong line of defense against the DoS attacks. CSA protocol suite offers two modules, CSAM-1 and CSAM-2. The decision of which module of CSA to be utilized depends on the deployment nature of the cloud computing. CSAM-1 is designed to prevent external risks of DoS attacks in private and community cloud computing. CSAM-1 utilizes multiple techniques that include the client puzzle problem and utilization of unique encrypted text (UET). Therefore, these techniques can distinguish between a legitimate user’s request and an attacker’s attempt. CSAM-2 is designed to prevent internal risks of DoS attacks in public and hybrid cloud computing. CSAM-2 combines an extended unique encrypted text (EUET) application, client puzzle problem, and deadlock avoidance algorithm to prevent DoS risks that occur from inside cloud computing systems. The authentication process in both modules is designed so that the cloud-based servers become footprint-free and fully able to detect the signs of DoS attacks. The reliability and scalability of these two modules have been measured through a number of experiments using the GreenCloud simulation tool. The experiments’ results have shown that the CSA protocol suite is practically applicable as a lightweight authentication protocol. These experiments have verified the ability of the CSA to protect the cloud-based system against DoS attacks with an acceptable mean time to failure while still having the spare capacity to handle a large number of user requests

Overview of blockchain technology cryptographic security

This thesis work is aimed at developing understanding of the hash functions and algorithms being used in blockchain technologies Bitcoin in comparison to Ethereum and private blockchain hash functions. This study attempts to answer one fundamental research question: “What considerations are important in assessing blockchain cryptographic security, with an emphasis on hash functions”. The study was carried out qualitatively using a desk research approach and combining this approach with using two public blockchains-based cryptocurrencies; Ethereum and Bitcoin as case studies. The research aims to provide a holistic view of blockchain cryptographic security comparing Bitcoin and Ethereum as use cases, and thus providing a consolidated document which students studying cryptography can access to obtain a better understanding of what is involved in blockchain security. From an academic perspective, the research aims at providing a model which can be used in assessing what is important to consider in the cryptographic security of blockchains. Three main categories of factors considered were presented in the proposed model which were strategical factors, complexity attributes and technical drivers. This results in a base crucial metrics such as absence of secret seeds, efficiency of verification, preimage collision resistance, fixed output size, low collision probability, and even distribution of preimages in output

A Family of Fast Syndrome Based Cryptographic Hash Functions

Recently, some collisions have been exposed for a variety of cryptographic hash functions including some of the most widely used today. Many other hash functions using similar constructions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. In this article is presented a family of secure hash functions, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes. Taking into account the analysis by Coron and Joux based on Wagner's generalized birthday algorithm we study the asymptotical security of our functions. We demonstrate that this attack is always exponential in terms of the length of the hash value. We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter description for the function