585 research outputs found
Cryptanalysis of 1-Round KECCAK
In this paper, we give the first pre-image attack against 1- round KECCAK-512 hash function, which works for all variants of 1- round KECCAK. The attack gives a preimage of length less than 1024 bits by solving a system of 384 linear equations. We also give a collision attack against 1-round KECCAK using similar analysis
Quantum Algorithms for Boolean Equation Solving and Quantum Algebraic Attack on Cryptosystems
Decision of whether a Boolean equation system has a solution is an NPC
problem and finding a solution is NP hard. In this paper, we present a quantum
algorithm to decide whether a Boolean equation system FS has a solution and
compute one if FS does have solutions with any given success probability. The
runtime complexity of the algorithm is polynomial in the size of FS and the
condition number of FS. As a consequence, we give a polynomial-time quantum
algorithm for solving Boolean equation systems if their condition numbers are
small, say polynomial in the size of FS. We apply our quantum algorithm for
solving Boolean equations to the cryptanalysis of several important
cryptosystems: the stream cipher Trivum, the block cipher AES, the hash
function SHA-3/Keccak, and the multivariate public key cryptosystems, and show
that they are secure under quantum algebraic attack only if the condition
numbers of the corresponding equation systems are large. This leads to a new
criterion for designing cryptosystems that can against the attack of quantum
computers: their corresponding equation systems must have large condition
numbers
Revisiting Shared Data Protection Against Key Exposure
This paper puts a new light on secure data storage inside distributed
systems. Specifically, it revisits computational secret sharing in a situation
where the encryption key is exposed to an attacker. It comes with several
contributions: First, it defines a security model for encryption schemes, where
we ask for additional resilience against exposure of the encryption key.
Precisely we ask for (1) indistinguishability of plaintexts under full
ciphertext knowledge, (2) indistinguishability for an adversary who learns: the
encryption key, plus all but one share of the ciphertext. (2) relaxes the
"all-or-nothing" property to a more realistic setting, where the ciphertext is
transformed into a number of shares, such that the adversary can't access one
of them. (1) asks that, unless the user's key is disclosed, noone else than the
user can retrieve information about the plaintext. Second, it introduces a new
computationally secure encryption-then-sharing scheme, that protects the data
in the previously defined attacker model. It consists in data encryption
followed by a linear transformation of the ciphertext, then its fragmentation
into shares, along with secret sharing of the randomness used for encryption.
The computational overhead in addition to data encryption is reduced by half
with respect to state of the art. Third, it provides for the first time
cryptographic proofs in this context of key exposure. It emphasizes that the
security of our scheme relies only on a simple cryptanalysis resilience
assumption for blockciphers in public key mode: indistinguishability from
random, of the sequence of diferentials of a random value. Fourth, it provides
an alternative scheme relying on the more theoretical random permutation model.
It consists in encrypting with sponge functions in duplex mode then, as before,
secret-sharing the randomness
Improving security of lightweith SHA-3 against preimage attacks
In this article we describe the SHA-3 algorithm and its internal permutation in which potential weaknesses are hidden. The hash algorithm can be used for different purposes, such as pseudo-random bit sequences generator, key wrapping or one pass authentication, especially in weak devices (WSN, IoT, etc.). Analysis of the function showed that successful preimage attacks are possible for low round hashes, protection from which only works with increasing the number of rounds inside the function. When the hash function is used for building lightweight applications, it is necessary to apply a small number of rounds, which requires additional security measures. This article proposes a variant improved hash function protecting against preimage attacks, which occur on SHA-3. We suggest using an additional external randomness sources obtained from a lightweight PRNG or from application of the source data permutation
Security of the SHA-3 candidates Keccak and Blue Midnight Wish: Zero-sum property
The SHA-3 competition for the new cryptographic standard was initiated by National Institute of Standards and Technology (NIST) in 2007. In the following years, the event grew to one of the top areas currently being researched by the CS and cryptographic communities. The first objective of this thesis is to overview, analyse, and critique the SHA-3 competition. The second one is to perform an in-depth study of the security of two candidate hash functions, the finalist Keccak and the second round candidate Blue Midnight Wish. The study shall primarily focus on zero-sum distinguishers. First we attempt to attack reduced versions of these hash functions and see if any vulnerabilities can be detected. This is followed by attacks on their full versions. In the process, a novel approach is utilized in the search of zero-sum distinguishers by employing SAT solvers. We conclude that while such complex attacks can theoretically uncover undesired properties of the two hash functions presented, such attacks are still far from being fully realized due to current limitations in computing power
MOIM: a novel design of cryptographic hash function
A hash function usually has two main components: a compression function or
permutation function and mode of operation. In this paper, we propose a new concrete
novel design of a permutation based hash functions called MOIM. MOIM is based on
concatenating two parallel fast wide pipe constructions as a mode of operation designed
by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state
is significantly larger than the size of the output. And the permutations functions used
in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally
inspired from Rijndael design (AES). As a consequence there is a very strong confusion
and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and
Joux attack in two defense security levels
Analysis of the possibility of using selected hash functions submitted for the SHA-3 competition in the SDEx encryption method
The paper presents analysis of the possibility of using selected hash functions submitted for the SHA-3 competition in the SDEx encryption method. The group of these functions will include the finalists of the SHA-3 competition, i.e. BLAKE, Grøstl, JH, Keccak, Skein. The aim of the analysis is to develop more secure and faster cryptographic algorithm compared to the current version of the SDEx method with SHA-512 and the AES algorithm. When considering the speed of algorithms, mainly the software implementation will be taken into account, as it is the most commonly used
- …