31 research outputs found
Slide Attacks on a Class of Hash Functions
Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatĂşn. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatĂşn, MAC, sponge function.
Collision Attack on GRINDAHL
Hash functions have been among the most scrutinized cryptographic primitives in the previous decade, mainly due to the cryptanalysis breakthroughs on MD-SHA family and the NIST SHA3 competition that followed. GRINDAHL is a hash function proposed at FSE 2007 that inspired several SHA3 candidates. One of its particularities is that it follows the RIJNDAEL design strategy, with an efficiency comparable to SHA2. This paper provides the first cryptanalytic work on this scheme and we show that the 256-bit version of GRINDAHL is not collision resistant. Our attack uses byte-level truncated differentials and leverages a counterintuitive method (reaching an internal state where all bytes are active) in order to ease the construction of good differential paths. Then, by a careful utilization of the freedom degrees inserted every round, and with a work effort of approximatively hash computations, an attacker can generate a collision for the full 256-bit version of GRINDAHL
Hash functions - characteristics, implementation and collisions
HašovacĂ funkce patřà mezi prvky modernĂ kryptografie. Jejich Ăşkolem je na vstupu oÄŤekávaná data pĹ™evĂ©st do unikátnĂ bitovĂ© posloupnosti. HašovacĂ funkce jsou pouĹľĂvány v mnoha aplikaÄŤnĂch oblastech, jako je ověřovánĂ integrity zpráv, autentizace informacĂ, jsou pouĹľĂvány v kryptografickĂ˝ch protokolech, ke komparaci dat a dalšĂch aplikacĂch. CĂlem diplomovĂ© práce je charakterizovat hašovacĂ funkce, popsat jejich základnĂ vlastnosti a vyuĹľitĂ. Dále se zaměřit na jednu hašovacĂ funkci, konkrĂ©tnÄ› MD5, a tu náleĹľitÄ› popsat. Popsat jejĂ konstrukci, bezpeÄŤnost a moĹľnosti ĂştokĹŻ na tuto funkci. PoslednĂm Ăşkolem je tuto funkci implementovat a implementovat i kolize na ni. V ĂşvodnĂch kapitolách je v práci popsána základnĂ definice hašovacĂ funkce, jsou popsány vlastnosti, jakĂ© by funkce mÄ›la mĂt, zmĂnÄ›ny metody, kterĂ˝mi je moĹľnĂ© pĹ™edcházet jejich kolizĂm a zmĂnÄ›ny oblasti, ve kterĂ˝ch se hašovacĂch funkcĂ vyuĹľĂvá. Dalšà kapitoly jsou zaměřeny na charakteristiky druhĹŻ hašovacĂch funkcĂ. TÄ›mito druhy jsou základnĂ hašovacĂ funkce postavenĂ© na základnĂch bitovĂ˝ch operacĂch, dokonalĂ© hašovacĂ funkce a kryptografickĂ© hašovacĂ funkce. Po dokonÄŤenĂ charakteristiky hašovacĂch funkcĂ se dále vÄ›nuji praktickĂ˝m záleĹľitostem. Je popsán základnĂ vzhled a ovládánĂ programu, na kterĂ˝ navazuje postupnĂ© popisovánĂ jednotlivĂ˝ch jeho funkcĂ, kterĂ© jsou i dostateÄŤnÄ› teoreticky vysvÄ›tleny. V dalšĂm textu je popsána funkce MD5, kde se vÄ›nuji jejĂ konstrukci, bezpeÄŤnostnĂm rizikĹŻm a samotnĂ© implementaci. Jako poslednĂ navazuje kapitola, tĂ˝kajĂcĂ se samotnĂ˝ch ĂştokĹŻ na hašovacĂ funkce, ve kterĂ© je popsána metoda tunelovánĂ hašovacĂ funkce, metoda Ăştoku brutálnĂ silou a slovnĂkovĂ˝ Ăştok.Hash functions belong to elements of modern cryptography. Their task is to transfer the data expected on the entry into a unique bite sequence. Hash functions are used in many application areas, such as message integrity verification, information authentication, and are used in cryptographic protocols, to compare data and other applications. The goal of the master’s thesis is to characterize hash functions to describe their basic characteristics and use. Next task was to focus on one hash function, in particular MD5, and describe it properly. That means, to describe its construction, safety and possible attacks on this function. The last task was to implement this function and collisions. The introductory chapters describe the basic definition of hash function, the properties of the function. The chapters mention the methods preventing collisions and the areas were the hash functions are used. Further chapters are focused on the characteristics of various types of hash functions. These types include basic hash functions built on basic bit operations, perfect hash functions and cryptographic hash functions. After concluding the characteristics of hash functions, I devoted to practical matters. The thesis describes the basic appearance and control of the program and its individual functions which are explained theoretically. The following text describes the function MD5, its construction, safety risks and implementation. The last chapter refers to attacks on hash functions and describes the hash function tunneling method, brute force attack and dictionary attack.
Cryptanalysis and Design of Symmetric Primitives
Der Schwerpunkt dieser Dissertation liegt in der Analyse und dem Design von Block- chiffren und Hashfunktionen. Die Arbeit beginnt mit einer EinfĂĽhrung in Techniken zur Kryptoanalyse von Blockchiffren. Wir beschreiben diese Methoden und zeigen wie man daraus neue Techniken entwickeln kann, welche zu staerkeren Angriffen fuehren. Im zweiten Teil der Arbeit stellen wir eine Reihe von Angriffen auf eine Vielzahl von Blockchiffren dar. Wir haben dabei Angriffe auf reduzierte Versionen von ARIA und dem AES entwickelt. Darueber hinaus praesentieren wir im dritten Teil Angriffe auf interne Blockchiffren von Hashfunktionen. Wir entwickeln Angriffe, welche die inter- nen Blockchiffren von Tiger und HAS-160 auf volle Rundenanzahl brechen. Die hier vorgestellten Angriffe sind die ersten dieser Art. Ein Angriff auf eine reduzierte Ver- sion von SHACAL-2 welcher fast keinen Speicherbedarf hat, wird ebenfalls vorgestellt. Der vierte Teil der Arbeit befasst sich mit den Design und der Analyse von kryp- tographischen Hashfunktionen. Wir habe einen Slide Angriff, eine Technik welche aus der Analyse von Blockchiffren bekannt ist, im Kontext von Hashfunktionen zur Anwendung gebracht. Dabei praesentieren wir verschiedene Angriffe auf GRINDAHL und RADIOGATUN. Aufbauend auf den Angriffen des zweiten und dritten Teils dieser Arbeit stellen wir eine neue Hashfunktion vor, welche wir TWISTER nennen. TWISTER wurde fuer den SHA-3 Wettbewerb entwickelt und ist bereits zur ersten Runde angenommen.This thesis focuses on the cryptanalysis and the design of block ciphers and hash func- tions. The thesis starts with an overview of methods for cryptanalysis of block ciphers which are based on differential cryptanalysis. We explain these concepts and also sev- eral combinations of these attacks. We propose new attacks on reduced versions of ARIA and AES. Furthermore, we analyze the strength of the internal block ciphers of hash functions. We propose the first attacks that break the internal block ciphers of Tiger, HAS-160, and a reduced round version of SHACAL-2. The last part of the thesis is concerned with the analysis and the design of cryptographic hash functions. We adopt a block cipher attack called slide attack into the scenario of hash function cryptanalysis. We then use this new method to attack different variants of GRINDAHL and RADIOGATUN. Finally, we propose a new hash function called TWISTER which was designed and pro- posed for the SHA-3 competition. TWISTER was accepted for round one of this com- petition. Our approach follows a new strategy to design a cryptographic hash function. We also describe several attacks on TWISTER and discuss the security issues concern- ing these attack on TWISTER
Cryptanalysis of RadioGatun
In this paper we study the security of the RadioGatun family of hash functions, and more precisely the collision resistance of this proposal. We show that it is possible to find differential paths with acceptable probability of success. Then, by using the freedom degrees available from the incoming message words, we provide a significant improvement over the best previously known cryptanalysis. As a proof of concept, we provide a colliding pair of messages for RadioGatun with 2-bit words. We finally argue that, under some light assumption, our technique is very likely to provide the first collision attack on RadioGatun
Cryptanalysis of the Hash Function LUX-256
LUX is a new hash function submitted to NIST\u27s SHA-3 competition. In this paper, we found some non-random properties of LUX due to the weakness of origin shift vector. We also give reduced blank round collision attack, free-start collision attack and free-start preimage attack on LUX-256. The two collision attacks are trivial. The free-start preimage attack has complexity of about 2^80 and requires negligible memory