12 research outputs found
09031 Abstracts Collection -- Symmetric Cryptography
From 11.01.09 to 16.01.09, the Seminar 09031 in
``Symmetric Cryptography \u27\u27 was held
in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
Cryptanalysis of EnRUPT
In this paper we present a preimage attack on EnRUPT-512. We exploit the fact that the internal state is only a little bit larger than the critical security level: 1152 bits against 1024 bits. The absence of a message expansion and a fairly simple compression function allow us to fix the values for some state words and thus reduce the size of birthday state space in the meet-in-the-middle attack under 1024 bits. Equations that arise through the analysis are solved using look-up tables. The complexity of the attack is around 2^{480} compression function calls and the memory requirement is around 2^{384}
Cryptanalysis of RadioGatun
In this paper we study the security of the RadioGatun family of hash functions, and more precisely the collision resistance of this proposal. We show that it is possible to find differential paths with acceptable probability of success. Then, by using the freedom degrees available from the incoming message words, we provide a significant improvement over the best previously known cryptanalysis. As a proof of concept, we provide a colliding pair of messages for RadioGatun with 2-bit words. We finally argue that, under some light assumption, our technique is very likely to provide the first collision attack on RadioGatun
Cryptanalysis of the Hash Function LUX-256
LUX is a new hash function submitted to NIST\u27s SHA-3 competition. In this paper, we found some non-random properties of LUX due to the weakness of origin shift vector. We also give reduced blank round collision attack, free-start collision attack and free-start preimage attack on LUX-256. The two collision attacks are trivial. The free-start preimage attack has complexity of about 2^80 and requires negligible memory
Mini-ciphers: a reliable testbed for cryptanalysis?
This paper reports on higher-order square analysis of the
AES cipher. We present experimental results of attack simulations on
mini-AES versions with word sizes of 3, 4, 5, 6 and 7 bits and describe
the propagation of higher-order Lambda-sets inside some of these distinguishers.
A possible explanation of the length of the square distinguishers uses the
concept of higher-order derivatives of discrete mappings
Slide Attacks on a Class of Hash Functions
Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatĂşn. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatĂşn, MAC, sponge function.
Hash functions - characteristics, implementation and collisions
HašovacĂ funkce patřà mezi prvky modernĂ kryptografie. Jejich Ăşkolem je na vstupu oÄŤekávaná data pĹ™evĂ©st do unikátnĂ bitovĂ© posloupnosti. HašovacĂ funkce jsou pouĹľĂvány v mnoha aplikaÄŤnĂch oblastech, jako je ověřovánĂ integrity zpráv, autentizace informacĂ, jsou pouĹľĂvány v kryptografickĂ˝ch protokolech, ke komparaci dat a dalšĂch aplikacĂch. CĂlem diplomovĂ© práce je charakterizovat hašovacĂ funkce, popsat jejich základnĂ vlastnosti a vyuĹľitĂ. Dále se zaměřit na jednu hašovacĂ funkci, konkrĂ©tnÄ› MD5, a tu náleĹľitÄ› popsat. Popsat jejĂ konstrukci, bezpeÄŤnost a moĹľnosti ĂştokĹŻ na tuto funkci. PoslednĂm Ăşkolem je tuto funkci implementovat a implementovat i kolize na ni. V ĂşvodnĂch kapitolách je v práci popsána základnĂ definice hašovacĂ funkce, jsou popsány vlastnosti, jakĂ© by funkce mÄ›la mĂt, zmĂnÄ›ny metody, kterĂ˝mi je moĹľnĂ© pĹ™edcházet jejich kolizĂm a zmĂnÄ›ny oblasti, ve kterĂ˝ch se hašovacĂch funkcĂ vyuĹľĂvá. Dalšà kapitoly jsou zaměřeny na charakteristiky druhĹŻ hašovacĂch funkcĂ. TÄ›mito druhy jsou základnĂ hašovacĂ funkce postavenĂ© na základnĂch bitovĂ˝ch operacĂch, dokonalĂ© hašovacĂ funkce a kryptografickĂ© hašovacĂ funkce. Po dokonÄŤenĂ charakteristiky hašovacĂch funkcĂ se dále vÄ›nuji praktickĂ˝m záleĹľitostem. Je popsán základnĂ vzhled a ovládánĂ programu, na kterĂ˝ navazuje postupnĂ© popisovánĂ jednotlivĂ˝ch jeho funkcĂ, kterĂ© jsou i dostateÄŤnÄ› teoreticky vysvÄ›tleny. V dalšĂm textu je popsána funkce MD5, kde se vÄ›nuji jejĂ konstrukci, bezpeÄŤnostnĂm rizikĹŻm a samotnĂ© implementaci. Jako poslednĂ navazuje kapitola, tĂ˝kajĂcĂ se samotnĂ˝ch ĂştokĹŻ na hašovacĂ funkce, ve kterĂ© je popsána metoda tunelovánĂ hašovacĂ funkce, metoda Ăştoku brutálnĂ silou a slovnĂkovĂ˝ Ăştok.Hash functions belong to elements of modern cryptography. Their task is to transfer the data expected on the entry into a unique bite sequence. Hash functions are used in many application areas, such as message integrity verification, information authentication, and are used in cryptographic protocols, to compare data and other applications. The goal of the master’s thesis is to characterize hash functions to describe their basic characteristics and use. Next task was to focus on one hash function, in particular MD5, and describe it properly. That means, to describe its construction, safety and possible attacks on this function. The last task was to implement this function and collisions. The introductory chapters describe the basic definition of hash function, the properties of the function. The chapters mention the methods preventing collisions and the areas were the hash functions are used. Further chapters are focused on the characteristics of various types of hash functions. These types include basic hash functions built on basic bit operations, perfect hash functions and cryptographic hash functions. After concluding the characteristics of hash functions, I devoted to practical matters. The thesis describes the basic appearance and control of the program and its individual functions which are explained theoretically. The following text describes the function MD5, its construction, safety risks and implementation. The last chapter refers to attacks on hash functions and describes the hash function tunneling method, brute force attack and dictionary attack.
Collision Attack on GRINDAHL
Hash functions have been among the most scrutinized cryptographic primitives in the previous decade, mainly due to the cryptanalysis breakthroughs on MD-SHA family and the NIST SHA3 competition that followed. GRINDAHL is a hash function proposed at FSE 2007 that inspired several SHA3 candidates. One of its particularities is that it follows the RIJNDAEL design strategy, with an efficiency comparable to SHA2. This paper provides the first cryptanalytic work on this scheme and we show that the 256-bit version of GRINDAHL is not collision resistant. Our attack uses byte-level truncated differentials and leverages a counterintuitive method (reaching an internal state where all bytes are active) in order to ease the construction of good differential paths. Then, by a careful utilization of the freedom degrees inserted every round, and with a work effort of approximatively hash computations, an attacker can generate a collision for the full 256-bit version of GRINDAHL
Side-channel Analysis of Six SHA-3 Candidates
In this paper we study six 2nd round SHA-3 candidates from a side-channel cryptanalysis point of view. For each of them, we give the exact procedure and appropriate choice of selection functions to perform the attack.
Depending on their inherent structure and the internal primitives used (Sbox, addition or XOR), some schemes are more prone to side channel analysis than others, as shown by our simulations