325 research outputs found
Whirlwind: a new cryptographic hash function
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6
09031 Abstracts Collection -- Symmetric Cryptography
From 11.01.09 to 16.01.09, the Seminar 09031 in
``Symmetric Cryptography \u27\u27 was held
in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
MOIM: a novel design of cryptographic hash function
A hash function usually has two main components: a compression function or
permutation function and mode of operation. In this paper, we propose a new concrete
novel design of a permutation based hash functions called MOIM. MOIM is based on
concatenating two parallel fast wide pipe constructions as a mode of operation designed
by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state
is significantly larger than the size of the output. And the permutations functions used
in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally
inspired from Rijndael design (AES). As a consequence there is a very strong confusion
and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and
Joux attack in two defense security levels
Improving security of lightweith SHA-3 against preimage attacks
In this article we describe the SHA-3 algorithm and its internal permutation in which potential weaknesses are hidden. The hash algorithm can be used for different purposes, such as pseudo-random bit sequences generator, key wrapping or one pass authentication, especially in weak devices (WSN, IoT, etc.). Analysis of the function showed that successful preimage attacks are possible for low round hashes, protection from which only works with increasing the number of rounds inside the function. When the hash function is used for building lightweight applications, it is necessary to apply a small number of rounds, which requires additional security measures. This article proposes a variant improved hash function protecting against preimage attacks, which occur on SHA-3. We suggest using an additional external randomness sources obtained from a lightweight PRNG or from application of the source data permutation
Rtl Implementation Of Secure Hash Algorithm 3 (Sha-3) Towards Smaller Area
Secure data transfer has been the most challenging task for Internet of Things (IoT) devices. Data integrity must be ensured before and after the data transmission. Cryptographic hash functions are generally the basis of a secure network and used for data integrity verification. Cryptographic hash functions carried out processes such as identity verification, file integrity checking, secure key passing, and source code version control. Among all of the cryptography measures, Secure Hash Algorithm 3 (SHA-3) is the newest and secure cryptographic hash algorithm in the current electronic industry. In the previous Intel Microelectronic SHA-3 design, the synthesized area of the design is large due to many intermediate states and logics of the step mapping functions. The objective of this project is to design a synthesizable SHA-3 with 256-bits hash output and 1600-bits state array with lower area compared to Intel Microelectronic SHA-3. This research implements the SHA-3 in ways such that all the step mapping algorithms are logically combined to only use the input lanes of the state array to eliminate the intermediate logics and reduces the area size. Functionality verification is done using the test case provided by National Institute Standards and Technology (NIST). Two squeezing phases are tested to ensure the functionality of design. Final design of SHA-3 in this research can achieve area reduction by 12.57%, the cell count reduction by 24.35%, the critical path length reduction by 18.84%, and reduction of the clock cycles needed to generate the hash output by 75%. In conclusion, the SHA-3 with smaller area and higher performance has been designed and is possible to cater the needs of IoT application
Malicious Keccak
In this paper, we investigate Keccak --- the cryptographic hash function adopted as the SHA-3 standard. We propose a malicious variant of the function, where new round constants are introduced. We show that for such the variant, collision and preimage attacks are possible. We also identify a class of weak keys for the malicious Keccak working in the MAC mode. Ideas presented in the paper were verified by implementing the attacks on the function with the 128-bit hash
Attacks on StreamHash 2
StreamHash 2 is a hash function proposed by Michał Trojnara at the Cryptography and Security Systems in 2011 Conference. This algorithm is a member of StreamHash family which was first introduced in 2008 during the SHA-3 Competition. In this paper we will show collision attacks on the internal state of the StreamHash 2 hash function with complexity about 2^8n for the 32n-bit version of the algorithm and its reduced version with complexity 2^8n. We will also show its application to attacking the full StreamHash 2 function (finding a collision on all output bits) with complexity about 2^88 . We will try to show that any changes made to the construction (for instance the ones proposed for StreamHash 3) will have no effect on the security of the family due to critical fault build into the compression function
Cryptanalysis of 2-round KECCAK-384
In this paper, we present a cryptanalysis of round reduced Keccak-384 for 2 rounds. The best known preimage attack for this variant of Keccak has the time complexity . In our analysis, we find a preimage in the time complexity of and almost same memory is required
Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
We investigate the cost of Grover's quantum search algorithm when used in the
context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions.
Our cost model assumes that the attack is run on a surface code based
fault-tolerant quantum computer. Our estimates rely on a time-area metric that
costs the number of logical qubits times the depth of the circuit in units of
surface code cycles. As a surface code cycle involves a significant classical
processing stage, our cost estimates allow for crude, but direct, comparisons
of classical and quantum algorithms.
We exhibit a circuit for a pre-image attack on SHA-256 that is approximately
surface code cycles deep and requires approximately
logical qubits. This yields an overall cost of
logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is
approximately surface code cycles deep and requires approximately
logical qubits for a total cost of, again,
logical-qubit-cycles. Both attacks require on the order of queries in
a quantum black-box model, hence our results suggest that executing these
attacks may be as much as billion times more expensive than one would
expect from the simple query analysis.Comment: Same as the published version to appear in the Selected Areas of
Cryptography (SAC) 2016. Comments are welcome
- …