Whirlwind: a new cryptographic hash function

A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6

09031 Abstracts Collection -- Symmetric Cryptography

From 11.01.09 to 16.01.09, the Seminar 09031 in ``Symmetric Cryptography \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

MOIM: a novel design of cryptographic hash function

A hash function usually has two main components: a compression function or permutation function and mode of operation. In this paper, we propose a new concrete novel design of a permutation based hash functions called MOIM. MOIM is based on concatenating two parallel fast wide pipe constructions as a mode of operation designed by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state is significantly larger than the size of the output. And the permutations functions used in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally inspired from Rijndael design (AES). As a consequence there is a very strong confusion and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and Joux attack in two defense security levels

Improving security of lightweith SHA-3 against preimage attacks

In this article we describe the SHA-3 algorithm and its internal permutation in which potential weaknesses are hidden.  The hash algorithm can be used for different purposes, such as pseudo-random bit sequences generator, key wrapping or one pass authentication, especially in weak devices (WSN, IoT, etc.). Analysis of the function showed that successful preimage attacks are possible for low round hashes, protection from which only works with increasing the number of rounds inside the function. When the hash function is used for building lightweight applications, it is necessary to apply a small number of rounds, which requires additional security measures. This article proposes a variant improved hash function protecting against preimage attacks, which occur on SHA-3. We suggest using an additional external randomness sources obtained from a lightweight PRNG or from application of the source data permutation

Rtl Implementation Of Secure Hash Algorithm 3 (Sha-3) Towards Smaller Area

Secure data transfer has been the most challenging task for Internet of Things (IoT) devices. Data integrity must be ensured before and after the data transmission. Cryptographic hash functions are generally the basis of a secure network and used for data integrity verification. Cryptographic hash functions carried out processes such as identity verification, file integrity checking, secure key passing, and source code version control. Among all of the cryptography measures, Secure Hash Algorithm 3 (SHA-3) is the newest and secure cryptographic hash algorithm in the current electronic industry. In the previous Intel Microelectronic SHA-3 design, the synthesized area of the design is large due to many intermediate states and logics of the step mapping functions. The objective of this project is to design a synthesizable SHA-3 with 256-bits hash output and 1600-bits state array with lower area compared to Intel Microelectronic SHA-3. This research implements the SHA-3 in ways such that all the step mapping algorithms are logically combined to only use the input lanes of the state array to eliminate the intermediate logics and reduces the area size. Functionality verification is done using the test case provided by National Institute Standards and Technology (NIST). Two squeezing phases are tested to ensure the functionality of design. Final design of SHA-3 in this research can achieve area reduction by 12.57%, the cell count reduction by 24.35%, the critical path length reduction by 18.84%, and reduction of the clock cycles needed to generate the hash output by 75%. In conclusion, the SHA-3 with smaller area and higher performance has been designed and is possible to cater the needs of IoT application

Malicious Keccak

In this paper, we investigate Keccak --- the cryptographic hash function adopted as the SHA-3 standard. We propose a malicious variant of the function, where new round constants are introduced. We show that for such the variant, collision and preimage attacks are possible. We also identify a class of weak keys for the malicious Keccak working in the MAC mode. Ideas presented in the paper were verified by implementing the attacks on the function with the 128-bit hash

Attacks on StreamHash 2

StreamHash 2 is a hash function proposed by Michał Trojnara at the Cryptography and Security Systems in 2011 Conference. This algorithm is a member of StreamHash family which was first introduced in 2008 during the SHA-3 Competition. In this paper we will show collision attacks on the internal state of the StreamHash 2 hash function with complexity about 2^8n for the 32n-bit version of the algorithm and its reduced version with complexity 2^8n. We will also show its application to attacking the full StreamHash 2 function (finding a collision on all output bits) with complexity about 2^88 . We will try to show that any changes made to the construction (for instance the ones proposed for StreamHash 3) will have no effect on the security of the family due to critical fault build into the compression function

Cryptanalysis of 2-round KECCAK-384

In this paper, we present a cryptanalysis of round reduced Keccak-384 for 2 rounds. The best known preimage attack for this variant of Keccak has the time complexity $2^{129}$. In our analysis, we find a preimage in the time complexity of $2^{89}$ and almost same memory is required

Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3

We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cycles. As a surface code cycle involves a significant classical processing stage, our cost estimates allow for crude, but direct, comparisons of classical and quantum algorithms. We exhibit a circuit for a pre-image attack on SHA-256 that is approximately $2^{153.8}$ surface code cycles deep and requires approximately $2^{12.6}$ logical qubits. This yields an overall cost of $2^{166.4}$ logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is approximately $2^{146.5}$ surface code cycles deep and requires approximately $2^{20}$ logical qubits for a total cost of, again, $2^{166.5}$ logical-qubit-cycles. Both attacks require on the order of $2^{128}$ queries in a quantum black-box model, hence our results suggest that executing these attacks may be as much as $275$ billion times more expensive than one would expect from the simple query analysis.Comment: Same as the published version to appear in the Selected Areas of Cryptography (SAC) 2016. Comments are welcome