382 research outputs found
Cryptanalysis of a Cayley Hash Function Based on Affine Maps in one Variable over a Finite Field
Cayley hash functions are cryptographic hashes constructed from Cayley graphs
of groups. The hash function proposed by Shpilrain and Sosnovski (2016), based
on linear functions over a finite field, was proven insecure. This paper shows
that the proposal by Ghaffari and Mostaghim (2018) that uses the Shpilrain and
Sosnovski's hash in its construction is also insecure. We demonstrate its
security vulnerability by constructing collisions.Comment: 10 page
Navigating in the Cayley graph of and applications to hashing
Cayley hash functions are based on a simple idea of using a pair of
(semi)group elements, and , to hash the 0 and 1 bit, respectively, and
then to hash an arbitrary bit string in the natural way, by using
multiplication of elements in the (semi)group. In this paper, we focus on
hashing with matrices over . Since there are many known pairs
of matrices over that generate a free monoid, this yields
numerous pairs of matrices over , for a sufficiently large prime , that
are candidates for collision-resistant hashing. However, this trick can
"backfire", and lifting matrix entries to may facilitate finding a
collision. This "lifting attack" was successfully used by Tillich and Z\'emor
in the special case where two matrices and generate (as a monoid) the
whole monoid . However, in this paper we show that the situation
with other, "similar", pairs of matrices from is different, and the
"lifting attack" can (in some cases) produce collisions in the group generated
by and , but not in the positive monoid. Therefore, we argue that for
these pairs of matrices, there are no known attacks at this time that would
affect security of the corresponding hash functions. We also give explicit
lower bounds on the length of collisions for hash functions corresponding to
some particular pairs of matrices from .Comment: 10 page
Cayley Graphs of Semigroups and Applications to Hashing
In 1994, Tillich and Zemor proposed a scheme for a family of hash functions that uses products of matrices in groups of the form . In 2009, Grassl et al. developed an attack to obtain collisions for palindromic bit strings by exploring a connection between the Tillich-Zemor functions and maximal length chains in the Euclidean algorithm for polynomials over .
In this work, we present a new proposal for hash functions based on Cayley graphs of semigroups. In our proposed hash function, the noncommutative semigroup of linear functions under composition is considered as platform for the scheme. We will also discuss its efficiency, pseudorandomness and security features.
Furthermore, we generalized the Fit-Florea and Matula\u27s algorithm (2004) that finds the discrete logarithm in the multiplicative group of integers modulo by establishing a connection between semi-primitive roots modulo where and the logarithmic base used in the algorithm
Ramanujan graphs in cryptography
In this paper we study the security of a proposal for Post-Quantum
Cryptography from both a number theoretic and cryptographic perspective.
Charles-Goren-Lauter in 2006 [CGL06] proposed two hash functions based on the
hardness of finding paths in Ramanujan graphs. One is based on
Lubotzky-Phillips-Sarnak (LPS) graphs and the other one is based on
Supersingular Isogeny Graphs. A 2008 paper by Petit-Lauter-Quisquater breaks
the hash function based on LPS graphs. On the Supersingular Isogeny Graphs
proposal, recent work has continued to build cryptographic applications on the
hardness of finding isogenies between supersingular elliptic curves. A 2011
paper by De Feo-Jao-Pl\^{u}t proposed a cryptographic system based on
Supersingular Isogeny Diffie-Hellman as well as a set of five hard problems. In
this paper we show that the security of the SIDH proposal relies on the
hardness of the SIG path-finding problem introduced in [CGL06]. In addition,
similarities between the number theoretic ingredients in the LPS and Pizer
constructions suggest that the hardness of the path-finding problem in the two
graphs may be linked. By viewing both graphs from a number theoretic
perspective, we identify the similarities and differences between the Pizer and
LPS graphs.Comment: 33 page
MV3: A new word based stream cipher using rapid mixing and revolving buffers
MV3 is a new word based stream cipher for encrypting long streams of data. A
direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word
version will obviously need vast amounts of memory. This scaling issue
necessitates a look for new components and principles, as well as mathematical
analysis to justify their use. Our approach, like RC4's, is based on rapidly
mixing random walks on directed graphs (that is, walks which reach a random
state quickly, from any starting point). We begin with some well understood
walks, and then introduce nonlinearity in their steps in order to improve
security and show long term statistical correlations are negligible. To
minimize the short term correlations, as well as to deter attacks using
equations involving successive outputs, we provide a method for sequencing the
outputs derived from the walk using three revolving buffers. The cipher is fast
-- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor.
A word based cipher needs to output more bits per step, which exposes more
correlations for attacks. Moreover we seek simplicity of construction and
transparent analysis. To meet these requirements, we use a larger state and
claim security corresponding to only a fraction of it. Our design is for an
adequately secure word-based cipher; our very preliminary estimate puts the
security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology -
CT-RSA 2007
Some applications of noncommutative groups and semigroups to information security
We present evidence why the Burnside groups of exponent 3 could be a good candidate for a platform group for the HKKS semidirect product key exchange protocol. We also explore hashing with matrices over SL2(Fp), and compute bounds on the girth of the Cayley graph of the subgroup of SL2(Fp) for specific generators A, B. We demonstrate that even without optimization, these hashes have comparable performance to hashes in the SHA family
- …