48 research outputs found
On hashing with tweakable ciphers
Cryptographic hash functions are often built on block ciphers in order to reduce the security analysis of the hash to that of the cipher, and to minimize the hardware size. Well known hash constructs are used in international standards like MD5 and SHA-1. Recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such functions on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a provably secure mode of operation with a provably secure tweakable cipher does not guarantee the security of the constructed hash function. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers
New Second Preimage Attacks on Dithered Hash Functions with Low Memory Complexity
Dithered hash functions were proposed by Rivest as a method
to mitigate second preimage attacks on Merkle-Damgard hash functions.
Despite that, second preimage attacks against dithered hash functions
were proposed by Andreeva et al. One issue with these second preimage
attacks is their huge memory requirement in the precomputation and the
online phases. In this paper, we present new second preimage attacks on
the dithered Merkle-Damgard construction. These attacks consume significantly
less memory in the online phase (with a negligible increase in
the online time complexity) than previous attacks. For example, in the
case of MD5 with the Keranen sequence, we reduce the memory complexity
from about 2^51 blocks to about 2^26.7 blocks (about 545 MB). We also
present an essentially memoryless variant of Andreeva et al. attack. In
case of MD5-Keranen or SHA1-Keranen, the offline and online memory
complexity is 2^15.2 message blocks (about 188â235 KB), at the expense
of increasing the offline time complexity
A Four-Component Framework for Designing and Analyzing Cryptographic Hash Algorithms
Cryptographic hash algorithms are important building blocks in cryptographic protocols, providing authentication and assurance of integrity. While many different hash algorithms are available including MD5, Tiger, and HAVAL, it is difficult to compare them since they do not
necessarily use the same techniques to achieve their security goals. This work informally describes a framework in four parts which allows different hash algorithms to be compared based on their strengths and weaknesses. By breaking down cryptographic hash algorithms into their preprocessing, postprocessing, compression function, and internal structure components, weaknesses in existing algorithms can be mitigated and new algorithms can take advantage of strong individual components
Slide Attacks on a Class of Hash Functions
Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatĂșn. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatĂșn, MAC, sponge function.
A New Proposal Against the Main of Generic Attacks
This paper presents a effcient proposal for iterating hash functions
to prevent the main of generic attacks such as Multicollisions Attack,Second
Preimage Attack and Herding Attack.Based on this proposal,itâs possible that a
secure hash function can be built with iterating compression functions .
The proposal mainly contains a method called â Shifting Whole Messageâ,it
regroups the cascaded messages to be new blocks and makes the known results
of the pre-computed blocks noneffective
Linear Analysis of Reduced-Round CubeHash
Recent developments in the field of cryptanalysis of hash functions
has inspired NIST to announce a competition for selecting a new cryptographic hash function to join the SHA family of standards. One of the 14 second-round candidates is CubeHash designed by Daniel J. Bernstein. CubeHash is a unique hash function in the sense that it does not iterate a common compression function, and offers a structure which resembles a sponge function, even though it is not exactly a sponge function. In this paper we analyze reduced-round variants of CubeHash where the adversary controls the full 1024-bit input to reduced-round CubeHash and can observe its full output. We show that linear approximations with high biases exist in reduced-round variants. For example, we present an 11-round
linear approximation with bias of 2^{−235}, which allows distinguishing 11-round CubeHash using about 2^{470} queries. We also discuss the extension of this distinguisher to 12 rounds using message modification techniques. Finally, we present a linear distinguisher for 14-round CubeHash which uses
about 2^{812} queries
Enhancing the Security Level of SHA-1 by Replacing the MD Paradigm
Cryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-0, SHA-1 and RIPEMD-160 are built on Merkle-Damgard iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions and their underlying Merkle-Damgard construction. In this paper we propose a hash function which follows design principle of SHA-1 and is based on dither construction. Its compression function takes three inputs and generates a single output of 160-bit length. An extra input to a compression function is generated through a fast pseudo-random function. Dither construction shows strong resistance against major generic and other cryptanalytic attacks. The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail. It is exhaustedly compared with SHA-1 because hash functions from SHA-2 and SHA-3 are of higher bit length and known to be more secure than SHA-1. It is shown that the proposed hash function has high sensitivity to an input message and is secure against different cryptanalytic attacks