On the Complexity of the Herding Attack and Some Related Attacks on Hash Functions

In this paper, we analyze the complexity of the construction of the $2^k$-diamond structure proposed by Kelsey and Kohno. We point out a flaw in their analysis and show that their construction may not produce the desired diamond structure. We then give a more rigorous and detailed complexity analysis of the construction of a diamond structure. For this, we appeal to random graph theory (in particular, to the theory of random intersection graphs), which allows us to determine sharp necessary and sufficient conditions for the {\it message complexity} (i.e., the number of hash computations required to build the required structure). We also analyze the {\it computational complexity} for constructing a diamond structure, which has not been previously studied in the literature. Finally, we study the impact of our analysis on herding and other attacks that use the diamond structure as a subroutine. Precisely, our results shows the following: \begin{enumerate} \item The message complexity for the construction of a diamond structure is $\sqrt{k}$ times more than the amount previously stated in literature. \item The time complexity is $n$ times the message complexity, where $n$ is the size of hash value. \end{enumerate} Due to the above two results, the herding attack~\cite{KK06} and the second preimage attack~\cite{ABFHKSZ08} on iterated hash functions have increased complexity. We also show that the message complexity of herding and second preimage attacks on ``hash twice\u27\u27 is $n$ times the complexity claimed by~\cite{ABDK09}, by giving a more detailed analysis of the attack

k-Connectivity in Random Key Graphs with Unreliable Links

Random key graphs form a class of random intersection graphs and are naturally induced by the random key predistribution scheme of Eschenauer and Gligor for securing wireless sensor network (WSN) communications. Random key graphs have received much interest recently, owing in part to their wide applicability in various domains including recommender systems, social networks, secure sensor networks, clustering and classification analysis, and cryptanalysis to name a few. In this paper, we study connectivity properties of random key graphs in the presence of unreliable links. Unreliability of the edges are captured by independent Bernoulli random variables, rendering edges of the graph to be on or off independently from each other. The resulting model is an intersection of a random key graph and an Erdos-Renyi graph, and is expected to be useful in capturing various real-world networks; e.g., with secure WSN applications in mind, link unreliability can be attributed to harsh environmental conditions severely impairing transmissions. We present conditions on how to scale this model's parameters so that i) the minimum node degree in the graph is at least k, and ii) the graph is k-connected, both with high probability as the number of nodes becomes large. The results are given in the form of zeroone laws with critical thresholds identified and shown to coincide for both graph properties. These findings improve the previous results by Rybarczyk on the k-connectivity of random key graphs (with reliable links), as well as the zero-one laws by Yagan on the 1-connectivity of random key graphs with unreliable links.Comment: Published in IEEE Transactions on Information Theor

Generic Attacks on Hash Functions

The subject of this thesis is a security property of hash functions, called chosen-target forced-prefix preimage (CTFP) resistance and the generic attack on this property, called the herding attack. The study of CTFP resistance started when Kelsey-Kohno introduced a new data structure, called a diamond structure, in order to show the strength of a CTFP resistance property of a hash function. In this thesis, we concentrate on the complexity of the diamond structure and its application in the herding attack. We review the analysis done by Kelsey and Kohno and point out a subtle flaw in their analysis. We propose a correction of their analysis and based on our revised analysis, calculate the message complexity and the computational complexity of the generic attacks that are based on the diamond structure. As an application of the diamond structure on generic attacks, we propose a multiple herding attack on a special generalization of iterated hash functions, proposed by Nandi-Stinson