Concurso NIST. Análisis del concurso (2007-2012)

El objetivo de este proyecto es dar a conocer el concurso SHA-3, concurso que ha transcurrido durante los últimos años y que ha promovido el Instituto Nacional de Estándares y Tecnología, también conocido como NIST, con el objetivo de encontrar el nuevo algoritmo criptográfico de función resumen SHA-3 que se utilizará de estándar de aquí en adelante. Con este fin se ha realizado un estudio sobre criptografía en general y sobre algunos de los algoritmos criptográficos de función resumen existentes hasta el momento, además de un análisis detallado del concurso, de sus fases y de sus finalistas. Además se ha hecho un breve resumen de los problemas existentes en la actualidad referentes a seguridad y de los escándalos concernientes a ello de todos los tiempos en la sociedad norteamericana.Ingeniería Técnica en Informática de Gestió

Estudo e implementação do algoritmo de resumo criptográfico SHA-3

Monografia (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2013.A segurança computacional como campo fortemente estudado precisa sofrer mudanças constantemente, sempre buscando novas soluções e descobertas. As funções de resumo criptográfico não são diferentes nesse aspecto, sendo alvo de estudo e tentativas de quebras. No entanto, muitas aplicações dependem do uso dessas funções de resumo, pois são essenciais para provar a integridade de mensagens. Várias das funções utilizadas como funções de resumo sofreram quebras, como MD5 e SHA-1, sobrando assim apenas a família de algoritmos SHA-2. Sendo essa a única função sem vulnerabilidades graves conhecidas, passa a ser fortemente estudada e alvo de tentativas de quebras. Com sua estrutura sendo questionada e estudada, apontou que o uso prolongado desse algoritmo deve ser cauteloso. Para isso o NIST promoveu um concurso para eleger outro algoritmo e trazer mais uma alternativa confiável de implementação de funções de resumo. Após 5 anos de concurso, a proposta vencedora Keccak passou a ser o novo padrão SHA-3. Esse algoritmo faz uso do paradigma esponja, composto por duas fases de processamento. A primeira delas divide a mensagem em blocos e os absorve em estados internos. Esses estados são originados a partir de um estado sendo inicializado com zeros e, em seguida, passa a ser iterado com rodadas que possuem cinco mapeamentos, que fazem a difusão e a distribuição dos elementos nos estados. Depois de finalizados, a função passa para a fase de esmagamento, que por sua vez intercala a aplicação das funções de mapeamento até que se tenha o número de bits que atende o tamanho da saída no nível de segurança escolhido. Esse trabalho faz um estudo do algoritmo e objetiva construir uma versão didática da implementação que corresponde ao Keccak. Essa versão é construída focando no entendimento de aspectos conceituais. Para isso, se buscará relacionar suas definições com elementos práticos são responsáveis por seu funcionamento, seguindo os modelos propostos pela literatura.As a thoroughly studied topic, computer security must change frequently, searching for new soluctions and discoveries. Hash functions are no different in this regard, being a target of advanced study and attack attempts, since several different applications rely on them for security. Verifying the integrity of messages is perhaps the essential application of hash functions. Many of the functions used as cryptographic hash functions suffered sucessful attacks, as in the case of MD5 and SHA-1, remaining only the SHA-2 family of algorithms as a viable option. However, being the only viable option is not healthy from a security point of view due to the concentrated attacks and the similarities between the SHA-2 and SHA-1 structures. This way, NIST advised against long-term use of the algorithm and promoted a challenge to elect the new standard, bringing a reliable alternative for the implementation of cryptographic hash functions. After five years, the winning proposal Keccak became the SHA-3 standard. This algorithm follows the sponge paradigm, being composed of two processing phases. The first phase splits the message in different blocks and absorbs theses blocks in internal states. These states are originated from the iteration of a zero state with a round function composed of five different mappings, responsible for performing the diffusion and disper- sion of the blocks in the states. After the absorbing phase, the squeenzing phase beings, extracting information with round functions until the desired output bits are produced at a chosen security level. This work studies the Keccak hash function and presents a didactic implementation. By focusing on understanding the conceptual aspects, one can relate them to the definition elements and pratical functioning of the model proposed in the literature

Collision Attack on GRINDAHL

Hash functions have been among the most scrutinized cryptographic primitives in the previous decade, mainly due to the cryptanalysis breakthroughs on MD-SHA family and the NIST SHA3 competition that followed. GRINDAHL is a hash function proposed at FSE 2007 that inspired several SHA3 candidates. One of its particularities is that it follows the RIJNDAEL design strategy, with an efficiency comparable to SHA2. This paper provides the first cryptanalytic work on this scheme and we show that the 256-bit version of GRINDAHL is not collision resistant. Our attack uses byte-level truncated differentials and leverages a counterintuitive method (reaching an internal state where all bytes are active) in order to ease the construction of good differential paths. Then, by a careful utilization of the freedom degrees inserted every round, and with a work effort of approximatively $2^{112}$ hash computations, an attacker can generate a collision for the full 256-bit version of GRINDAHL

Lynx: Family of Lightweight Authenticated Encryption Schemes based on Tweakable Blockcipher

The widespread deployment of low-power and handheld devices opens an opportunity to design lightweight authenticated encryption schemes. The schemes so proposed must also prove their resilience under various security notions. Romulus-N1 is an authenticated encryption scheme with associated data based on a tweakable blockcipher, a primary variant of Romulus-N family which is NIST (National Institute of Standards and Technology) lightweight cryptography competition finalist; provides beyond birthday bound security for integrity security in nonce respecting scenario but fails to provide the integrity security in nonce misuse and RUP (release of unverified plaintext) scenarios. In this paper, we propose lynx, a family with $14$ members of 1-pass and rate-1 lightweight authenticated encryption schemes with associated data based on a tweakable blockcipher, that provides birthday bound security for integrity security in both nonce respecting as well as nonce misuse and RUP scenarios and birthday bound security for privacy in nonce respecting scenario. For creating such a family of schemes we propose a family of function $\mathcal{F}$ that provides a total of $72$ cases out of which we show that only $14$ of them can be used for creating authenticated encryption schemes. We provide the implementation of one of the members of lynx family on six different hardware platforms and compare it with Romulus-N1. The comparison clearly shows that the lynx member outperforms Romulus-N1 on all the six platforms