Whirlwind: a new cryptographic hash function

A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6

09031 Abstracts Collection -- Symmetric Cryptography

From 11.01.09 to 16.01.09, the Seminar 09031 in ``Symmetric Cryptography \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

MOIM: a novel design of cryptographic hash function

A hash function usually has two main components: a compression function or permutation function and mode of operation. In this paper, we propose a new concrete novel design of a permutation based hash functions called MOIM. MOIM is based on concatenating two parallel fast wide pipe constructions as a mode of operation designed by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state is significantly larger than the size of the output. And the permutations functions used in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally inspired from Rijndael design (AES). As a consequence there is a very strong confusion and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and Joux attack in two defense security levels

공용중인 콘크리트 교량의 성능평가 방법 타당성 분석

학위논문 (석사)-- 서울대학교 대학원 : 공과대학 건설환경공학부, 2019. 2. 조재열.한국의 경제가 발전함에 따라 80년대 중반부터 교량 건설이 급격히 증가하였다. 특히 콘크리트 교량이 그 대부분을 차지하기 때문에 현재 공용 중인 콘크리트 교량의 정확한 성능평가에 대한 요구가 증가하고 있다. 특히 노후된 콘크리트 교량의 경우, 염화물 침투, 탄산화 등으로 인한 철근 부식 등 눈에 보이지 않는 열화가 진행되기 때문에 이러한 상태와 안전성을 평가, 예측하기 위한 기술개발이 요구되고 있다. 시설물 안전 및 유지관리에 관한 특별법이 1995년에 제정되며 시설물에 대한 안전점검, 진단 등이 의무화되었고, 지금까지 제1종, 제2종 시설물에 대해 주기적으로 평가를 하고 있다. 시설물의 안전점검 및 진단은 시설물 안전 및 유지관리 실시 세부지침에 따라 수행되며 교량의 안전점검, 진단 또한 이 지침에 의해 수행되고 있다. 그러나 노후 시설물의 상태, 안전성을 정확히 평가할 수 있는지에 대한 문제가 지속적으로 제기되어 왔고 이에 대한 연구가 진행되고 있다. 사용 중 교량의 경제적 성능평가를 위해 성능중심평가 지침이 신설되어 2018년부터 실시되고 있으나 이 또한 기존의 지침과 평가항목, 방법 등에서 큰 차이를 보이지 않아 이에 대한 검토 또한 필요한 실정이다. 본 논문은 이러한 연구의 일환으로 현 콘크리트 교량의 성능을 평가하는 기준의 타당성을 분석하는 데 목적을 두고 있다. 이를 위해 콘크리트 교량의 성능평가를 위해 국내외에서 실용하고 있는 지침을 분석하였다. 한국의 시설물 안전 및 유지관리 실시 세부지침, 미국 American Association of State Highway and Transportation Officials(AASHTO)의 AASHTO The Manual for Bridge Evaluation, American Concrete Institute(ACI)의 기준인 Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (ACI 562-16), 영국의 BD 21/01 The Assessment of Highway Bridges and Structures 등을 검토하였다. 추가로 현행 기준으로 사용되고 있지 않으나 한국도로공사에서 개발한 신뢰도기반 내하력평가 기준인 신뢰도기반 교량 안전성 평가 지침(안)의 내용을 검토하였다. 그 결과, 국내 기준만 유일하게 필수 점검 항목을 규정하여 모든 항목에 대해 등급으로 평가를 하도록 하며 각 부재에 대해, 교량 전체에 대한 상태안전등급을 산정하도록 규정하고 있음을 확인하였다. 또한 내하력평가에 대해 과거 설계기준에 기반하여 국외 기준보다 큰 하중계수를 적용하고 있었으며 이에 따라 교량을 보수적으로 평가할 것으로 분석하였다. 국내기준에서만 유일하게 교량의 안전성 평가를 위해 차량재하시험을 규정하고 있는 점 또한 문제점으로 분석하였다. 도출한 문제점에 대한 검증을 위해 실제 사례를 통해 그 타당성을 분석하였다. 서울시 내 교량 및 고가도로에 대한 안전진단 보고서와 관련 자료를 수집하였고 각 사례에 대해 살펴본 국내외 지침에 따라 내하력 평가를 수행하였다. 차량재하시험에 대한 검토를 위해 한 사례 교량에 대해 실험을 수행하였다. 또한 수집한 보고서 내 재료시험 이력을 분석하였다. 내하력 평가 결과 현 국내 지침이 교량을 가장 보수적으로 평가하는 것을 확인하였다. 따라서 AASHTO, 한국도로공사 등의 신뢰도 기반 기준을 적용하는 것이 바람직할 것이다. 차량재하시험 결과를 분석한 결과, 교량의 강성변화를 차량재하시험을 통해 일관되게 평가할 수 없음을 확인하였다. 재료시험의 경우, 이력 분석을 통해 현 지침에 의해 비 일관된 평가가 도출됨을 확인하였고 이에 대한 개선방안을 제시하였다. 후속 연구에서 본 논문에서 도출한 문제점에 대해 실험적으로 검증하여 현 국내 콘크리트 교량 성능평가 지침을 개선할 수 있을 것으로 기대된다.With economic growth, bridge constructions have been increased since the middle of the 1980s. Since the majority of bridges in Korea is concrete, especially, demand for the accurate performance assessment of an existing concrete bridge is increasing. For a deteriorated concrete bridge, deterioration, which are not seen on the exterior such as reinforcing steel corrosion caused by chloride attack or carbonation, is propagated. Accordingly, techniques to evaluate and predict such conditions and safety are required to be investigated. As Special Act on the Control of Public Structures has been enacted in 1995, a safety inspection and an examination have been conducted for Class I and II establishments. An inspection or an examination for an existing bridge is performed according to Detailed Guidelines for Safety Control and Maintenance of Establishments However, the question of whether it can evaluate an exact safety or condition or not has been brought out continuously. Accordingly, researches associated with the question have been carried out recently. As a result, A guideline for a performance-based assessment was investigated and has been adopted since 2018 for an economic evaluation of a bridge. Nonetheless, it is controversial in a respect that the inspection items and methods are not different as the pre-existing guideline specifies. As part of the studies, the thesis has aimed to validate the performance assessment guideline for an existing concrete bridge. To achieve this, domestic and foreign guidelines for evaluating an existing concrete bridges were examinedthey were Detailed Guidelines for Safety Control and Maintenance of Establishments of KoreaThe Manual for Bridge Evaluation of American Association of State Highway and Transportation Officials (AASHTO)Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (ACI 562-16) of American Concrete Institute (ACI)and BD 21/01 The Assessment of Highway Bridges and Structures of United Kingdom. In addition, Reliability-Based Safety Assessment Guidelines of Expressway Bridges which was developed by Korea Expressway Corporation Research Institute (KECRI), though it has not been used as a current standard, was covered. The study has identified that an inspection will be an inefficient task because only the domestic guideline specifies mandatory inspection items and the ways of rating each inspection results, rating in a component's level, and in a structural level. The thesis has also shown that the load rating method of the domestic guideline adopts load factors which are based on the design code of the past, and larger than the ones foreign guideline adopting. Accordingly, it has been analyzed that the guideline will evaluate a bridge conservatively. Moreover, a diagnostic load test has been pointed out as one of the problems. Validity analyses were conducted on actual cases. Inspection reports and relevant documents of bridges and flyovers in Seoul were collected. For each case, load rating was conducted according to every guideline examined in the study. The diagnostic load test was conducted on one of the cases. In addition, records of material test results are investigated. The investigation of load rating has shown that the domestic guideline evaluates the safety of a bridge in the most conservative way. Accordingly, it is desirable to adopt a reliability-based evaluation guideline such as AASHTO and KECRI developed. Analyzing the diagnostic test results, the study has found that the stiffness change of a structure may not be evaluated through the test. The examination of material test has confirmed that inconsistencies have been presented through the current inspections, and the study has suggested improvements for the problems. In the further research, it is expected that the current performance assessment guideline will be improved by experimental verification of the problems presented in the thesis.1 Introduction 1 1.1 Research Background 1 1.1.1 Performance Assessment in South Korea 2 1.1.2 Limitations on Performance Assessment in South Korea 9 1.1.3 Preceded Researches on Materials Deterioration Model 12 1.2 Research Objectives and Scopes 15 2 Guidelines for Assessment of Existing Concrete Bridges 17 2.1 Detailed Guidelines for Safety Control and Maintenance of Establishments (2018, Korea) 17 2.1.1 On-Site Inspection and Material Test 18 2.1.2 Load Rating 24 2.2 AASHTO The Manual for Bridge Evaluation (2013, US) 28 2.2.1 Load Rating 28 2.2.2 Relevant FHWA Guidelines 37 2.3 ACI 562-16: Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (2016, US) 41 2.4 BD 21/01: The Assessment of Highway Bridges and Structures (2001, UK) 42 2.5 Reliability-Based Safety Assessment Guidelines of Expressway Bridges (2013, Korea) 43 2.6 Summary 47 3 Verification of Performance Assessment by Case Studies 50 3.1 Verification of Load Ratings 52 3.1.1 Load Rating Methods 52 3.1.2 Diagnostic Load Test and Load Carrying Capacity 57 3.2 Verification of Material Tests 62 3.2.1 Rebound Hammer Test 62 3.2.2 Carbonation Depth Measurement 67 4 Conclusions 71 Appendix A Load Rating Computation Examples 73Maste

How to Improve Rebound Attacks

Rebound attacks are a state-of-the-art analysis method for hash functions. These cryptanalysis methods are based on a well chosen differential path and have been applied to several hash functions from the SHA-3 competition, providing the best known analysis in these cases. In this paper we study rebound attacks in detail and find for a large number of cases that the complexities of existing attacks can be improved. This is done by identifying problems that optimally adapt to the cryptanalytic situation, and by using better algorithms to find solutions for the differential path. Our improvements affect one particular operation that appears in most rebound attacks and which is often the bottleneck of the attacks. This operation, which varies depending on the attack, can be roughly described as {\em merging} large lists. As a result, we introduce new general purpose algorithms for enabling further rebound analysis to be as performant as possible. We illustrate our new algorithms on real hash functions. More precisely, we demonstrate how to reduce the complexities of the best known analysis on four SHA-3 candidates: JH, Gr\o{}stl, ECHO and {\sc Lane} and on the best known rebound analysis on the SHA-3 candidate Luffa

Rebound attacks on stribog

Abstract. In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities 2 8 and 2 40 , respectively. Finally, the compression function is analyzed and a 7.75 round semi freestart collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 50 out of 64 bytes near colliding message pair

Cryptanalysis of Some AES-based Cryptographic Primitives

Current information security systems rely heavily on symmetric key cryptographic primitives as one of their basic building blocks. In order to boost the efficiency of the security systems, designers of the underlying primitives often tend to avoid the use of provably secure designs. In fact, they adopt ad hoc designs with claimed security assumptions in the hope that they resist known cryptanalytic attacks. Accordingly, the security evaluation of such primitives continually remains an open field. In this thesis, we analyze the security of two cryptographic hash functions and one block cipher. We primarily focus on the recent AES-based designs used in the new Russian Federation cryptographic hashing and encryption suite GOST because the majority of our work was carried out during the open research competition run by the Russian standardization body TC26 for the analysis of their new cryptographic hash function Streebog. Although, there exist security proofs for the resistance of AES- based primitives against standard differential and linear attacks, other cryptanalytic techniques such as integral, rebound, and meet-in-the-middle attacks have proven to be effective. The results presented in this thesis can be summarized as follows: Initially, we analyze various security aspects of the Russian cryptographic hash function GOST R 34.11-2012, also known as Streebog or Stribog. In particular, our work investigates five security aspects of Streebog. Firstly, we present a collision analysis of the compression function and its in- ternal cipher in the form of a series of modified rebound attacks. Secondly, we propose an integral distinguisher for the 7- and 8-round compression function. Thirdly, we investigate the one wayness of Streebog with respect to two approaches of the meet-in-the-middle attack, where we present a preimage analysis of the compression function and combine the results with a multicollision attack to generate a preimage of the hash function output. Fourthly, we investigate Streebog in the context of malicious hashing and by utilizing a carefully tailored differential path, we present a backdoored version of the hash function where collisions can be generated with practical complexity. Lastly, we propose a fault analysis attack which retrieves the inputs of the compression function and utilize it to recover the secret key when Streebog is used in the keyed simple prefix and secret-IV MACs, HMAC, or NMAC. All the presented results are on reduced round variants of the function except for our analysis of the malicious version of Streebog and our fault analysis attack where both attacks cover the full round hash function. Next, we examine the preimage resistance of the AES-based Maelstrom-0 hash function which is designed to be a lightweight alternative to the ISO standardized hash function Whirlpool. One of the distinguishing features of the Maelstrom-0 design is the proposal of a new chaining construction called 3CM which is based on the 3C/3C+ family. In our analysis, we employ a 4-stage approach that uses a modified technique to defeat the 3CM chaining construction and generates preimages of the 6-round reduced Maelstrom-0 hash function. Finally, we provide a key recovery attack on the new Russian encryption standard GOST R 34.12- 2015, also known as Kuznyechik. Although Kuznyechik adopts an AES-based design, it exhibits a faster diffusion rate as it employs an optimal diffusion transformation. In our analysis, we propose a meet-in-the-middle attack using the idea of efficient differential enumeration where we construct a three round distinguisher and consequently are able to recover 16-bytes of the master key of the reduced 5-round cipher. We also present partial sequence matching, by which we generate, store, and match parts of the compared parameters while maintaining negligible probability of matching error, thus the overall online time complexity of the attack is reduced