1,365 research outputs found
Whirlwind: a new cryptographic hash function
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6
09031 Abstracts Collection -- Symmetric Cryptography
From 11.01.09 to 16.01.09, the Seminar 09031 in
``Symmetric Cryptography \u27\u27 was held
in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
MOIM: a novel design of cryptographic hash function
A hash function usually has two main components: a compression function or
permutation function and mode of operation. In this paper, we propose a new concrete
novel design of a permutation based hash functions called MOIM. MOIM is based on
concatenating two parallel fast wide pipe constructions as a mode of operation designed
by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state
is significantly larger than the size of the output. And the permutations functions used
in MOIM are inspired from the SHA-3 finalist Grรธstl hash function which is originally
inspired from Rijndael design (AES). As a consequence there is a very strong confusion
and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and
Joux attack in two defense security levels
๊ณต์ฉ์ค์ธ ์ฝํฌ๋ฆฌํธ ๊ต๋์ ์ฑ๋ฅํ๊ฐ ๋ฐฉ๋ฒ ํ๋น์ฑ ๋ถ์
ํ์๋
ผ๋ฌธ (์์ฌ)-- ์์ธ๋ํ๊ต ๋ํ์ : ๊ณต๊ณผ๋ํ ๊ฑด์คํ๊ฒฝ๊ณตํ๋ถ, 2019. 2. ์กฐ์ฌ์ด.ํ๊ตญ์ ๊ฒฝ์ ๊ฐ ๋ฐ์ ํจ์ ๋ฐ๋ผ 80๋
๋ ์ค๋ฐ๋ถํฐ ๊ต๋ ๊ฑด์ค์ด ๊ธ๊ฒฉํ ์ฆ๊ฐํ์๋ค. ํนํ ์ฝํฌ๋ฆฌํธ ๊ต๋์ด ๊ทธ ๋๋ถ๋ถ์ ์ฐจ์งํ๊ธฐ ๋๋ฌธ์ ํ์ฌ ๊ณต์ฉ ์ค์ธ ์ฝํฌ๋ฆฌํธ ๊ต๋์ ์ ํํ ์ฑ๋ฅํ๊ฐ์ ๋ํ ์๊ตฌ๊ฐ ์ฆ๊ฐํ๊ณ ์๋ค. ํนํ ๋
ธํ๋ ์ฝํฌ๋ฆฌํธ ๊ต๋์ ๊ฒฝ์ฐ, ์ผํ๋ฌผ ์นจํฌ, ํ์ฐํ ๋ฑ์ผ๋ก ์ธํ ์ฒ ๊ทผ ๋ถ์ ๋ฑ ๋์ ๋ณด์ด์ง ์๋ ์ดํ๊ฐ ์งํ๋๊ธฐ ๋๋ฌธ์ ์ด๋ฌํ ์ํ์ ์์ ์ฑ์ ํ๊ฐ, ์์ธกํ๊ธฐ ์ํ ๊ธฐ์ ๊ฐ๋ฐ์ด ์๊ตฌ๋๊ณ ์๋ค.
์์ค๋ฌผ ์์ ๋ฐ ์ ์ง๊ด๋ฆฌ์ ๊ดํ ํน๋ณ๋ฒ์ด 1995๋
์ ์ ์ ๋๋ฉฐ ์์ค๋ฌผ์ ๋ํ ์์ ์ ๊ฒ, ์ง๋จ ๋ฑ์ด ์๋ฌดํ๋์๊ณ , ์ง๊ธ๊น์ง ์ 1์ข
, ์ 2์ข
์์ค๋ฌผ์ ๋ํด ์ฃผ๊ธฐ์ ์ผ๋ก ํ๊ฐ๋ฅผ ํ๊ณ ์๋ค. ์์ค๋ฌผ์ ์์ ์ ๊ฒ ๋ฐ ์ง๋จ์ ์์ค๋ฌผ ์์ ๋ฐ ์ ์ง๊ด๋ฆฌ ์ค์ ์ธ๋ถ์ง์นจ์ ๋ฐ๋ผ ์ํ๋๋ฉฐ ๊ต๋์ ์์ ์ ๊ฒ, ์ง๋จ ๋ํ ์ด ์ง์นจ์ ์ํด ์ํ๋๊ณ ์๋ค.
๊ทธ๋ฌ๋ ๋
ธํ ์์ค๋ฌผ์ ์ํ, ์์ ์ฑ์ ์ ํํ ํ๊ฐํ ์ ์๋์ง์ ๋ํ ๋ฌธ์ ๊ฐ ์ง์์ ์ผ๋ก ์ ๊ธฐ๋์ด ์๊ณ ์ด์ ๋ํ ์ฐ๊ตฌ๊ฐ ์งํ๋๊ณ ์๋ค. ์ฌ์ฉ ์ค ๊ต๋์ ๊ฒฝ์ ์ ์ฑ๋ฅํ๊ฐ๋ฅผ ์ํด ์ฑ๋ฅ์ค์ฌํ๊ฐ ์ง์นจ์ด ์ ์ค๋์ด 2018๋
๋ถํฐ ์ค์๋๊ณ ์์ผ๋ ์ด ๋ํ ๊ธฐ์กด์ ์ง์นจ๊ณผ ํ๊ฐํญ๋ชฉ, ๋ฐฉ๋ฒ ๋ฑ์์ ํฐ ์ฐจ์ด๋ฅผ ๋ณด์ด์ง ์์ ์ด์ ๋ํ ๊ฒํ ๋ํ ํ์ํ ์ค์ ์ด๋ค.
๋ณธ ๋
ผ๋ฌธ์ ์ด๋ฌํ ์ฐ๊ตฌ์ ์ผํ์ผ๋ก ํ ์ฝํฌ๋ฆฌํธ ๊ต๋์ ์ฑ๋ฅ์ ํ๊ฐํ๋ ๊ธฐ์ค์ ํ๋น์ฑ์ ๋ถ์ํ๋ ๋ฐ ๋ชฉ์ ์ ๋๊ณ ์๋ค. ์ด๋ฅผ ์ํด ์ฝํฌ๋ฆฌํธ ๊ต๋์ ์ฑ๋ฅํ๊ฐ๋ฅผ ์ํด ๊ตญ๋ด์ธ์์ ์ค์ฉํ๊ณ ์๋ ์ง์นจ์ ๋ถ์ํ์๋ค. ํ๊ตญ์ ์์ค๋ฌผ ์์ ๋ฐ ์ ์ง๊ด๋ฆฌ ์ค์ ์ธ๋ถ์ง์นจ, ๋ฏธ๊ตญ American Association of State Highway and Transportation Officials(AASHTO)์ AASHTO The Manual for Bridge Evaluation, American Concrete Institute(ACI)์ ๊ธฐ์ค์ธ Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (ACI 562-16), ์๊ตญ์ BD 21/01 The Assessment of Highway Bridges and Structures ๋ฑ์ ๊ฒํ ํ์๋ค. ์ถ๊ฐ๋ก ํํ ๊ธฐ์ค์ผ๋ก ์ฌ์ฉ๋๊ณ ์์ง ์์ผ๋ ํ๊ตญ๋๋ก๊ณต์ฌ์์ ๊ฐ๋ฐํ ์ ๋ขฐ๋๊ธฐ๋ฐ ๋ดํ๋ ฅํ๊ฐ ๊ธฐ์ค์ธ ์ ๋ขฐ๋๊ธฐ๋ฐ ๊ต๋ ์์ ์ฑ ํ๊ฐ ์ง์นจ(์)์ ๋ด์ฉ์ ๊ฒํ ํ์๋ค.
๊ทธ ๊ฒฐ๊ณผ, ๊ตญ๋ด ๊ธฐ์ค๋ง ์ ์ผํ๊ฒ ํ์ ์ ๊ฒ ํญ๋ชฉ์ ๊ท์ ํ์ฌ ๋ชจ๋ ํญ๋ชฉ์ ๋ํด ๋ฑ๊ธ์ผ๋ก ํ๊ฐ๋ฅผ ํ๋๋ก ํ๋ฉฐ ๊ฐ ๋ถ์ฌ์ ๋ํด, ๊ต๋ ์ ์ฒด์ ๋ํ ์ํ์์ ๋ฑ๊ธ์ ์ฐ์ ํ๋๋ก ๊ท์ ํ๊ณ ์์์ ํ์ธํ์๋ค. ๋ํ ๋ดํ๋ ฅํ๊ฐ์ ๋ํด ๊ณผ๊ฑฐ ์ค๊ณ๊ธฐ์ค์ ๊ธฐ๋ฐํ์ฌ ๊ตญ์ธ ๊ธฐ์ค๋ณด๋ค ํฐ ํ์ค๊ณ์๋ฅผ ์ ์ฉํ๊ณ ์์์ผ๋ฉฐ ์ด์ ๋ฐ๋ผ ๊ต๋์ ๋ณด์์ ์ผ๋ก ํ๊ฐํ ๊ฒ์ผ๋ก ๋ถ์ํ์๋ค. ๊ตญ๋ด๊ธฐ์ค์์๋ง ์ ์ผํ๊ฒ ๊ต๋์ ์์ ์ฑ ํ๊ฐ๋ฅผ ์ํด ์ฐจ๋์ฌํ์ํ์ ๊ท์ ํ๊ณ ์๋ ์ ๋ํ ๋ฌธ์ ์ ์ผ๋ก ๋ถ์ํ์๋ค.
๋์ถํ ๋ฌธ์ ์ ์ ๋ํ ๊ฒ์ฆ์ ์ํด ์ค์ ์ฌ๋ก๋ฅผ ํตํด ๊ทธ ํ๋น์ฑ์ ๋ถ์ํ์๋ค. ์์ธ์ ๋ด ๊ต๋ ๋ฐ ๊ณ ๊ฐ๋๋ก์ ๋ํ ์์ ์ง๋จ ๋ณด๊ณ ์์ ๊ด๋ จ ์๋ฃ๋ฅผ ์์งํ์๊ณ ๊ฐ ์ฌ๋ก์ ๋ํด ์ดํด๋ณธ ๊ตญ๋ด์ธ ์ง์นจ์ ๋ฐ๋ผ ๋ดํ๋ ฅ ํ๊ฐ๋ฅผ ์ํํ์๋ค. ์ฐจ๋์ฌํ์ํ์ ๋ํ ๊ฒํ ๋ฅผ ์ํด ํ ์ฌ๋ก ๊ต๋์ ๋ํด ์คํ์ ์ํํ์๋ค. ๋ํ ์์งํ ๋ณด๊ณ ์ ๋ด ์ฌ๋ฃ์ํ ์ด๋ ฅ์ ๋ถ์ํ์๋ค. ๋ดํ๋ ฅ ํ๊ฐ ๊ฒฐ๊ณผ ํ ๊ตญ๋ด ์ง์นจ์ด ๊ต๋์ ๊ฐ์ฅ ๋ณด์์ ์ผ๋ก ํ๊ฐํ๋ ๊ฒ์ ํ์ธํ์๋ค. ๋ฐ๋ผ์ AASHTO, ํ๊ตญ๋๋ก๊ณต์ฌ ๋ฑ์ ์ ๋ขฐ๋ ๊ธฐ๋ฐ ๊ธฐ์ค์ ์ ์ฉํ๋ ๊ฒ์ด ๋ฐ๋์งํ ๊ฒ์ด๋ค. ์ฐจ๋์ฌํ์ํ ๊ฒฐ๊ณผ๋ฅผ ๋ถ์ํ ๊ฒฐ๊ณผ, ๊ต๋์ ๊ฐ์ฑ๋ณํ๋ฅผ ์ฐจ๋์ฌํ์ํ์ ํตํด ์ผ๊ด๋๊ฒ ํ๊ฐํ ์ ์์์ ํ์ธํ์๋ค. ์ฌ๋ฃ์ํ์ ๊ฒฝ์ฐ, ์ด๋ ฅ ๋ถ์์ ํตํด ํ ์ง์นจ์ ์ํด ๋น ์ผ๊ด๋ ํ๊ฐ๊ฐ ๋์ถ๋จ์ ํ์ธํ์๊ณ ์ด์ ๋ํ ๊ฐ์ ๋ฐฉ์์ ์ ์ํ์๋ค.
ํ์ ์ฐ๊ตฌ์์ ๋ณธ ๋
ผ๋ฌธ์์ ๋์ถํ ๋ฌธ์ ์ ์ ๋ํด ์คํ์ ์ผ๋ก ๊ฒ์ฆํ์ฌ ํ ๊ตญ๋ด ์ฝํฌ๋ฆฌํธ ๊ต๋ ์ฑ๋ฅํ๊ฐ ์ง์นจ์ ๊ฐ์ ํ ์ ์์ ๊ฒ์ผ๋ก ๊ธฐ๋๋๋ค.With economic growth, bridge constructions have been increased since the middle of the 1980s. Since the majority of bridges in Korea is concrete, especially, demand for the accurate performance assessment of an existing concrete bridge is increasing. For a deteriorated concrete bridge, deterioration, which are not seen on the exterior such as reinforcing steel corrosion caused by chloride attack or carbonation, is propagated. Accordingly, techniques to evaluate and predict such conditions and safety are required to be investigated.
As Special Act on the Control of Public Structures has been enacted in 1995, a safety inspection and an examination have been conducted for Class I and II establishments. An inspection or an examination for an existing bridge is performed according to Detailed Guidelines for Safety Control and Maintenance of Establishments
However, the question of whether it can evaluate an exact safety or condition or not has been brought out continuously. Accordingly, researches associated with the question have been carried out recently. As a result, A guideline for a performance-based assessment was investigated and has been adopted since 2018 for an economic evaluation of a bridge. Nonetheless, it is controversial in a respect that the inspection items and methods are not different as the pre-existing guideline specifies.
As part of the studies, the thesis has aimed to validate the performance assessment guideline for an existing concrete bridge. To achieve this, domestic and foreign guidelines for evaluating an existing concrete bridges were examinedthey were Detailed Guidelines for Safety Control and Maintenance of Establishments of KoreaThe Manual for Bridge Evaluation of American Association of State Highway and Transportation Officials (AASHTO)Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (ACI 562-16) of American Concrete Institute (ACI)and BD 21/01 The Assessment of Highway Bridges and Structures of United Kingdom. In addition, Reliability-Based Safety Assessment Guidelines of Expressway Bridges which was developed by Korea Expressway Corporation Research Institute (KECRI), though it has not been used as a current standard, was covered.
The study has identified that an inspection will be an inefficient task because only the domestic guideline specifies mandatory inspection items and the ways of rating each inspection results, rating in a component's level, and in a structural level. The thesis has also shown that the load rating method of the domestic guideline adopts load factors which are based on the design code of the past, and larger than the ones foreign guideline adopting. Accordingly, it has been analyzed that the guideline will evaluate a bridge conservatively. Moreover, a diagnostic load test has been pointed out as one of the problems.
Validity analyses were conducted on actual cases. Inspection reports and relevant documents of bridges and flyovers in Seoul were collected. For each case, load rating was conducted according to every guideline examined in the study. The diagnostic load test was conducted on one of the cases. In addition, records of material test results are investigated. The investigation of load rating has shown that the domestic guideline evaluates the safety of a bridge in the most conservative way. Accordingly, it is desirable to adopt a reliability-based evaluation guideline such as AASHTO and KECRI developed. Analyzing the diagnostic test results, the study has found that the stiffness change of a structure may not be evaluated through the test. The examination of material test has confirmed that inconsistencies have been presented through the current inspections, and the study has suggested improvements for the problems.
In the further research, it is expected that the current performance assessment guideline will be improved by experimental verification of the problems presented in the thesis.1 Introduction 1
1.1 Research Background 1
1.1.1 Performance Assessment in South Korea 2
1.1.2 Limitations on Performance Assessment in South Korea 9
1.1.3 Preceded Researches on Materials Deterioration Model 12
1.2 Research Objectives and Scopes 15
2 Guidelines for Assessment of Existing Concrete Bridges 17
2.1 Detailed Guidelines for Safety Control and Maintenance of Establishments (2018, Korea) 17
2.1.1 On-Site Inspection and Material Test 18
2.1.2 Load Rating 24
2.2 AASHTO The Manual for Bridge Evaluation (2013, US) 28
2.2.1 Load Rating 28
2.2.2 Relevant FHWA Guidelines 37
2.3 ACI 562-16: Code Requirements for Assessment, Repair, and Rehabilitation of Existing Concrete Structures (2016, US) 41
2.4 BD 21/01: The Assessment of Highway Bridges and Structures (2001, UK) 42
2.5 Reliability-Based Safety Assessment Guidelines of Expressway Bridges (2013, Korea) 43
2.6 Summary 47
3 Verification of Performance Assessment by Case Studies 50
3.1 Verification of Load Ratings 52
3.1.1 Load Rating Methods 52
3.1.2 Diagnostic Load Test and Load Carrying Capacity 57
3.2 Verification of Material Tests 62
3.2.1 Rebound Hammer Test 62
3.2.2 Carbonation Depth Measurement 67
4 Conclusions 71
Appendix A Load Rating Computation Examples 73Maste
How to Improve Rebound Attacks
Rebound attacks are a state-of-the-art analysis method for hash functions. These cryptanalysis methods are based on a well chosen differential path and have been applied to several hash functions from the SHA-3 competition, providing the best known analysis in these cases. In this paper we study rebound attacks in detail and find for a large number of cases that the complexities of existing attacks can be improved.
This is done by identifying problems that optimally adapt to the cryptanalytic situation, and by using better algorithms to find solutions for the differential path. Our improvements affect one particular operation that appears in most rebound attacks and
which is often the bottleneck of the attacks. This operation, which varies depending on the attack, can be roughly described as {\em merging} large lists. As a result, we introduce new general purpose algorithms for enabling further rebound analysis to be as performant as possible.
We illustrate our new algorithms on real hash functions.
More precisely, we demonstrate how to reduce the complexities of the best known analysis on four SHA-3 candidates: JH, Gr\o{}stl, ECHO and {\sc Lane} and on the best known rebound analysis on the SHA-3 candidate Luffa
Rebound attacks on stribog
Abstract. In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities 2 8 and 2 40 , respectively. Finally, the compression function is analyzed and a 7.75 round semi freestart collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 50 out of 64 bytes near colliding message pair
Cryptanalysis of Some AES-based Cryptographic Primitives
Current information security systems rely heavily on symmetric key cryptographic primitives
as one of their basic building blocks. In order to boost the efficiency of the security systems, designers
of the underlying primitives often tend to avoid the use of provably secure designs. In fact, they adopt
ad hoc designs with claimed security assumptions in the hope that they resist known cryptanalytic
attacks. Accordingly, the security evaluation of such primitives continually remains an open field. In
this thesis, we analyze the security of two cryptographic hash functions and one block cipher. We
primarily focus on the recent AES-based designs used in the new Russian Federation cryptographic
hashing and encryption suite GOST because the majority of our work was carried out during the open
research competition run by the Russian standardization body TC26 for the analysis of their new
cryptographic hash function Streebog. Although, there exist security proofs for the resistance of AES-
based primitives against standard differential and linear attacks, other cryptanalytic techniques such as
integral, rebound, and meet-in-the-middle attacks have proven to be effective. The results presented in
this thesis can be summarized as follows:
Initially, we analyze various security aspects of the Russian cryptographic hash function GOST
R 34.11-2012, also known as Streebog or Stribog. In particular, our work investigates five security
aspects of Streebog. Firstly, we present a collision analysis of the compression function and its in-
ternal cipher in the form of a series of modified rebound attacks. Secondly, we propose an integral
distinguisher for the 7- and 8-round compression function. Thirdly, we investigate the one wayness of Streebog with respect to two approaches of the meet-in-the-middle attack, where we present a
preimage analysis of the compression function and combine the results with a multicollision attack
to generate a preimage of the hash function output. Fourthly, we investigate Streebog in the context
of malicious hashing and by utilizing a carefully tailored differential path, we present a backdoored
version of the hash function where collisions can be generated with practical complexity. Lastly, we
propose a fault analysis attack which retrieves the inputs of the compression function and utilize it to
recover the secret key when Streebog is used in the keyed simple prefix and secret-IV MACs, HMAC,
or NMAC. All the presented results are on reduced round variants of the function except for our analysis
of the malicious version of Streebog and our fault analysis attack where both attacks cover the full
round hash function.
Next, we examine the preimage resistance of the AES-based Maelstrom-0 hash function which is
designed to be a lightweight alternative to the ISO standardized hash function Whirlpool. One of the
distinguishing features of the Maelstrom-0 design is the proposal of a new chaining construction called
3CM which is based on the 3C/3C+ family. In our analysis, we employ a 4-stage approach that uses
a modified technique to defeat the 3CM chaining construction and generates preimages of the 6-round
reduced Maelstrom-0 hash function.
Finally, we provide a key recovery attack on the new Russian encryption standard GOST R 34.12-
2015, also known as Kuznyechik. Although Kuznyechik adopts an AES-based design, it exhibits a
faster diffusion rate as it employs an optimal diffusion transformation. In our analysis, we propose
a meet-in-the-middle attack using the idea of efficient differential enumeration where we construct
a three round distinguisher and consequently are able to recover 16-bytes of the master key of the
reduced 5-round cipher. We also present partial sequence matching, by which we generate, store, and
match parts of the compared parameters while maintaining negligible probability of matching error,
thus the overall online time complexity of the attack is reduced
- โฆ