4,485 research outputs found
A Generic attack on CubeHash, a SHA-3 candidate
A secure cryptographic hashing function should be resistant to three different scenarios: First, a cryptographic hashing function must be preimage resistant, that is, it should be infeasible for an attacker to construct a message such that it produces a known hash output value. Second, a cryptographic hashing function must be second preimage resistant, or it should be infeasible for an attacker to construct a message such that it has the same hash output value as another known message. Third, a cryptographic hashing function must be collision resistant, which means that it should be infeasible for an attacker to find any two different messages such that their hash output values are the same. The current Secure Hash Algorithm (SHA) family, namely SHA-1 and SHA-2, were designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST). Recent advances in cryptanalysis of hash functions have led to concerns about the collision resistance in the SHA family. To address these concerns, NIST has opened a public worldwide competition known as the SHA-3 competition to find the new hash function, which will become SHA-3. Each candidate hash function is scrutinized by the public, and candidates with found weaknesses are dropped from advancing to the next rounds of the competition. The goal is that the strongest hash function will emerge at the end of the competition, and this hash function will be free for everyone to use. This thesis implemented a generic attack against the collision resistance of small variants of one candidate in the SHA-3 competition, CubeHash. A unique hash-chaining approach was used to find the collisions, and the parallelization of several FPGAs lead to parallelization measurements and analysis to see if a linear speedup could be obtained
Efficient hardware implementations of high throughput SHA-3 candidates keccak, luffa and blue midnight wish for single- and multi-message hashing
In November 2007 NIST announced that it would organize the SHA-3 competition to select a new cryptographic hash function family by 2012. In the selection process, hardware performances of the candidates will play an important role. Our analysis of previously proposed hardware implementations shows that three SHA-3 candidate algorithms can provide superior performance in hardware: Keccak, Luffa and Blue Midnight Wish (BMW). In this paper, we provide efficient and fast hardware implementations of these three algorithms. Considering both single- and multi-message hashing applications with an emphasis on both speed and efficiency, our work presents more comprehensive analysis of their hardware performances by providing different performance figures for different target devices. To our best knowledge, this is the first work that provides a comparative analysis of SHA-3 candidates in multi-message applications. We discover that BMW algorithm can provide much higher throughput than previously reported if used in multi-message hashing. We also show that better utilization of resources can increase speed via different configurations. We implement our designs using Verilog HDL, and map to both ASIC and FPGA devices (Spartan3, Virtex2, and Virtex 4) to give a better comparison with those in the literature. We report total area, maximum frequency, maximum throughput and throughput/area of the designs for all target devices. Given that the selection process for SHA3 is still open; our results will be instrumental to evaluate the hardware performance of the candidates
Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
We investigate the cost of Grover's quantum search algorithm when used in the
context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions.
Our cost model assumes that the attack is run on a surface code based
fault-tolerant quantum computer. Our estimates rely on a time-area metric that
costs the number of logical qubits times the depth of the circuit in units of
surface code cycles. As a surface code cycle involves a significant classical
processing stage, our cost estimates allow for crude, but direct, comparisons
of classical and quantum algorithms.
We exhibit a circuit for a pre-image attack on SHA-256 that is approximately
surface code cycles deep and requires approximately
logical qubits. This yields an overall cost of
logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is
approximately surface code cycles deep and requires approximately
logical qubits for a total cost of, again,
logical-qubit-cycles. Both attacks require on the order of queries in
a quantum black-box model, hence our results suggest that executing these
attacks may be as much as billion times more expensive than one would
expect from the simple query analysis.Comment: Same as the published version to appear in the Selected Areas of
Cryptography (SAC) 2016. Comments are welcome
Efficient computation of hashes
The sequential computation of hashes at the core of many distributed storage systems and found, for example, in grid services can hinder efficiency in service quality and even pose security challenges that can only be addressed by the use of parallel hash tree modes. The main contributions of this paper are, first, the identification of several efficiency and security challenges posed by the use of sequential hash computation based on the Merkle-Damgard engine. In addition, alternatives for the parallel computation of hash trees are discussed, and a prototype for a new parallel implementation of the Keccak function, the SHA-3 winner, is introduced
Computational and Energy Costs of Cryptographic Algorithms on Handheld Devices
Networks are evolving toward a ubiquitous model in which heterogeneous
devices are interconnected. Cryptographic algorithms are required for developing security
solutions that protect network activity. However, the computational and energy limitations
of network devices jeopardize the actual implementation of such mechanisms. In this
paper, we perform a wide analysis on the expenses of launching symmetric and asymmetric
cryptographic algorithms, hash chain functions, elliptic curves cryptography and pairing
based cryptography on personal agendas, and compare them with the costs of basic operating
system functions. Results show that although cryptographic power costs are high and such
operations shall be restricted in time, they are not the main limiting factor of the autonomy
of a device
- …