The Collision Security of MDC-4

There are four somewhat classical double length block cipher based compression functions known: MDC-2, MDC-4, Abreast-DM, and Tandem-DM. They all have been developed over 20 years ago. In recent years, cryptographic research has put a focus on block cipher based hashing and found collision security results for three of them (MDC-2, Abreast-DM, Tandem-DM). In this paper, we add MDC-4, which is part of the IBM CLiC cryptographic module (FIPS 140-2 Security Policy for IBM CrytoLite in C, October 2003), to that list by showing that - \u27instantiated\u27 using an ideal block cipher with 128 bit key/plaintext/ciphertext size - no adversary asking less than $2^{74.76}$ queries can find a collision with probability greater than $1/2$. This is the first result on the collision security of the hash function MDC-4. The compression function MDC-4 is created by interconnecting two MDC-2 compression functions but only hashing one message block with them instead of two. The developers aim for MDC-4 was to offer a higher security margin, when compared to MEDC-2, but still being fast enough for practical purposes. The MDC-2 collision security proof of Steinberger (EUROCRYPT 2007) cannot be directly applied to MDC-4 due to the structural differences. Although sharing many commonalities, our proof for MDC-4 is much shorter and we claim that our presentation is also easier to grasp

On the Design of Secure and Fast Double Block Length Hash Functions

In this work the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of n-bit and a key length of 2n-bit, is reconsidered. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose uncovered flaws in the necessary conditions given by Satoh et al. and Hirose. Preimage and second preimage attacks are presented on Hirose's two examples which were left as an open problem. Therefore, although all the rate-1 hash functions in this general class are failed to be optimally (second) preimage resistant, the necessary conditions are refined for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the refined conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in the compression function has the key length is equal to the block length, while the other is doubled

RIES: Internet voting in action

RIES stands for Rijnland Internet Election System. It is an online voting system that was developed by one of the Dutch local authorities on water management. The system has been used twice in the fall of 2004 for in total approximately two million potential voters. In this paper we describe how this system works. Furthermore we do not only describe how the outcome of the elections can be verified but also how it has been verified by us. To conclude the paper we describe some possible points for improvement

Provably Secure Double-Block-Length Hash Functions in a Black-Box Model

In CRYPTO’89, Merkle presented three double-block-length hash functions based on DES. They are optimally collision resistant in a black-box model, that is, the time complexity of any collision-finding algorithm for them is Ω(2^<l/2>) if DES is a random block cipher, where l is the output length. Their drawback is that their rates are low. In this article, new double-block-length hash functions with higher rates are presented which are also optimally collision resistant in the blackbox model. They are composed of block ciphers whose key length is twice larger than their block length

Cryptanalysis of Some Double-Block-Length Hash Modes of Block Ciphers with nn-Bit Block and nn-Bit Key

In this paper, we make attacks on DBL (Double-Block-Length) hash modes of block ciphers with $n$-bit key and $n$-bit block. Our preimage attack on the hash function of MDC-4 scheme requires the time complexity $2^{3n/2}$, which is significantly improved compared to the previous results. Our collision attack on the hash function of MJH scheme has time complexity less than $2^{124}$ for $n = 128$. Our preimage attack on the compression function of MJH scheme find a preimage with time complexity of $2^n$. It is converted to a preimage attack on the hash function with time complexity of $2^{3n/2+2}$. Our preimage attack on the compression function of Mennink\u27s scheme find a preimage with time complexity of $2^{3n/2}$. It is converted to a preimage attack on the hash function with time complexity of $2^{7n/4+1}$. These attacks are helpful for understanding the security of the hash modes together with their security proofs

MOBILE DATA COLLECTOR FOR SECURE TIME SYNCHRONIZATION IN CLUSTERED WIRELESS SENSOR NETWORK

Secure time synchronization is a key requirement for many sophisticated application running on these networks. Most of the existing secure time synchronization protocols incur high communication and storage costs and are subject to a few known security attacks. In wireless sensor network (WSN), lifetime of the network is determined by the amount of energy consumption by the nodes. To improve the lifetime of the network, nodes are organized into clusters, in which the cluster head (CH) collects and aggregates the data. A special node called mobile data collector (MDC) is used to collect the data from the CH and transfer it to the base station (BS) By using proposed method MDC authenticated to CH by computing shared secret keys on the fly. Once the MDC and CH are authenticated, all the sensor nodes in the cluster are synchronized, time synchronization reduce the communication and storage requirements of each CH. Security analysis of this proposed system shows that it is highly robust against different attacks namely compromised CH, reply attack, message manipulation attack as well as pulse delay attack