3 research outputs found
Bad Directions in Cryptographic Hash Functions
A 25-gigabyte "point obfuscation" challenge "using security parameter 60" was announced at the Crypto 2015 rump session; "point obfuscation" is another name for password hashing. This paper shows that the particular matrix-multiplication hash function used in the challenge is much less secure than previous password-hashing functions are believed to be. This paper's attack algorithm broke the challenge in just 19 minutes using a cluster of 21 PCs. Keywords: symmetric cryptography, hash functions, password hashing, point obfuscation, matrix multiplication, meet-in-the-middle attacks, meet-in-many-middles attack
Bad directions in cryptographic hash functions
A 25-gigabyte point obfuscation challenge using security parameter 60 was announced at the Crypto 2015 rump session; point obfuscation is another name for password hashing. This paper shows that the particular matrix-multiplication hash function used in the challenge is much less secure than previous password-hashing functions are believed to be. This paper's attack algorithm broke the challenge in just 19 minutes using a cluster of 21 PCs.
Keywords: symmetric cryptography, hash functions, password hashing, point obfuscation, matrix multiplication, meet-in-the-middle attacks, meet-in-many-middles attack
Cryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data
We provide a new framework of cryptographic agents that unifies
various modern ``cryptographic objects\u27\u27 --- identity-based encryption,
fully-homomorphic encryption, functional encryption, and various forms of
obfuscation -- similar to how the Universal Composition framework unifies
various multi-party computation tasks like commitment, coin-tossing and
zero-knowledge proofs. These cryptographic objects can all be cleanly
modeled as ``schemata\u27\u27 in our framework.
Highlights of our framework include the following:
- We use a new `indistinguishability preserving\u27 (INDPRE)
definition of security that interpolates indistinguishability and simulation
style definitions, which (often) sidesteps the known impossibilities for the latter.
INDPRE-security is parameterized by the choice of the ``test\u27\u27 family, such
that by choosing different test families, one can obtain different levels of
security for the same primitive (including various standard definitions in
the literature).
- We present a notion of `reduction\u27 from one schema to another and
a powerful `composition theorem\u27 with respect to INDPRE security. We
show that obfuscation is a ``complete\u27\u27 schema under this notion, under
standard cryptographic assumptions. We also provide a stricter notion of
reduction that composes even when security is only with
respect to certain restricted test families of importance.
- Last but not the least, our framework can be used to model
abstractions like the generic group model and the random oracle model,
letting one translate a general class of constructions in these heuristic
models to constructions based on `standard model assumptions\u27.
We also illustrate how our framework can be applied to specific primitives
like obfuscation and functional encryption. We relate our definitions to
existing definitions and also give new constructions and reductions between
different primitives