Bad Directions in Cryptographic Hash Functions

A 25-gigabyte "point obfuscation" challenge "using security parameter 60" was announced at the Crypto 2015 rump session; "point obfuscation" is another name for password hashing. This paper shows that the particular matrix-multiplication hash function used in the challenge is much less secure than previous password-hashing functions are believed to be. This paper's attack algorithm broke the challenge in just 19 minutes using a cluster of 21 PCs. Keywords: symmetric cryptography, hash functions, password hashing, point obfuscation, matrix multiplication, meet-in-the-middle attacks, meet-in-many-middles attack

Bad directions in cryptographic hash functions

A 25-gigabyte point obfuscation challenge using security parameter 60 was announced at the Crypto 2015 rump session; point obfuscation is another name for password hashing. This paper shows that the particular matrix-multiplication hash function used in the challenge is much less secure than previous password-hashing functions are believed to be. This paper's attack algorithm broke the challenge in just 19 minutes using a cluster of 21 PCs. Keywords: symmetric cryptography, hash functions, password hashing, point obfuscation, matrix multiplication, meet-in-the-middle attacks, meet-in-many-middles attack

Cryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data

We provide a new framework of cryptographic agents that unifies various modern ``cryptographic objects\u27\u27 --- identity-based encryption, fully-homomorphic encryption, functional encryption, and various forms of obfuscation -- similar to how the Universal Composition framework unifies various multi-party computation tasks like commitment, coin-tossing and zero-knowledge proofs. These cryptographic objects can all be cleanly modeled as ``schemata\u27\u27 in our framework. Highlights of our framework include the following: - We use a new `indistinguishability preserving\u27 (INDPRE) definition of security that interpolates indistinguishability and simulation style definitions, which (often) sidesteps the known impossibilities for the latter. INDPRE-security is parameterized by the choice of the ``test\u27\u27 family, such that by choosing different test families, one can obtain different levels of security for the same primitive (including various standard definitions in the literature). - We present a notion of `reduction\u27 from one schema to another and a powerful `composition theorem\u27 with respect to INDPRE security. We show that obfuscation is a ``complete\u27\u27 schema under this notion, under standard cryptographic assumptions. We also provide a stricter notion of reduction that composes even when security is only with respect to certain restricted test families of importance. - Last but not the least, our framework can be used to model abstractions like the generic group model and the random oracle model, letting one translate a general class of constructions in these heuristic models to constructions based on `standard model assumptions\u27. We also illustrate how our framework can be applied to specific primitives like obfuscation and functional encryption. We relate our definitions to existing definitions and also give new constructions and reductions between different primitives