63 research outputs found
More Insights on Blockcipher-Based Hash Functions
In this paper we give more insights on the security of
blockcipher-based hash functions. We give a very simple criterion to
build a secure large class of Single-Block-Length (SBL) or double
call Double-Block-Length (DBL) compression functions based on blockciphers, where is the key length and is the block
length and is an integer.
This criterion is simpler than previous works in the literature.
Based on the criterion, we can get many results from this criterion,
and we can get a conclusion on such class of blockcipher-based hash
functions. We solved the open problem left by Hirose. Our results
show that to build a secure double call DBL compression function, it
is required where is the number of message blocks.
Thus, we can only build rate 1/2 secure double DBL blockcipher-based
compression functions if .
At last, we pointed out flaws in Stam\u27s theorem about
supercharged functions and gave a revision of this theorem and added
another condition for the security of supercharged compression
functions
A new One-time Password Method
AbstractOne-Time Passwords (OTP) can provide complete protection of the login-time authentication mechanism against replay attacks. In this paper, we propose TSOTP: a new effective simple OTP method that generates a unique passcode for each use. The calculation uses both time stamps and sequence numbers. A two-factor authentication prototype for mobile phones using this method has been developed and has been used in practice for a year
Improved Preimage Attack on One-block MD4
We propose an improved preimage attack on one-block MD4 with the
time complexity MD4 compression function operations, as
compared to in \cite{AokiS-sac08}. We research the attack
procedure in \cite{AokiS-sac08} and formulate the complexity for
computing a preimage attack on one-block MD4. We attain the result
mainly through the following two aspects with the help of the
complexity formula. First, we continue to compute two more steps
backward to get two more chaining values for comparison during the
meet-in-the-middle attack. Second, we search two more neutral words
in one independent chunk, and then propose the multi-neutral-word
partial-fixing technique to get more message freedom and skip ten
steps for partial-fixing, as compared to previous four steps. We
also use the initial structure technique and apply the same idea to
improve the pseudo-preimage and preimage attacks on Extended MD4
with and improvement factor, as compared to
previous attacks in \cite{SasakiA-acisp09}, respectively
Transposition of AES Key Schedule
In this paper, we point out a new weakness of the AES key schedule by revisiting an old observation exploited by many known attacks. We also discover a major cause for this weakness is that the column-by-column word-wise property in the key schedule matches nicely with the MixColumns operation in the cipher\u27s diffusion layer. Then we propose a new key schedule by minor modification to increase the security level for AES. First, it reduces the number of rounds that some attacks are effective, such as SQUARE attacks and meet-in-the-middle attacks; Second, it is interesting that our new key schedule also protects AES from the most devastating related-key differential type attacks, which work against AES-192 and AES-256 with the full number of rounds. Compared with the original key schedule, ours just does a transposition on the output matrix of the subkeys. Compared with other proposed modifications of AES key schedule, our modification adds no non-linear operations, no need to complicate the diffusion method, or complicate the iteration process of generating subkeys. Finally, our results suggest that the route of diffusion propagation should get more attention in the design of key schedules
Attacks On a Double Length Blockcipher-based Hash Proposal
In this paper we attack a -bit double length hash function
proposed by Lee et al. This proposal is a
blockcipher-based hash function with hash rate . The designers
claimed that it could achieve ideal collision resistance and gave a
security proof. However, we find a collision attack with complexity of
and a preimage attack with complexity of
. Our result shows this construction is much worse
than an ideal -bit hash function
Improvements for Finding Impossible Differentials of Block Cipher Structures
We improve Wu and Wangâs method for finding impossible differentials of block cipher structures. This improvement is more general than Wu and Wangâs method where it can find more impossible differentials with less time. We apply it on Gen-CAST256, Misty, Gen-Skipjack, Four-Cell, Gen-MARS, SMS4, MIBS, Camelliaâ, LBlock, E2, and SNAKE block ciphers. All impossible differentials discovered by the algorithm are the same as Wuâs method. Besides, for the 8-round MIBS block cipher, we find 4 new impossible differentials, which are not listed in Wu and Wangâs results. The experiment results show that the improved algorithm can not only find more impossible differentials, but also largely reduce the search time
Improved efficiency of Kiltz07-KEM
Kiltz proposed a practical key encapsulation mechanism(Kiltz07-KEM) which is secure
against adaptive chosen ciphertext attacks(IND-CCA2) under the gap hashed
Diffie-Hellman(GHDH) assumption\cite{Kiltz2007}. We show a variant of Kiltz07-KEM which
is more efficient than Kiltz07-KEM in encryption. The new scheme can be proved to be
IND-CCA2 secure under the same assumption, GHDH
A Unified Method for Finding Impossible Differentials of Block Cipher Structures
In this paper, we propose a systematic method for finding impossible
differentials for block cipher structures, better than the
-method introduced by Kim \textit{et al}~\cite{Kim03}.
It is referred as a unified impossible differential finding method
(UID-method). We apply the UID-method to some popular block ciphers
such as {\sf Gen-Skipjack}, {\sf Gen-CAST256}, {\sf Gen-MARS}, {\sf
Gen-RC6}, {\sf Four-Cell}, {\sf SMS4} and give the detailed
impossible differentials. By the UID-method, we find a 16-round
impossible differential on {\sf Gen-Skipjack} and a 19-round
impossible differential on {\sf Gen-CAST256}. Thus we disprove the
\textsl{Conjecture 2} proposed in
\textsl{Asiacrypt\u2700}~\cite{Sung00} and the theorem in
\textsl{FSE\u2709} rump session presentation~\cite{Pudovkina09}. On
{\sf Gen-MARS} and {\sf SMS4}, the impossible differentials find by
the UID-method are much longer than that found by the
-method. On the {\sf Four-Cell} block cipher, our
result is the same as the best result previously obtained by
case-by-case treatment
Secure Key-Alternating Feistel Ciphers Without Key Schedule
Light key schedule has found many applications in lightweight blockciphers, e.g. LED, PRINTcipher and LBlock. In this paper, we study an interesting question of how to design a as light as possible key schedule from the view of provable security and revisit the four-round key-alternating Feistel cipher by Guo and Wang in Asiacrypt 18. We optimize the construction by Guo and Wang and propose a four-round key-alternating Feistel cipher with an ultra-light (in fact non-existent) key schedule. We prove our construction retain the same security level as that of Guo and Wang\u27s construction. To the best of our knowledge, this is the first provably secure key-alternating Feistel cipher using identical round function and one n-bit master key but with ultra-light (non-existent) key schedule.
We also investigate whether the same refinement works for the three-round key-alternating Feistel cipher. This time we show a distinguishing attack on such three-round construction with only four encryption queries. On the positive side, we prove that three-round key-alternating Feistel cipher with a suitable key schedule is a pseudorandom permutation. This is also the first provable-security result for three-round key-alternating Feistel cipher
Impossible Differential Cryptanalysis of FOX
Block ciphers are the very foundation of computer and information
security. FOX, also known as IDEA NXT, is a family of block ciphers
published in 2004 and is famous for its provable security to
cryptanalysis. In this paper, we apply impossible differential
cryptanalysis on FOX cipher. We find a 4-round impossible
difference, by using which adversaries can attack 5, 6 and 7-round
FOX64 with , and one-round encryptions
respectively. Compared to the previous best attack with ,
and full-round encryptions to 5, 6 and
7-round FOX64, the method in this paper is the best attack to FOX
cipher. This attack can also be applied to 5-round FOX128 with
one-round encryptions
- âŠ