3 research outputs found
On hashing with tweakable ciphers
Cryptographic hash functions are often built on block ciphers in order to reduce the security analysis of the hash to that of the cipher, and to minimize the hardware size. Well known hash constructs are used in international standards like MD5 and SHA-1. Recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such functions on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a provably secure mode of operation with a provably secure tweakable cipher does not guarantee the security of the constructed hash function. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers
Improved cryptanalysis of skein
The hash function Skein is the submission of Ferguson et
al. to the NIST Hash Competition, and is arguably a serious candidate
for selection as SHA-3. This paper presents the rst third-party analysis
of Skein, with an extensive study of its main component: the block
cipher Three sh. We notably investigate near collisions, distinguishers,
impossible di erentials, key recovery using related-key di erential and
boomerang attacks. In particular, we present near collisions on up to 17
rounds, an impossible di erential on 21 rounds, a related-key boomerang
distinguisher on 34 rounds, a known-related-key boomerang distinguisher
on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in
total for Threefish-512. None of our attacks directly extends to the full
Skein hash. However, the pseudorandomness of Threefish is required to
validate the security proofs on Skein, and our results conclude that at
least 3
On Hashing with Tweakable Ciphers
Cryptographic hash functions are often built on block ciphers in order to reduce the security analysis of the hash to that of the cipher, and to minimize the hardware size. Well known hash constructs are used in international standards like MD5 and SHA-1. Recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such functions on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a provably secure mode of operation with a provably secure tweakable cipher does not guarantee the security of the constructed hash function. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers