A new hash family obtained by modifying the SHA-2 family
10 Mar 2009-pp 353-363
TL;DR: The general idea of "multiple feed-forward" for the construction of cryptographic hash functions is introduced, which can provide increased resistance to the Chabaud-Joux type "perturbation-correction" collision attacks.
Abstract: In this work, we study several properties of the SHA-2 design which have been utilized in recent collision attacks against reduced round SHA-2. Small modifications to the SHA-2 design are suggested to thwart these attacks. The modified round function provides the same resistance to linearization attacks as the original SHA-2 round function, but, provides better resistance to non-linear attacks. Our next contribution is to introduce the general idea of "multiple feed-forward" for the construction of cryptographic hash functions. This can provide increased resistance to the Chabaud-Joux type "perturbation-correction" collision attacks. The idea of feed-forward is taken further by introducing the idea of feed-forward across message blocks leading to resistance against generic multi-collision attacks. The net effect of the suggested changes to the SHA-2 design has insignificant impact on the efficiency of computing the digest.
Citations
More filters
Book•
01 Jan 2007
TL;DR: A Secure Virtual Execution Environment for Untrusted Code and Security-Preserving Asymmetric Protocol Encapsulation are studied.
Abstract: Cryptanalysis - I.- Cryptanalysis of a Hash Function Proposed at ICISC 2006.- Cryptanalysis of Reduced Versions of the HIGHT Block Cipher from CHES 2006.- A Cryptanalysis of the Double-Round Quadratic Cryptosystem.- A Lightweight Privacy Preserving Authentication and Access Control Scheme for Ubiquitous Computing Environment.- Establishing RBAC-Based Secure Interoperability in Decentralized Multi-domain Environments.- Handling Dynamic Information Release.- Cryptanalysis - II.- Improving the Time Complexity of Matsui's Linear Cryptanalysis.- On Large Distributions for Linear Cryptanalysis.- Passive Attacks on a Class of Authentication Protocols for RFID.- Side Channel Attacks on Irregularly Decimated Generators.- Asynchronous Pseudo Physical Memory Snapshot and Forensics on Paravirtualized VMM Using Split Kernel Module.- Filesystem Activity Following a SSH Compromise: An Empirical Study of File Sequences.- A Secure Virtual Execution Environment for Untrusted Code.- Liveness Detection of Fingerprint Based on Band-Selective Fourier Spectrum.- Improving Upon the TET Mode of Operation.- Hash Functions - I.- New Local Collisions for the SHA-2 Hash Family.- Multi-collision Attack on the Compression Functions of MD4 and 3-Pass HAVAL.- Differential Cryptanalysis of T-Function Based Stream Cipher TSC-4.- New Results on Impossible Differential Cryptanalysis of Reduced AES.- A Note About the Traceability Properties of Linear Codes.- Power Analysis Attacks on MDPL and DRSL Implementations.- Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier.- Generalized MMM-Algorithm Secure Against SPA, DPA, and RPA.- Pairing-Friendly Elliptic Curves with Small Security Loss by Cheon's Algorithm.- Hash Functions - II.- Analysis of Multivariate Hash Functions.- Colliding Message Pair for 53-Step HAS-160.- Weaknesses in the HAS-V Compression Function.- Security-Preserving Asymmetric Protocol Encapsulation.
49 citations
TL;DR: To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.
Abstract: In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.
9 citations
01 Jan 2010
TL;DR: This paper presents the implementation of a stand alone system that can be implemented on any legacy systems, and still operates effectively, and is self sufficient in terms of the data that it stores.
Abstract: This paper presents the implementation of a secure application for an academic institution that offers numerous services to both students and the faculty. The primary focus of this paper is to provide a technical implementation of a new architecture for encrypting the database. The scope of this paper mainly includes but is not limited to symmetric and public-key cryptography, authentication, key management, and digital signatures. The final results of this paper demonstrate that what security features one should implement in order to achieve a highly secured application. This paper presents the implementation of a stand alone system that can be implemented on any legacy systems, and still operates effectively. In other words, it is self sufficient in terms of the data that it stores .
3 citations
Cites methods from "A new hash family obtained by modif..."
...This crypto card would be used to encrypt/decrypt files on the server....
[...]
01 Jun 2017
TL;DR: This paper presents an Encryption/Decryption application of messages on both java and Android phones and the method of encryption of message is AES (Advance Encryption System) where the same key that was used to encrypt is used to decrypt.
Abstract: Encryption is process of turning a plaintext to jargon or the method of changing confidential file to jargon in order prevent unauthorized persons to gain access to confidential message. Message is the transfer of information from the sender to the receiver through a particular medium. Encryption is the most effective process for achieving data security. The process of Encryption hides the contents of a message in a way that the original information is recovered only through a decryption process. This paper presents an Encryption/Decryption application of messages on both java and Android phones. The method of encryption of message in this paper is AES (Advance Encryption System) where the same key that is used to encrypt is used to decrypt. The Encryption key is entered into the mobile phone text field by the user. The same encryption key is also used to decrypt the encrypted binary file.
3 citations
TL;DR: This analysis explains in a unified way the recent attacks against reduced round SHA-2 in a general class of local collisions and shows that the previously used local collision by Nikolić and Biryukov and Sanadhya and Sarkar are special cases.
Abstract: We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolic and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1
3 citations
References
More filters
Book•
14 Feb 2002
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
Abstract: 1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.
3,444 citations
14 Aug 2005
TL;DR: This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations.
Abstract: In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.
1,600 citations
"A new hash family obtained by modif..." refers methods in this paper
...A New Hash Family Obtained by Modifying the SHA-2 Family Somitra Kumar Sanadhya Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, Kolkata, India 700108. somitra_r@isical.ac.in Palash Sarkar Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, Kolkata, India…...
[...]
15 Aug 2004
TL;DR: It is shown that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, even for extremely large values of r, and it is proved that concatenating the results of several iterated hash functions in order to build a larger one does not yield a secure construction.
Abstract: In this paper, we study the existence of multicollisions in iterated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm of r. Then, using large multicollisions as a tool, we solve a long standing open problem and prove that concatenating the results of several iterated hash functions in order to build a larger one does not yield a secure construction. We also discuss the potential impact of our attack on several published schemes. Quite surprisingly, for subtle reasons, the schemes we study happen to be immune to our attack.
451 citations
Journal Article•
TL;DR: In this paper, the authors presented a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers and obtained a theoretical attack on the compression function SHA-O with complexity 2 61, which is thus better than the birthday paradox attack.
Abstract: In this paper we present a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers. Using this method, we obtain a theoretical attack on the compression function SHA-O with complexity 2 61 , which is thus better than the birthday paradox attack. In the case of SHA-1, this method is unable to find collisions faster than the birthday paradox. This is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
267 citations
Journal Article•
TL;DR: In this article, the security of SHA-256, SHA-384 and SHA-512 against collision attacks was studied. But the authors concluded that neither Chabaud and Joux's attack, nor Dobbertin-style attacks also don't apply on the underlying structure.
Abstract: This paper studies the security of SHA-256, SHA-384 and SHA-512 against collision attacks and provides some insight into the security properties of the basic building blocks of the structure. It is concluded that neither Chabaud and Joux's attack, nor Dobbertin-style attacks apply. Differential and linear attacks also don't apply on the underlying structure. However we show that slightly simplified versions of the hash functions are surprisingly weak : whenever symmetric constants and initialization values are used throughout the computations, and modular additions are replaced by exclusive or operations, symmetric messages hash to symmetric digests. Therefore the complexity of collision search on these modified hash functions potentially becomes as low as one wishes.
226 citations