A new hash family obtained by modifying the SHA-2 family
10 Mar 2009-pp 353-363
TL;DR: The general idea of "multiple feed-forward" for the construction of cryptographic hash functions is introduced, which can provide increased resistance to the Chabaud-Joux type "perturbation-correction" collision attacks.
Abstract: In this work, we study several properties of the SHA-2 design which have been utilized in recent collision attacks against reduced round SHA-2. Small modifications to the SHA-2 design are suggested to thwart these attacks. The modified round function provides the same resistance to linearization attacks as the original SHA-2 round function, but, provides better resistance to non-linear attacks. Our next contribution is to introduce the general idea of "multiple feed-forward" for the construction of cryptographic hash functions. This can provide increased resistance to the Chabaud-Joux type "perturbation-correction" collision attacks. The idea of feed-forward is taken further by introducing the idea of feed-forward across message blocks leading to resistance against generic multi-collision attacks. The net effect of the suggested changes to the SHA-2 design has insignificant impact on the efficiency of computing the digest.
Citations
More filters
Book•
01 Jan 2007
TL;DR: A Secure Virtual Execution Environment for Untrusted Code and Security-Preserving Asymmetric Protocol Encapsulation are studied.
Abstract: Cryptanalysis - I.- Cryptanalysis of a Hash Function Proposed at ICISC 2006.- Cryptanalysis of Reduced Versions of the HIGHT Block Cipher from CHES 2006.- A Cryptanalysis of the Double-Round Quadratic Cryptosystem.- A Lightweight Privacy Preserving Authentication and Access Control Scheme for Ubiquitous Computing Environment.- Establishing RBAC-Based Secure Interoperability in Decentralized Multi-domain Environments.- Handling Dynamic Information Release.- Cryptanalysis - II.- Improving the Time Complexity of Matsui's Linear Cryptanalysis.- On Large Distributions for Linear Cryptanalysis.- Passive Attacks on a Class of Authentication Protocols for RFID.- Side Channel Attacks on Irregularly Decimated Generators.- Asynchronous Pseudo Physical Memory Snapshot and Forensics on Paravirtualized VMM Using Split Kernel Module.- Filesystem Activity Following a SSH Compromise: An Empirical Study of File Sequences.- A Secure Virtual Execution Environment for Untrusted Code.- Liveness Detection of Fingerprint Based on Band-Selective Fourier Spectrum.- Improving Upon the TET Mode of Operation.- Hash Functions - I.- New Local Collisions for the SHA-2 Hash Family.- Multi-collision Attack on the Compression Functions of MD4 and 3-Pass HAVAL.- Differential Cryptanalysis of T-Function Based Stream Cipher TSC-4.- New Results on Impossible Differential Cryptanalysis of Reduced AES.- A Note About the Traceability Properties of Linear Codes.- Power Analysis Attacks on MDPL and DRSL Implementations.- Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier.- Generalized MMM-Algorithm Secure Against SPA, DPA, and RPA.- Pairing-Friendly Elliptic Curves with Small Security Loss by Cheon's Algorithm.- Hash Functions - II.- Analysis of Multivariate Hash Functions.- Colliding Message Pair for 53-Step HAS-160.- Weaknesses in the HAS-V Compression Function.- Security-Preserving Asymmetric Protocol Encapsulation.
49 citations
TL;DR: To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.
Abstract: In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.
9 citations
01 Jan 2010
TL;DR: This paper presents the implementation of a stand alone system that can be implemented on any legacy systems, and still operates effectively, and is self sufficient in terms of the data that it stores.
Abstract: This paper presents the implementation of a secure application for an academic institution that offers numerous services to both students and the faculty. The primary focus of this paper is to provide a technical implementation of a new architecture for encrypting the database. The scope of this paper mainly includes but is not limited to symmetric and public-key cryptography, authentication, key management, and digital signatures. The final results of this paper demonstrate that what security features one should implement in order to achieve a highly secured application. This paper presents the implementation of a stand alone system that can be implemented on any legacy systems, and still operates effectively. In other words, it is self sufficient in terms of the data that it stores .
3 citations
Cites methods from "A new hash family obtained by modif..."
...This crypto card would be used to encrypt/decrypt files on the server....
[...]
01 Jun 2017
TL;DR: This paper presents an Encryption/Decryption application of messages on both java and Android phones and the method of encryption of message is AES (Advance Encryption System) where the same key that was used to encrypt is used to decrypt.
Abstract: Encryption is process of turning a plaintext to jargon or the method of changing confidential file to jargon in order prevent unauthorized persons to gain access to confidential message. Message is the transfer of information from the sender to the receiver through a particular medium. Encryption is the most effective process for achieving data security. The process of Encryption hides the contents of a message in a way that the original information is recovered only through a decryption process. This paper presents an Encryption/Decryption application of messages on both java and Android phones. The method of encryption of message in this paper is AES (Advance Encryption System) where the same key that is used to encrypt is used to decrypt. The Encryption key is entered into the mobile phone text field by the user. The same encryption key is also used to decrypt the encrypted binary file.
3 citations
TL;DR: This analysis explains in a unified way the recent attacks against reduced round SHA-2 in a general class of local collisions and shows that the previously used local collision by Nikolić and Biryukov and Sanadhya and Sarkar are special cases.
Abstract: We perform a combinatorial analysis of the SHA-2 compression function. This analysis explains in a unified way the recent attacks against reduced round SHA-2. We start with a general class of local collisions and show that the previously used local collision by Nikolic and Biryukov (NB) and Sanadhya and Sarkar (SS) are special cases. The study also clarifies several advantages of the SS local collision over the NB local collision. Deterministic constructions of up to 22-round SHA-2 collisions are described using the SS local collision and up to 21-round SHA-2 collisions are described using the NB local collision. For 23 and 24-round SHA-2, we describe a general strategy and then apply the SS local collision to this strategy. The resulting attacks are faster than those proposed by Indesteege et al using the NB local collision. We provide colliding message pairs for 22, 23 and 24-round SHA-2. Although these attacks improve upon the existing reduced round SHA-256 attacks, they do not threaten the security of the full SHA-2 family.1
3 citations
References
More filters
04 Dec 2005
TL;DR: This paper reconsiders the established Merkle-Damgard design principle for iterated hash functions and shows that increasing w quantifiably improves security against certain attacks, even if the compression function fails to be collision resistant.
Abstract: This paper reconsiders the established Merkle-Damgard design principle for iterated hash functions. The internal state size w of an iterated n-bit hash function is treated as a security parameter of its own right. In a formal model, we show that increasing w quantifiably improves security against certain attacks, even if the compression function fails to be collision resistant. We propose the wide-pipe hash, internally using a w-bit compression function, and the double-pipe hash, with w=2n and an n-bit compression function used twice in parallel.
201 citations
14 Aug 2003
TL;DR: It is shown that slightly simplified versions of the hash functions are surprisingly weak : whenever symmetric constants and initialization values are used throughout the computations, and modular additions are replaced by exclusive or operations, symmetric messages hash to symmetric digests.
Abstract: This paper studies the security of SHA-256, SHA-384 and SHA-512 against collision attacks and provides some insight into the security properties of the basic building blocks of the structure. It is concluded that neither Chabaud and Joux’s attack, nor Dobbertin-style attacks apply. Differential and linear attacks also don’t apply on the underlying structure. However we show that slightly simplified versions of the hash functions are surprisingly weak : whenever symmetric constants and initialization values are used throughout the computations, and modular additions are replaced by exclusive or operations, symmetric messages hash to symmetric digests. Therefore the complexity of collision search on these modified hash functions potentially becomes as low as one wishes.
200 citations
"A new hash family obtained by modif..." refers background in this paper
...Categories and Subject Descriptors E.3 [Data Encryption]: Standards SHA-2 hash family General Terms Algorithms, Security Keywords Cryptanalysis, SHA-2 hash family, reduced round attacks 1....
[...]
23 Aug 1998
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
Abstract: In this paper we present a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers. Using this method, we obtain a theoretical attack on the compression function SHA-0 with complexity 261, which is thus better than the birthday paradox attack. In the case of SHA-1, this method is unable to find collisions faster than the birthday paradox. This is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
185 citations
"A new hash family obtained by modif..." refers methods in this paper
...Following the attacks on SHA-0 [ 1 ] and SHA-1 [20], the attention of the cryptanalysis community has been directed to the SHA-2 family....
[...]
...The idea of perturbation-correction from [ 1 ] is used to obtain a local collision....
[...]
...4. The technique of perturbation-correction [ 1 ] is used to build the attacks....
[...]
Journal Article•
TL;DR: In this paper, the authors analyzed the security of SHA-256 against fast collision search and showed that the low probability of a single local collision may give rise to a false sense of security.
Abstract: This is the first article analyzing the security of SHA-256 against fast collision search which considers the recent attacks by Wang et al We show the limits of applying techniques known so far to SHA-256 Next we introduce a new type of perturbation vector which circumvents the identified limits This new technique is then applied to the unmodified SHA-256 Exploiting the combination of Boolean functions and modular addition together with the newly developed technique allows us to derive collision-producing characteristics for step-reduced SHA-256, which was not possible before Although our results do not threaten the security of SHA-256, we show that the low probability of a single local collision may give rise to a false sense of security
76 citations
14 Dec 2008
TL;DR: In this article, the authors presented new and improved attacks against 22, 23 and 24-step SHA-2 family using a local collision given by Sanadhya and Sarkar (SS) at ACISP '08.
Abstract: In this work, we provide new and improved attacks against 22, 23 and 24-step SHA-2 family using a local collision given by Sanadhya and Sarkar (SS) at ACISP '08. The success probability of our 22-step attack is 1 for both SHA-256 and SHA-512. The computational efforts for the 23-step and 24-step SHA-256 attacks are respectively 211.5 and 228.5 calls to the corresponding step reduced SHA-256. The corresponding values for the 23 and 24-step SHA-512 attack are respectively 216.5 and 232.5 calls. Using a look-up table having 232 (resp. 264) entries the computational effort for finding 24-step SHA-256 (resp. SHA-512) collisions can be reduced to 215.5 (resp. 222.5) calls. We exhibit colliding message pairs for 22, 23 and 24-step SHA-256 and SHA-512. This is the first time that a colliding message pair for 24-step SHA-512 is provided. The previous work on 23 and 24-step SHA-2 attacks is due to Indesteege et al. and utilizes the local collision presented by Nikolic and Biryukov (NB) at FSE '08. The reported computational efforts are 218 and 228.5 for 23 and 24-step SHA-256 respectively and 243.9 and 253 for 23 and 24-step SHA-512. The previous 23 and 24-step attacks first constructed a pseudo-collision and later converted it into a collision for the reduced round SHA-2 family. We show that this two step procedure is unnecessary. Although these attacks improve upon the existing reduced round SHA-2 attacks, they do not threaten the security of the full SHA-2 family.
66 citations