Book ChapterDOI
Biclique Cryptanalysis of Full Round AES-128 Based Hashing Modes
Donghoon Chang,Mohona Ghosh,Somitra Kumar Sanadhya +2 more
- pp 3-21
TLDR
The security analysis of hashing modes instantiated with AES-128 is revisited and the application of biclique technique to the domain of hash functions is extended and highlighted, highlighting the actual security margin provided by these constructions against second preimage attack.Abstract:
In this work, we revisit the security analysis of hashing modes instantiated with AES-128. We use biclique cryptanalysis as the basis for our evaluation. In Asiacrypt'11, Bogdanov et al. had proposed biclique technique for key recovery attacks on full AES-128. Further, they had shown application of this technique to find preimage for compression function instantiated with AES-128 with a complexity of $$2^{125.56}$$2125.56. However, this preimage attack on compression function cannot be directly converted to preimage attack on hash function. This is due to the fact that the initialization vector IV is a publically known constant in the hash function settings and the attacker is not allowed to change it, whereas the compression function attack using bicliques introduced differences in the chaining variable. We extend the application of biclique technique to the domain of hash functions and demonstrate second preimage attack on all 12 PGV modes.
The complexities of finding second preimages in our analysis differ based on the PGV construction chosen - the lowest being $$2^{126.3}$$2126.3 and the highest requiring $$2^{126.6}$$2126.6 compression function calls. We implement C programs to find the best biclique trails that guarantee the lowest time complexity possible and calculate the above mentioned values accordingly. Our security analysis requires only 2 message blocks and works on full 10 rounds of AES-128 for all 12 PGV modes. This improves upon the previous best result on AES-128 based hash functions by Sasaki at FSE'11 where the maximum number of rounds attacked is 7. Though our results do not significantly decrease the attack complexity factor as compared to brute force but they highlight the actual security margin provided by these constructions against second preimage attack.read more
Citations
More filters
Dissertation
Multi-operation data encryption mechanism using dynamic data blocking and randomized substitution
TL;DR: The Dynamic Data Blocking Mechanism has been proposed to provide the facility of dynamic sized data blocks and a Randomized Substitution Mechanism (RSM) has been suggested which can randomly modify session-keys and plaintext blocks and fulfill dynamicity and randomness properties as tested and validated under recommended statistical analysis with standard tool.
Journal Article
Problems and Progressive Cryptanalysis of Prominent Block Ciphers
TL;DR: The resultant discussion shows that encrypting the secret data with too many repeated encryption rounds with identical encryption operations is not as effective in enhancing the security of symmetric block cipher as it is usually believed.
Journal ArticleDOI
Randomized Substitution Method for Effectively Secure Block Ciphers in I.O.T Environment
TL;DR: Experimental results show that proposed RSM contains significant randomness properties which reflects the recommendations of NIST to be considered as a randomized substitution method.
Dissertation
Analysis of block cipher constructions against biclique and multiset attacks
TL;DR: This thesis proposes a new extension of biclique technique termed as Star based Bicliques and uses them to solve the problem of high data complexity usually associated with this technique and employs the above cryptanalytic methods to provide the best attacks on few standardized block ciphers.
Biclique cryptanalysis of full round PRESENT with reduced data complexity
TL;DR: Biclique attack is a kind of meet in the middle (MITM) attack that is improved for cryptanalysis block cipher to find the unknown secret key.
References
More filters
Book
The Design of Rijndael: AES - The Advanced Encryption Standard
Joan Daemen,Vincent Rijmen +1 more
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
BookDOI
The Design of Rijndael
Joan Daemen,Vincent Rijmen +1 more
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Book ChapterDOI
Biclique cryptanalysis of the full AES
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Journal Article
Hash Functions Based on Block Ciphers: A Synthetic Approach
TL;DR: In this paper, a general model for hash functions based on block ciphers is presented, where the size of the hashcode is equal to the block length of the block cipher and the key size is approximately equal to block length.
Journal Article
Grøstl – a SHA-3 candidate
Praveen Gauravaram,Lars R. Knudsen,Krystian Matusiewicz,Florian Mendel,Christian Rechberger,Martin Schläffer,Søren S. Thomsen +6 more
TL;DR: Grostl is a SHA-3 candidate proposal, an iterated hash function with a compression function built from two fixed, large, distinct permutations, which has the effect that all known, generic attacks on the hash function are made much more difficult.