Showing papers on "Collision resistance published in 2018"

XMSS: eXtended Merkle Signature Scheme

Abstract: This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system. It follows existing descriptions in scientific literature. The note specifies the WOTS+ one-time signature scheme, a single-tree (XMSS) and a multi-tree variant (XMSS^MT) of XMSS. Both variants use WOTS+ as a main building block. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can withstand so far known attacks using quantum computers.

Multi-collision resistance: a paradigm for keyless hash functions

Abstract: We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications. Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols --- we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance. The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which may be of independent interest.

Post-quantum security of the sponge construction

Abstract: We investigate the post-quantum security of hash functions based on the sponge construction. A crucial property for hash functions in the post-quantum setting is the collapsing property (a strengthening of collision-resistance). We show that the sponge construction is collapsing (and in consequence quantum collision-resistant) under suitable assumptions about the underlying block function. In particular, if the block function is a random function or a (non-invertible) random permutation, the sponge construction is collapsing. We also give a quantum algorithm for finding collisions in an arbitrary function. For the sponge construction, the algorithm complexity asymptotically matches the complexity implied by collision resistance.

Grafting Trees: A Fault Attack Against the SPHINCS Framework

Abstract: Because they require no assumption besides the preimage or collision resistance of hash functions, hash-based signatures are a unique and very attractive class of post-quantum primitives. Among them, the schemes of the sphincs family are arguably the most practical stateless schemes, and can be implemented on embedded devices such as FPGAs or smart cards. This naturally raises the question of their resistance to implementation attacks.

Simple hash function using discrete-time quantum walks

Abstract: Hash functions play an essential role in many cryptographic applications such as digital signature, integrity authentication, and key derivation. Most of them are iteratively built based on the Merkle–Damgard (MD) structure. Unfortunately the traditional MD structure is suffering from various attacks, and thus the design of new hash functions is emerging. In this paper, inspired by quantum computation, we present a new hash function by introducing alternate single-qubit coin operators into discrete-time quantum walk. The present hash function is classical with classical input and output. The compressive function can be implemented by performing alternate single-qubit coin operators on the coin state controlled by a classical input binary message and then applying the global conditional shift operator on the position state and the coin state. The classical output hash value is generated by making amplification, truncation, and modular operation on the final probability distribution. Numerical simulation and performance comparison show that the present hash function has an excellent property of collision resistance and easier implementation than existing quantum-walk-based hash functions. It promotes more applications of quantum computation in the design of hash functions.

Classical Proofs for the Quantum Collapsing Property of Classical Hash Functions

Abstract: Hash functions are of fundamental importance in theoretical and in practical cryptography, and with the threat of quantum computers possibly emerging in the future, it is an urgent objective to understand the security of hash functions in the light of potential future quantum attacks. To this end, we reconsider the collapsing property of hash functions, as introduced by Unruh, which replaces the notion of collision resistance when considering quantum attacks. Our contribution is a formalism and a framework that offers significantly simpler proofs for the collapsing property of hash functions. With our framework, we can prove the collapsing property for hash domain extension constructions entirely by means of decomposing the iteration function into suitable elementary composition operations. In particular, given our framework, one can argue purely classically about the quantum-security of hash functions; this is in contrast to previous proofs which are in terms of sophisticated quantum-information-theoretic and quantum-algorithmic reasoning.

Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-Wayness.

Abstract: Since the celebrated work of Impagliazzo and Rudich (STOC 1989), a number of black-box impossibility results have been established. However, these works only ruled out classical black-box reductions among cryptographic primitives. Therefore it may be possible to overcome these impossibility results by using quantum reductions. To exclude such a possibility, we have to extend these impossibility results to the quantum setting. In this paper, we study black-box impossibility in the quantum setting.

Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions.

Abstract: The MD transform that underlies the MD and SHA families iterates a compression function h to get a hash function H. The question we ask is, what property X of h guarantees collision resistance (CR) of H? The classical answer is that X itself be CR. We show that weaker conditions X, in particular forms of what we call constrained-CR, suffice. This reduces demands on compression functions, to the benefit of security, and also, forensically, explains why collision-finding attacks on compression functions have not, historically, lead to immediate breaks of the corresponding hash functions. We obtain our results via a definitional framework called RS security, and a parameterized treatment of MD, that also serve to unify prior work and variants of the transform.

Sequential Hashing with Minimum Padding

Abstract: This article presents a sequential domain extension scheme with minimum padding for hashing using a compression function. The proposed domain extension scheme is free from the length extension property. The collision resistance of a hash function using the proposed domain extension is shown to be reduced to the collision resistance and the everywhere preimage resistance of the underlying compression function in the standard model, where the compression function is assumed to be chosen at random from a function family in some efficient way. Its indifferentiability from a random oracle up to the birthday bound is also shown on the assumption that the underlying compression function is a fixed-input-length random oracle or the Davies-Meyer mode of a block cipher chosen uniformly at random. The proposed domain extension is also applied to the sponge construction and the resultant hash function is shown to be indifferentiable from a random oracle up to the birthday bound in the ideal permutation model. The proposed domain extension scheme is expected to be useful for processing short messages.

Classical Proofs for the Quantum Collapsing Property of Classical Hash Functions.

Abstract: Hash functions are of fundamental importance in theoretical and in practical cryptography, and with the threat of quantum computers possibly emerging in the future, it is an urgent objective to understand the security of hash functions in the light of potential future quantum attacks. To this end, we reconsider the collapsing property of hash functions, as introduced by Unruh, which replaces the notion of collision resistance when considering quantum attacks. Our contribution is a formalism and a framework that offers significantly simpler proofs for the collapsing property of hash functions. With our framework, we can prove the collapsing property for hash domain extension constructions entirely by means of decomposing the iteration function into suitable elementary composition operations. In particular, given our framework, one can argue purely classically about the quantum-security of hash functions; this is in contrast to previous proofs which are in terms of sophisticated quantum-information-theoretic and quantum-algorithmic reasoning.

Design and implementation of robust Keyed Hash functions based on Chaotic Neural Network

Abstract: Due to the important properties of Chaos and Neural Networks, such as non-linearity, confusion, diffusion, one-way and parallel implementation, nowadays, Keyed Chaotic Neural Network (KCNN) is used to design new cryptographic hash functions. These hash functions are used to provide message integrity, authentication and digital signature. In our thesis, we designed and implemented two structures of KCNN: the first one is based on Merkle-Damgard construction and the second one is based on Sponge function, used by the standards SHA-2 and SHA-3, respectively. For the first structure, we proposed two architectures, each includes three output schemes namely: Matyas-Meyer-Oseas (MMO), Modified Matyas-Meyer-Oseas (MMMO) and Miyaguchi-Preneel (MP). The first architecture is based on two-layer neural network and the second one is based on one layer neural network followed by a combination of nonlinear functions. For these two proposed architectures, the length of hash value is 256 bits. For the second structure, we also proposed two similar architectures as structure 1, with length of hash value equal to 256 and 512 bits, respectively. The theoretical analysis and the obtained experimental performances demonstrate the robustness and efficiency of our proposed structures in terms of Collision Resistance, Message Sensitivity, Key Sensitivity, Diffusion effect, Hash throughput and Immunity against many attacks compared to other proposed CNN hash functions in the literature as well as the standard SHA-2.

Short Digital Signatures and ID-KEMs via Truncation Collision Resistance

Abstract: Truncation collision resistance is a simple non-interactive complexity assumption that seems very plausible for standard cryptographic hash functions like SHA-3. We describe how this assumption can be leveraged to obtain standard-model constructions of public-key cryptosystems that previously seemed to require a programmable random oracle. This includes the first constructions of identity-based key encapsulation mechanisms (ID-KEMs) and digital signatures over bilinear groups with full adaptive security and without random oracles, where a ciphertext or signature consists of only a single element of a prime-order group. We also describe a generic construction of ID-KEMs with full adaptive security from a scheme with very weak security (“selective and non-adaptive chosen-ID security”), and a similar generic construction for digital signatures.

Design Patterns which Facilitate Message Digest Collision Attacks on Blockchains.

Abstract: Message digest algorithms are one of the underlying building blocks of blockchain platforms such as Ethereum. This paper analyses situations in which the message digest collision resistance property can be exploited by attackers. Two mitigations for possible attacks are described: longer message digest sizes make attacks more difficult; and, including timeliness properties limits the amount of time an attacker has to determine a hash collision.

A Formula That Generates Hash Collisions

Abstract: We present an explicit formula that produces hash collisions for the Merkle-Damg{\aa}rd construction. The formula works for arbitrary choice of message block and irrespective of the standardized constants used in hash functions, although some padding schemes may cause the formula to fail. This formula bears no obvious practical implications because at least one of any pair of colliding messages will have length double exponential in the security parameter. However, due to ambiguity in existing definitions of collision resistance, this formula arguably breaks the collision resistance of some hash functions.

Implementation and Analysis of TL-SMD Cryptographic Hash Algorithm

Abstract: With an advent of technological innovative tools and technology, Data security has become a major challenge in today’s world The solution to this challenge comes out in the way of Cryptographic hash function which is used in various security applications It is a one-way hash function which is designed to provide data security One-way hash functions are those hash functions which cannot be reverted back ie we cannot find the input or the actual message bits using the hexadecimal output value TL-SMD is a cryptographic hash function having two layers of encryption This paper is an extension to the TL-SMD work, here the algorithm is implemented using MATLAB and results are analysed and discusses on various steps for the further improvement in data security

Method for Detecting and Preventing an Attack

Abstract: This application is for a way of detecting a hash collision attack by having two hash functions for the same file, one with weak collision resistance, and a second one with strong collision resistance. It works by generating a first hash value for an entity with weak collision resistance and storing the hash value to a database, 200, 202. The hash value is also sent to a server to be stored in a database of known hash value pairs 204. When the client computer detects a request for the entity with an object that has a first and second hash value 206, it first checks that the first hash values match 208. If they do it accepts the object and sends the data to a server for a validity check 210. It then receives the result of that validity check, and if the second hash values do not match takes further actions as it has detected a collision attempt 212.

An Improved Hash Function Based on the Tillich-Zémor Hash Function

Abstract: Using the idea behind the Tillich-Zemor hash function, we propose a new hash function Our hash function is parallelizable and its collision resistance is implied by a hardness assumption on a mathematical problem Also, it is secure against the known attacks It is the most secure variant of the Tillich-Zemor hash function until now