DOCSLIB.ORG

An Overview of Public Key Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Communications An Overview of Public Key Cryptography Martin E. Hellman With a public key cryptosystem, the key used to encipher a message can be made public without compromising the secrecy of a different key needed to decipher that message. I. COMMERCIAL NEED FOR ENCRYPTION Thisproblem is compounded in remote computing Cryptography has beenof great importance to the mil- because the entire “conversation”is in computer readable itaryand diplomatic communities since antiquity but form. An eavesdropper can then cheaply sort messages failed, until recently,.to attract much commercial atten- not only on the basisof the called number, but also on the tion. Recent commercial interest, by contrast, has been content of’the message, and record all messages which almostexplosive due to the rapid computerization of contain one or more keywords. By including a name or information storage, transmission, and spying. product on this list, an eavesdropper will obtain all mes- Telephone lines are vulnerable to wiretapping, and.if sages from, to,or about the “targeted” personor product. carried by microwave radio, this need not entail the phys-While each fact by itself may not be considered sensitive, ical tapping.of any wires. The act becomes passive and the compilationof so many facts will often be.considered almost undetectable. It recently came to light that the highly confidential. Russians were using the antenna farms on the roofs of It is now seen why electronic mail must be cryptogra- their embassy and consulates to listen in on domestic tel-phically protected, even though almost no physical mail . ephone conversations, and that they had been successful is given this protection. Confidential physical messages in sorting out some conversations to Congressmen. are not written on postcards and, evenif they were, could Humansorting could be used, but is too expensive not be scanned at a cost of only $1 for several million because only a small percentage of the traffic is interest- words. ing. Instead, the Russians automatically sorted the traffic on the basis of the dialing tones which precede each con- 11. THE COST OF ENCRYPTION versation ‘and specify the number being called. These tones can be demodulated and a microprocessor used to Books about World WarI1 intelligence operations make activate a tape recorder whenever an “interesting” tele- it clear that the allies were routinely reading enciphered phone number [one stored in memory) is detected. The German messages. The weakness of the Japanese codes low cost of.such a device makes it possible to economi- was established by the Congressional hearings into .the cally sort thousands of conversations for even one inter- Pearl Harbor disaster, and while it is less well publicized, esting one. theGermans had broken the primary American field I cipher. This work was supported in part under NSF Grant ENGJ0173. If the major military powersof World War I1 could not The author is with the Department of Electrical Engineering, afford secure cryptographic equipment, how is industry Stanford University, Stanford, CA 94305. to do so in its much more cost-conscious environment? 0148-9615/78/1100-0024$00.75 01978 IEEE 24 IEEE COMMUNICATIONS SOCIETY MAGAZINE Encryption isa special formof computation and, just as and distributed to the appropriate users, but the cost it was impossible to build good, inexpensive, reliable, would be prohibitive. A system with even a million sub- .portable computers in the 1940'~~ it was impossible to scribers would have almost 500 billion possible keys to buildgood (secure), inexpensive, reliable, portable distribute. In the military, the chain of command limits encryption units. The scientific calculator which sells for the number of connections, but even there, key distribu- under $100 today would have cost on the orderof a mil- tion has beena major problem. It will be even more acute lion dollars and required an entire room to house it in in commercial systems. 1945. It is possible for each user to have only one key which While embryonic computers were developed during the he shares with the network rather than with any other war (often for codebreaking), they were too expensive, user, and for the network to use this asa master key for unreliable, and bulky for field use. Most computational distributingconversation specific keys [2], [3]. This aids were mechanical in nature and based on gears. Sim- method requires that the portion of the network which ilarly, all of the major field ciphers employed gear-based .distributes the keys (known as the key distribution cen- devices and, just as Babbage's failure indicates the diffi- ter or node) be trustworthy and secure. culty of building a good computer out of gears, it is also Diffie and Hellman [4] and independently Merkle [5] difficult to build a good cryptosystem from gears. The have proposed a radically different approach to the key development of general-purposedigital hardware has distribution problem. As indicated in. Fig. 2, secure com- freed the designersof cryptographic equipment to use the municationtakes place without any prearrangement best operations froma cryptographic pointof view, with- between the conversants and without'access toa secure outhaving to worry about extraneous mechanical key distribution channel. As indicated in the figure, two constraints. way communication is allowed and there are independent As an illustrationof the current low costof encryption, random number generators at both the transmitter and therecently promulgated national Data Encryption the receiver. Two way communication is essential to dis- Standard[DES) can be implemented on a singleinte- tinguishthe receiver from 'the eavesdropper. Having grated circuit chip, and will sell in the$10 range before random number generators at both ends is not as basica long. While some have criticized the standard as not beingrequirement, and isonly needed insome adequately secure [I], this inadequacy is due to political implementations. considerationsand is not the fault of insufficient technology. 111.KEY DISTRIBUTION AND PUBLIC CRYPTANALYST KEY SYSTEMS 7 Whiledigital technology has reduced the cost of encryption to an almost negligible level, there are other major problems involved in securing a communication network. Oneof the most pressing is key distribution, the problem of securely transmitting keys to the users who SOURCE #I SOURCE # 2 need them. The classical solution to the key distribution problem is Fig. 2. Pubilc Key Cryptographic System. indicated in Fig. 1. The key is distributed over a secure channel as indicated by the shielded cable. The secure The situation is analogous to havinga room full of peo- channel is not used for direct transmission of the plain- plewho have never met before and who are of equal text message P because it is too slow or expensive. mathematical ability. I choose one other person in the room and, with everyone else listening, give him instruc- tions which allow the twoof us to carry ona conversation that no one else can understand. I then choose another CRYPTANALYST person and do the same with him. This sounds somewhat impossible and, from one point 7of view, it is.If the cryptanalyst had unlimited computer time he could understand everything we said.But that is also true. of most conventional cryptographic systems- the cryptanalyst can try all keys until he finds the one that yields a meaningful decipherment of the intercepted I SOURCE I message. The real question is whether we can, with very limited computations, exchange a message which would Fig. 1. ConventionalCryptographic System. take the cryptanalyst eons to understand using the most powerful computers envisionable. The military has traditionally used courier service for A public key cryptosystem [4] has two keys, one for distributing keys to the sender and receiver. In commer- enciphering and one for deciphering. While the two keys cial systems registered mail might be used. Either way, effect inverse operations and are therefore,related, there key distribution is slow, expensiv.e, anda major impedi- must be no easily computed methodof deriving the deci- ment to secure communication. phering key from the enciphering key. The enciphering key Keys could be generated for each possible conversation can then be made public without compromising the deci- NOVEMBER 1978 25 phering key so that anyone can encipher messages, but - 1 and which has no common factors with+(n). This then only the intended recipient can decipher messages. allows The conventional cryptosystemof Fig. 1 can be likened D = E-’(2)4(n) mod to a mathematical strongbox with a resettable combina- tion lock. The sender and receiver ause secure channelto to be calculated easily using an extended version of Eu- clid’s algorithm for computing the greatest common di- agree ona combination (key) and can then easily lock and visor of twonumbers [9, p.315, problem 15; p. 523, unlock (encipher and decipher) messages, but no one else solution to problem 151 can. A public key cryptosystem can be likened to a mathe- matical strongbox witha new kindof resettable combina- tion lock that has two combinations, one for locking and THE RIVEST-SHAMIR-ADLEMAN one for unlocking the lock. (The lock does not lock if PUBLIC KEY SCHEME merely closed.) By making the locking combination (enci- phering key) public anyone can lock up information, but Design onlythe intended recipient who knows the unlocking Find two large prime numbersp and combination (deciphering key) can unlock the box to re- cover the information. q, each about 100 decimal digits long. Public key and related cryptosystems have been pro- Let n = pq and a,b = (p-l)(q-1). posed by Merkle [5], Diffie and Hellman [4], Rivestet al. Choose a random integer E between [6], Merkle and Hellman [7], and McEliece [8]. We will only outline the approaches, and the readeris referred to 3 and $ which has no common factors the original papers for details. with $. Thenit is easyto find an integer D which is the “inverse” of E modulo $, that is, D - E differs from 1 Electronic mail unlike ordinary mail is machine by a multiple of $.
Recommended publications
  • Cryptography in Modern World

    Cryptography in Modern World

    Cryptography in Modern World Julius O. Olwenyi, Aby Tino Thomas, Ayad Barsoum* St. Mary’s University, San Antonio, TX (USA) Emails: [email protected], [email protected], [email protected] Abstract — Cryptography and Encryption have been where a letter in plaintext is simply shifted 3 places down used for secure communication. In the modern world, the alphabet [4,5]. cryptography is a very important tool for protecting information in computer systems. With the invention ABCDEFGHIJKLMNOPQRSTUVWXYZ of the World Wide Web or Internet, computer systems are highly interconnected and accessible from DEFGHIJKLMNOPQRSTUVWXYZABC any part of the world. As more systems get interconnected, more threat actors try to gain access The ciphertext of the plaintext “CRYPTOGRAPHY” will to critical information stored on the network. It is the be “FUBSWRJUASLB” in a Caesar cipher. responsibility of data owners or organizations to keep More recent derivative of Caesar cipher is Rot13 this data securely and encryption is the main tool used which shifts 13 places down the alphabet instead of 3. to secure information. In this paper, we will focus on Rot13 was not all about data protection but it was used on different techniques and its modern application of online forums where members could share inappropriate cryptography. language or nasty jokes without necessarily being Keywords: Cryptography, Encryption, Decryption, Data offensive as it will take those interested in those “jokes’ security, Hybrid Encryption to shift characters 13 spaces to read the message and if not interested you do not need to go through the hassle of converting the cipher. I. INTRODUCTION In the 16th century, the French cryptographer Back in the days, cryptography was not all about Blaise de Vigenere [4,5], developed the first hiding messages or secret communication, but in ancient polyalphabetic substitution basically based on Caesar Egypt, where it began; it was carved into the walls of cipher, but more difficult to crack the cipher text.
  • A Review on Elliptic Curve Cryptography for Embedded Systems

    A Review on Elliptic Curve Cryptography for Embedded Systems

    International Journal of Computer Science & Information Technology (IJCSIT), Vol 3, No 3, June 2011 A REVIEW ON ELLIPTIC CURVE CRYPTOGRAPHY FOR EMBEDDED SYSTEMS Rahat Afreen 1 and S.C. Mehrotra 2 1Tom Patrick Institute of Computer & I.T, Dr. Rafiq Zakaria Campus, Rauza Bagh, Aurangabad. (Maharashtra) INDIA [email protected] 2Department of C.S. & I.T., Dr. B.A.M. University, Aurangabad. (Maharashtra) INDIA [email protected] ABSTRACT Importance of Elliptic Curves in Cryptography was independently proposed by Neal Koblitz and Victor Miller in 1985.Since then, Elliptic curve cryptography or ECC has evolved as a vast field for public key cryptography (PKC) systems. In PKC system, we use separate keys to encode and decode the data. Since one of the keys is distributed publicly in PKC systems, the strength of security depends on large key size. The mathematical problems of prime factorization and discrete logarithm are previously used in PKC systems. ECC has proved to provide same level of security with relatively small key sizes. The research in the field of ECC is mostly focused on its implementation on application specific systems. Such systems have restricted resources like storage, processing speed and domain specific CPU architecture. KEYWORDS Elliptic curve cryptography Public Key Cryptography, embedded systems, Elliptic Curve Digital Signature Algorithm ( ECDSA), Elliptic Curve Diffie Hellman Key Exchange (ECDH) 1. INTRODUCTION The changing global scenario shows an elegant merging of computing and communication in such a way that computers with wired communication are being rapidly replaced to smaller handheld embedded computers using wireless communication in almost every field. This has increased data privacy and security requirements.
  • Choosing Key Sizes for Cryptography

    Choosing Key Sizes for Cryptography

    information security technical report 15 (2010) 21e27 available at www.sciencedirect.com www.compseconline.com/publications/prodinf.htm Choosing key sizes for cryptography Alexander W. Dent Information Security Group, University Of London, Royal Holloway, UK abstract After making the decision to use public-key cryptography, an organisation still has to make many important decisions before a practical system can be implemented. One of the more difficult challenges is to decide the length of the keys which are to be used within the system: longer keys provide more security but mean that the cryptographic operation will take more time to complete. The most common solution is to take advice from information security standards. This article will investigate the methodology that is used produce these standards and their meaning for an organisation who wishes to implement public-key cryptography. ª 2010 Elsevier Ltd. All rights reserved. 1. Introduction being compromised by an attacker). It also typically means a slower scheme. Most symmetric cryptographic schemes do The power of public-key cryptography is undeniable. It is not allow the use of keys of different lengths. If a designer astounding in its simplicity and its ability to provide solutions wishes to offer a symmetric scheme which provides different to many seemingly insurmountable organisational problems. security levels depending on the key size, then the designer However, the use of public-key cryptography in practice is has to construct distinct variants of a central design which rarely as simple as the concept first appears. First one has to make use of different pre-specified key lengths.
  • Cryptographic Control Standard, Version

    Cryptographic Control Standard, Version

    Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Standard Office Instruction: OCIO-CS-STD-2009 Office Instruction Title: Cryptographic Control Standard Revision Number: 2.0 Issuance: Date of last signature below Effective Date: October 1, 2017 Primary Contacts: Kathy Lyons-Burke, Senior Level Advisor for Information Security Responsible Organization: OCIO Summary of Changes: OCIO-CS-STD-2009, “Cryptographic Control Standard,” provides the minimum security requirements that must be applied to the Nuclear Regulatory Commission (NRC) systems which utilize cryptographic algorithms, protocols, and cryptographic modules to provide secure communication services. This update is based on the latest versions of the National Institute of Standards and Technology (NIST) Guidance and Federal Information Processing Standards (FIPS) publications, Committee on National Security System (CNSS) issuances, and National Security Agency (NSA) requirements. Training: Upon request ADAMS Accession No.: ML17024A095 Approvals Primary Office Owner Office of the Chief Information Officer Signature Date Enterprise Security Kathy Lyons-Burke 09/26/17 Architecture Working Group Chair CIO David Nelson /RA/ 09/26/17 CISO Jonathan Feibus 09/26/17 OCIO-CS-STD-2009 Page i TABLE OF CONTENTS 1 PURPOSE ............................................................................................................................. 1 2 INTRODUCTION ..................................................................................................................
  • Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition

    Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition

    KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Promotor: Proefschrift voorgedragen tot Prof. Dr. ir. Bart Preneel het behalen van het doctoraat in de ingenieurswetenschappen door Souradyuti Paul November 2006 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Jury: Proefschrift voorgedragen tot Prof. Dr. ir. Etienne Aernoudt, voorzitter het behalen van het doctoraat Prof. Dr. ir. Bart Preneel, promotor in de ingenieurswetenschappen Prof. Dr. ir. Andr´eBarb´e door Prof. Dr. ir. Marc Van Barel Prof. Dr. ir. Joos Vandewalle Souradyuti Paul Prof. Dr. Lars Knudsen (Technical University, Denmark) U.D.C. 681.3*D46 November 2006 ⃝c Katholieke Universiteit Leuven { Faculteit Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron- isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2006/7515/88 ISBN 978-90-5682-754-0 To my parents for their unyielding ambition to see me educated and Prof. Bimal Roy for making cryptology possible in my life ... My Gratitude It feels awkward to claim the thesis to be singularly mine as a great number of people, directly or indirectly, participated in the process to make it see the light of day.
  • SHA-3 and the Hash Function Keccak

    SHA-3 and the Hash Function Keccak

    Christof Paar Jan Pelzl SHA-3 and The Hash Function Keccak An extension chapter for “Understanding Cryptography — A Textbook for Students and Practitioners” www.crypto-textbook.com Springer 2 Table of Contents 1 The Hash Function Keccak and the Upcoming SHA-3 Standard . 1 1.1 Brief History of the SHA Family of Hash Functions. .2 1.2 High-level Description of Keccak . .3 1.3 Input Padding and Generating of Output . .6 1.4 The Function Keccak- f (or the Keccak- f Permutation) . .7 1.4.1 Theta (q)Step.......................................9 1.4.2 Steps Rho (r) and Pi (p).............................. 10 1.4.3 Chi (c)Step ........................................ 10 1.4.4 Iota (i)Step......................................... 11 1.5 Implementation in Software and Hardware . 11 1.6 Discussion and Further Reading . 12 1.7 Lessons Learned . 14 Problems . 15 References ......................................................... 17 v Chapter 1 The Hash Function Keccak and the Upcoming SHA-3 Standard This document1 is a stand-alone description of the Keccak hash function which is the basis of the upcoming SHA-3 standard. The description is consistent with the approach used in our book Understanding Cryptography — A Textbook for Students and Practioners [11]. If you own the book, this document can be considered “Chap- ter 11b”. However, the book is most certainly not necessary for using the SHA-3 description in this document. You may want to check the companion web site of Understanding Cryptography for more information on Keccak: www.crypto-textbook.com. In this chapter you will learn: A brief history of the SHA-3 selection process A high-level description of SHA-3 The internal structure of SHA-3 A discussion of the software and hardware implementation of SHA-3 A problem set and recommended further readings 1 We would like to thank the Keccak designers as well as Pawel Swierczynski and Christian Zenger for their extremely helpful input to this document.
  • Security Evaluation of the K2 Stream Cipher

    Security Evaluation of the K2 Stream Cipher

    Security Evaluation of the K2 Stream Cipher Editors: Andrey Bogdanov, Bart Preneel, and Vincent Rijmen Contributors: Andrey Bodganov, Nicky Mouha, Gautham Sekar, Elmar Tischhauser, Deniz Toz, Kerem Varıcı, Vesselin Velichkov, and Meiqin Wang Katholieke Universiteit Leuven Department of Electrical Engineering ESAT/SCD-COSIC Interdisciplinary Institute for BroadBand Technology (IBBT) Kasteelpark Arenberg 10, bus 2446 B-3001 Leuven-Heverlee, Belgium Version 1.1 | 7 March 2011 i Security Evaluation of K2 7 March 2011 Contents 1 Executive Summary 1 2 Linear Attacks 3 2.1 Overview . 3 2.2 Linear Relations for FSR-A and FSR-B . 3 2.3 Linear Approximation of the NLF . 5 2.4 Complexity Estimation . 5 3 Algebraic Attacks 6 4 Correlation Attacks 10 4.1 Introduction . 10 4.2 Combination Generators and Linear Complexity . 10 4.3 Description of the Correlation Attack . 11 4.4 Application of the Correlation Attack to KCipher-2 . 13 4.5 Fast Correlation Attacks . 14 5 Differential Attacks 14 5.1 Properties of Components . 14 5.1.1 Substitution . 15 5.1.2 Linear Permutation . 15 5.2 Key Ideas of the Attacks . 18 5.3 Related-Key Attacks . 19 5.4 Related-IV Attacks . 20 5.5 Related Key/IV Attacks . 21 5.6 Conclusion and Remarks . 21 6 Guess-and-Determine Attacks 25 6.1 Word-Oriented Guess-and-Determine . 25 6.2 Byte-Oriented Guess-and-Determine . 27 7 Period Considerations 28 8 Statistical Properties 29 9 Distinguishing Attacks 31 9.1 Preliminaries . 31 9.2 Mod n Cryptanalysis of Weakened KCipher-2 . 32 9.2.1 Other Reduced Versions of KCipher-2 .
  • Eurocrypt 2013 Athens, Greece, May 28Th, 2013

    Eurocrypt 2013 Athens, Greece, May 28Th, 2013

    Keccak Guido Bertoni1 Joan Daemen1 Michaël Peeters2 Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors Eurocrypt 2013 Athens, Greece, May 28th, 2013 1 / 57 Symmetric crypto: what textbooks and intro’s say Symmetric cryptographic primitives: Block ciphers Stream ciphers Hash functions And their modes-of-use Picture by GlasgowAmateur 2 / 57 Outline 1 The sponge construction 2 Inside Keccak 3 Outside Keccak (using sponge and duplex) 4 Keccak towards the SHA-3 standard 5 Further inside Keccak 3 / 57 The sponge construction Outline 1 The sponge construction 2 Inside Keccak 3 Outside Keccak (using sponge and duplex) 4 Keccak towards the SHA-3 standard 5 Further inside Keccak 4 / 57 The sponge construction Our beginning: RadioGatún Initiative to design hash/stream function (late 2005) rumours about NIST call for hash functions forming of Keccak Team starting point: fixing Panama [Daemen, Clapp, FSE 1998] RadioGatún [Keccak team, NIST 2nd hash workshop 2006] more conservative than Panama arbitrary output length primitive expressing security claim for arbitrary output length primitive Sponge functions [Keccak team, Ecrypt hash, 2007] … closest thing to a random oracle with a finite state … Sponge construction calling random permutation 5 / 57 The sponge construction The sponge construction More general than a hash function: arbitrary-length output Calls a b-bit permutation f, with b = r + c r bits of rate c bits of capacity (security parameter) 6 / 57 The sponge construction Generic security of the sponge construction Theorem (Indifferentiability of the sponge construction) The sponge construction calling a random permutation, S0[F], is 2 (tD, tS, N, e)-indifferentiable from a random oracle, for any tD, tS = O(N ), c e e ≈ N N < 2 and for any with > fP(N) 2c+1 .
  • Broad View of Cryptographic Hash Functions

    Broad View of Cryptographic Hash Functions

    IJCSI International Journal of Computer Science Issues, Vol. 10, Issue 4, No 1, July 2013 ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784 www.IJCSI.org 239 Broad View of Cryptographic Hash Functions 1 2 Mohammad A. AlAhmad , Imad Fakhri Alshaikhli 1 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan Gombak Kuala Lumpur, Malaysia, 2 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan Gombak Kuala Lumpur, Malaysia Abstract Cryptographic hash function is a function that takes an arbitrary length as an input and produces a fixed size of an output. The viability of using cryptographic hash function is to verify data integrity and sender identity or source of information. This paper provides a detailed overview of cryptographic hash functions. It includes the properties, classification, constructions, attacks, applications and an overview of a selected dedicated cryptographic hash functions. Keywords-cryptographic hash function, construction, attack, classification, SHA-1, SHA-2, SHA-3. Figure 1. Classification of cryptographic hash function 1. INTRODUCTION CRHF usually deals with longer length hash values. An A cryptographic hash function H is an algorithm that takes an unkeyed hash function is a function for a fixed positive integer n * arbitrary length of message as an input {0, 1} and produce a which has, as a minimum, the following two properties: n fixed length of an output called message digest {0, 1} 1) Compression: h maps an input x of arbitrary finite bit (sometimes called an imprint, digital fingerprint, hash code, hash length, to an output h(x) of fixed bit length n.
  • Security Analysis of SHA-256 and Sisters

    Security Analysis of SHA-256 and Sisters

    Security Analysis of SHA-256 and Sisters Henri Gilbert1 and Helena Handschuh2 1 France T´el´ecom R&D, FTRD/DTL/SSR 38-40 Rue du G´en´eral Leclerc, F-92131 Issy-Les Moulineaux [email protected] 2 GEMPLUS, Security Technologies Department 34 Rue Guynemer, F-92447 Issy-les-Moulineaux [email protected] Abstract. This paper studies the security of SHA-256, SHA-384 and SHA-512 against collision attacks and provides some insight into the security properties of the basic building blocks of the structure. It is concluded that neither Chabaud and Joux’s attack, nor Dobbertin-style attacks apply. Differential and linear attacks also don’t apply on the underlying structure. However we show that slightly simplified versions of the hash functions are surprisingly weak : whenever symmetric con- stants and initialization values are used throughout the computations, and modular additions are replaced by exclusive or operations, sym- metric messages hash to symmetric digests. Therefore the complexity of collision search on these modified hash functions potentially becomes as low as one wishes. 1 Introduction A cryptographic hash function can be informally defined as an easy to compute but hard to invert function which maps a message of arbitrary length into a fixed length (m-bit) hash value, and satisfies the property that finding a collision, i.e. two messages with the same hash value, is computationally infeasible. Most collision resistant hash function candidates proposed so far are based upon the iterated use of a so-called compression function, which maps a fixed-length (m+ n-bit) input value into a shorter fixed-length m-bit output value.
  • Modified SHA1: a Hashing Solution to Secure Web Applications Through Login Authentication

    Modified SHA1: a Hashing Solution to Secure Web Applications Through Login Authentication

    36 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 11, No. 1, April 2019 Modified SHA1: A Hashing Solution to Secure Web Applications through Login Authentication Esmael V. Maliberan Graduate Studies, Surigao del Sur State University, Philippines Abstract: The modified SHA1 algorithm has been developed by attack against the SHA-1 hash function, generating two expanding its hash value up to 1280 bits from the original size of different PDF files. The research study conducted by [9] 160 bit. This was done by allocating 32 buffer registers for presented a specific freestart identical pair for SHA-1, i.e. a variables A, B, C and D at 5 bytes each. The expansion was done by collision within its compression function. This was the first generating 4 buffer registers in every round inside the compression appropriate break of the SHA-1, extending all 80 out of 80 function for 8 times. Findings revealed that the hash value of the steps. This attack was performed for only 10 days of modified algorithm was not cracked or hacked during the experiment and testing using powerful online cracking tool, brute computation on a 64-GPU. Thus, SHA1 algorithm is not force and rainbow table such as Cracking Station and Rainbow anymore safe in login authentication and data transfer. For Crack and bruteforcer which are available online thus improved its this reason, there were enhancements and modifications security level compared to the original SHA1. being developed in the algorithm in order to solve these issues [10, 11]. [12] proposed a new approach to enhance Keywords: SHA1, hashing, client-server communication, MD5 algorithm combined with SHA compression function modified SHA1, hacking, brute force, rainbow table that produced a 256-bit hash code.
  • Analysis of Lightweight Stream Ciphers

    Analysis of Lightweight Stream Ciphers

    ANALYSIS OF LIGHTWEIGHT STREAM CIPHERS THÈSE NO 4040 (2008) PRÉSENTÉE LE 18 AVRIL 2008 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SÉCURITÉ ET DE CRYPTOGRAPHIE PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Simon FISCHER M.Sc. in physics, Université de Berne de nationalité suisse et originaire de Olten (SO) acceptée sur proposition du jury: Prof. M. A. Shokrollahi, président du jury Prof. S. Vaudenay, Dr W. Meier, directeurs de thèse Prof. C. Carlet, rapporteur Prof. A. Lenstra, rapporteur Dr M. Robshaw, rapporteur Suisse 2008 F¨ur Philomena Abstract Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of modern lightweight stream ciphers. We derive and improve cryptanalytic methods for dif- ferent building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the develop- ment of secure and efficient stream ciphers. The best-known building block is the linear feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSR-based stream ciphers are the recent algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key.