DOCSLIB.ORG

Introduction to Design and Cryptanalysis of Cryptographic Hash

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introduction to Design and Cryptanalysis of Cryptographic Hash Hash Functions - Bart Preneel June 2014 Hash functions X.509 Annex D RIPEMD-160 MDC-2 SHA-256 SHA-3 MD2, MD4, MD5 SHA-512 Introduction to the SHA-1 Design and Cryptanalysis of This is an input to a crypto- Cryptographic Hash Functions graphic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are 1A3FD4128A198FB3CA345932 Bart Preneel additional security conditions: it h should be very hard to find an KU Leuven - COSIC input hashing to a given value (a [email protected] preimage) or to find two colliding inputs (a collision). Sibenik, June 2014 Insert presenter logo here on slide master 2 Applications Agenda • short unique identifier to a string • Definitions – digital signatures – data authentication • Iterations (modes) • one-way function of a string • Compression functions – protection of passwords – micro-payments • Constructions • confirmation of knowledge/commitment • SHA-3 • pseudo-random string generation/key derivation • Conclusions • entropy extraction • construction of MAC algorithms, stream ciphers, block ciphers,… 2005: 800 uses of MD5 in Microsoft Windows 3 4 Security requirements (n-bit result) Preimage resistance preimage 2nd preimage collision preimage • in a password file, one does not store – (username, password) x ? ? ? ? ? • but – (username,hash(password)) h h h h h h • this is sufficient to verify a password • an attacker with access to the password file has to find a preimage h(x) h(x) = h(x’) h(x) = h(x’) h(x) 2n 2n 2n/2 2n 5 6 1 Hash Functions - Bart Preneel June 2014 Second preimage resistance Collision resistance 2nd preimage • hacker Alice prepares two versions collision x of a software driver for the O/S company Bob Channel 1: high capacity and insecure x’ x ? – x is correct code x h(x) – x’ contains a backdoor that gives Alice access to the machine Channel 2: low capacity but secure (= authenticated – cannot be modified) • Alice submits x for inspection to Bob h h • if Bob is satisfied, he digitally signs h h h(x) with his private key • an attacker can modify x but not h(x) • Alice now distributes x’ to users of h(x) = h(x’) • he can only fool the recipient if he the O/S; these users verify the h(x) = h(x’) finds a second preimage of x signature with Bob’s public key n n/2 2 • this signature works for x and for x’, 2 since h(x) = h(x’) 7 8 Indifferentiability from a random oracle Pseudo-random function or PRO property [Maurer+04] computationally indistinguishable from a random function variant of indistinguishability appropriate when distinguisher $ prf $ hK(.) f Advh = Pr [ K K: A 1] - Pr [ f RAND(m,n):A 1] has access to inner component (e.g. building block of a hash function) RAND(m,n): set of all functions from m-bit to n-bit strings Simulator S, distinguisher D, AdvPRO(H,S) is small K h FIL f H VIL RO S (hash function) RO ? or ? This concept makes only ? or ? sense for a function with a D secret key D [Ristenpart-Shacham-Shrimpton’11] 9 [Demay-Gaz-Hirt-Maurer’13] 10 Brute force (2nd) preimage Brute force attacks in practice • multiple target second preimage (1 out of many): • (2nd) preimage search t – if one can attack 2 simultaneous targets, the effort to find a single 40 preimage is 2n-t – n = 128: 14 B$ for 1 year if one can attack 2 targets in parallel • multiple target second preimage (many out of many): • parallel collision search: small memory using cycle finding algorithms (distinguished points) – time-memory trade-off with Θ(2n) precomputation and storage Θ(22n/3) time per (2nd) preimage: Θ(22n/3) – n = 128: 1 M$ for 5 hours (or 1 year on 60K PCs) [Hellman’80] – n = 160: 56 M$ for 1 year – need 256-bit result for long term security (30 years or more) • answer: randomize hash function with a parameter S (salt, key, spice,…) 11 12 2 Hash Functions - Bart Preneel June 2014 Quantum computers Properties in practice • in principle exponential parallelism • collision resistance is not always necessary • inverting a one-way function: 2n reduced to 2n/2 • other properties are needed: [Grover’96] – PRF: pseudo-randomness if keyed (with secret key) • collision search: can we do better than 2n/2 ? – PRO: pseudo-random oracle property – near-collision resistance – 2n/3 computation + hardware [Brassard-Hoyer-Tapp’98] = 22n/3 – partial preimage resistance (most of input known) n/4 – [Bernstein’09] classical collision search requires 2 computation – multiplication freeness and hardware (= standard cost of 2n/2 ) • how to formalize these requirements and the relation between them? 13 14 How not to construct a hash function • Divide the message into t blocks xi of n bits each Message block 1: x1 Iteration Message block 2: x2 (mode of compression function) … Message block t: xt = Hash value h(x) 15 15 16 Hash function: iterated structure Security relation between f and h • iterating f can degrade its security – trivial example: 2nd preimage IV H1 H2 H3 f f f f g IV H H H 1 2 3 g x1 x2 x3 x4 f f f f • split messages into blocks of fixed length and hash them x1 x2 x3 x4 block by block with a compression function f • need padding at the end IV = H1 H2 H3 f f f g efficient and elegant…. but … x2 x3 x4 17 18 3 Hash Functions - Bart Preneel June 2014 Security relation between f and h (2) Security relation between f and h (3) • solution: Merkle-Damgård (MD) strengthening length extension: if one knows h(x), easy to compute h(x || y) without knowing x or IV – fix IV, use unambiguous padding and insert length at the end IV H H 1 2 H = h(x) f f f 3 • f is collision resistant h is collision resistant x x x [Merkle’89-Damgård’89] 1 2 3 IV H H H H = h(x || y) nd nd 1 2 3 4 • f is ideally 2 preimage resistant ? h is ideally 2 f f f f preimage resistant [Lai-Massey’92] x1 x2 x3 y • PRO preservation Col, Sec and Pre for ideal compression function solution: output transformation – but for narrow pipe bounds for Sec and Pre are at most 2n/2 rather than 2n IV H1 H2 H3 • many other results f f f f g 19 x1 x2 x3 x4 20 How (NOT) to strengthen a hash function? Attacks on MD-type iterations [Coppersmith’85][Joux’04] • long message 2nd preimage attack • answer: concatenation [Dean-Felten-Hu'99], [Kelsey-Schneier’05] – Sec security degrades lineary with number 2t of message blocks • h1 (n1-bit result) and h2 (n2-bit result) hashed: 2n-t+1 + t 2n/2+1 – appending the length does not help here! • multi-collision attack and impact on concatenation [Joux’04] • intuition: the strength of g against h h collision/(2nd) preimage attacks is the 1 2 • herding attack [Kelsey-Kohno’06] product of the strength of h1 and h2 – reduces security of commitment using a hash function from 2n — if both are “independent” – on-line 2n-t + precomputation 2.2(n+t)/2 + storage 2t g(x) = h1(x) || h2(x) • but…. 21 22 Multiple collisions multi-collision Multi-collisions on iterated hash function (2) Assume “ideal” hash function h with n-bit result IV H1 H2 H3 • Θ(2n/2) evaluations of h (or steps): 1 collision f f f f – h(x)=h(x’) x , x’ x , x’ x , x’ x , x’ • Θ(r. 2n/2) steps: r2 collisions 1 1 2 2 3 3 4 4 – h(x1)=h(x1’) ; h(x2)=h(x2’) ; … ; h(xr2)=h(xr2’) • for IV: collision for block 1: x1, x’1 • for H : collision for block 2: x , x’ • Θ(22n/3) steps: a 3-collision 1 2 2 for H : collision for block 3: x , x’ – h(x)= h(x’)=h(x’’) • 2 3 3 • for H3: collision for block 4: x4, x’4 • Θ(2n(t-1)/t) steps: a t-fold collision (multi-collision) • now h(x1||x2||x3||x4) = h(x’1||x2||x3||x4) = h(x’1||x’2||x3||x4) = … – h(x1)= h(x2)= … =h(xt) = h(x’1||x’2||x’3||x’4) a 16-fold collision (time: 4 collisions) 23 24 4 Hash Functions - Bart Preneel June 2014 Multi-collisions [Coppersmith’85][Joux ’04] Multi-collisions [Coppersmith’85][ Joux ’04] • finding multi-collisions for an iterated hash function is not consider h1 (n1-bit result) and h2 (n2-bit result), with n1 n2. much harder than finding a single collision (if the size of the concatenation of 2 iterated hash functions (g(x)= h (x) || h (x)) internal memory is n bits) 1 2 is as most as strong as the strongest of the two (even if both are independent) • algorithm R • generate R = 2n1/2-fold • cost of collision attack against g at most n2/2 n1/2 (n1 + n2)/2 multi-collision for h2 n1 . 2 + 2 << 2 • in R: search by brute • cost of (2nd) preimage attack against g at most force for h1 n1 . 2n2/2 + 2n1 + 2n2 << 2n1 + n2 • if either of the functions is weak, the attacks may work better • Time: n1. 2n2/2 + 2n1/2 h1 h2 << 2(n1 + n2)/2 g(x) = h1(x) || h2(x) 25 26 Improving MD iteration Improving MD iteration salt + output transformation + counter + wide pipe • degradation with use: salting (family of functions, randomization) salt salt salt salt salt – or should a salt be part of the input? • PRO: strong output transformation g IV H1 H2 H 3 – also solves length extension 2n 2n 2n 2n g n f f f f 2n • long message 2nd preimage: preclude fix points – counter f fi [Biham-Dunkelman’07] |x| x x x x n/2 1 1 2 2 3 3 4 4 • multi-collisions, herding: avoid breakdown at 2 with larger internal memory: known as wide pipe security reductions well understood – e.g., extended MD4, RIPEMD, [Lucks’05] many more results on property preservation impact of theory limited 27 28 Tree structure: parallelism Permutation (π) based: sponge x x x x h1 h2 [Damgård’89], [Pal-Sarkar’03], [Keccak team’13] 1 2 3 4 H1 x1 x2 x3 x4 x5 x6 x7 x8 0 r f f f f π π π π π π H2 0 … c f f absorb squeeze if result has n bits, H1 has r bits (rate), H2 has c bits (capacity) and f the permutation π is “ideal” collisions min (2c/2 , 2n/2) 2nd preimage min (2c/2 , 2n) c
Load more

Recommended publications
  • Increasing Cryptography Security Using Hash-Based Message
    ISSN (Print) : 2319-8613 ISSN (Online) : 0975-4024 Seyyed Mehdi Mousavi et al. / International Journal of Engineering and Technology (IJET) Increasing Cryptography Security using Hash-based Message Authentication Code Seyyed Mehdi Mousavi*1, Dr.Mohammad Hossein Shakour 2 1-Department of Computer Engineering, Shiraz Branch, Islamic AzadUniversity, Shiraz, Iran . Email : [email protected] 2-Assistant Professor, Department of Computer Engineering, Shiraz Branch, Islamic Azad University ,Shiraz ,Iran Abstract Nowadays, with the fast growth of information and communication technologies (ICTs) and the vulnerabilities threatening human societies, protecting and maintaining information is critical, and much attention should be paid to it. In the cryptography using hash-based message authentication code (HMAC), one can ensure the authenticity of a message. Using a cryptography key and a hash function, HMAC creates the message authentication code and adds it to the end of the message supposed to be sent to the recipient. If the recipient of the message code is the same as message authentication code, the packet will be confirmed. The study introduced a complementary function called X-HMAC by examining HMAC structure. This function uses two cryptography keys derived from the dedicated cryptography key of each packet and the dedicated cryptography key of each packet derived from the main X-HMAC cryptography key. In two phases, it hashes message bits and HMAC using bit Swapp and rotation to left. The results show that X-HMAC function can be a strong barrier against data identification and HMAC against the attacker, so that it cannot attack it easily by identifying the blocks and using HMAC weakness.
    [Show full text]
  • CHAPTER 9: ANALYSIS of the SHA and SHA-L HASH ALGORITHMS
    CHAPTER 9: ANALYSIS OF THE SHA AND SHA-l HASH ALGORITHMS In this chapter the SHA and SHA-l hash functions are analysed. First the SHA and SHA-l hash functions are described along with the relevant notation used in this chapter. This is followed by describing the algebraic structure of the message expansion algorithm used by SHA. We then proceed to exploit this algebraic structure of the message expansion algorithm by applying the generalised analysis framework presented in Chapter 8. We show that it is possible to construct collisions for each of the individual rounds of the SHA hash function. The source code that implements the attack is attached in Appendix F. The same techniques are then applied to SHA-l. SHA is an acronym for Secure Hash Algorithm. SHA and SHA-l are dedicated hash func- tions based on the iterative Damgard-Merkle construction [22] [23]. Both of the round func- tions utilised by these algorithms take a 512 bit input (or a multiple of 512) and produce a 160 bit hash value. SHA was first published as Federal Information Processing Standard 180 (FIPS 180). The secure hash algorithm is based on principles similar to those used in the design of MD4 [10]. SHA-l is a technical revision of SHA and was published as FIPS 180-1 [13]. It is believed that this revision makes SHA-l more secure than SHA [13] [50] [59]. SHA and SHA-l differ from MD4 with regard to the number of rounds used, the size of the hash result and the definition of a single step.
    [Show full text]
  • MD5 Collisions the Effect on Computer Forensics April 2006
    Paper MD5 Collisions The Effect on Computer Forensics April 2006 ACCESS DATA , ON YOUR RADAR MD5 Collisions: The Impact on Computer Forensics Hash functions are one of the basic building blocks of modern cryptography. They are used for everything from password verification to digital signatures. A hash function has three fundamental properties: • It must be able to easily convert digital information (i.e. a message) into a fixed length hash value. • It must be computationally impossible to derive any information about the input message from just the hash. • It must be computationally impossible to find two files to have the same hash. A collision is when you find two files to have the same hash. The research published by Wang, Feng, Lai and Yu demonstrated that MD5 fails this third requirement since they were able to generate two different messages that have the same hash. In computer forensics hash functions are important because they provide a means of identifying and classifying electronic evidence. Because hash functions play a critical role in evidence authentication, a judge and jury must be able trust the hash values to uniquely identify electronic evidence. A hash function is unreliable when you can find any two messages that have the same hash. Birthday Paradox The easiest method explaining a hash collision is through what is frequently referred to as the Birthday Paradox. How many people one the street would you have to ask before there is greater than 50% probability that one of those people will share your birthday (same day not the same year)? The answer is 183 (i.e.
    [Show full text]
  • Design Principles for Hash Functions Revisited
    Design Principles for Hash Functions Revisited Bart Preneel Katholieke Universiteit Leuven, COSIC bartDOTpreneel(AT)esatDOTkuleuvenDOTbe http://homes.esat.kuleuven.be/ preneel � October 2005 Outline Definitions • Generic Attacks • Constructions • A Comment on HMAC • Conclusions • are secure; they can be reduced to @ @ 2 classes based on linear transfor­ @ @ mations of variables. The properties @ of these 12 schemes with respect to @ @ weaknesses of the underlying block @ @ cipher are studied. The same ap­ proach can be extended to study keyed hash functions (MACs) based - -63102392168 on block ciphers and hash functions h based on modular arithmetic. Fi­ nally a new attack is presented on a scheme suggested by R. Merkle. This slide is now shown at the VI Spanish meeting on Information Se­ curity and Cryptology in a presenta­ tion on the state of hash functions. 2 Informal definitions (1) no secret parameters • x arbitrary length fixed length n • ) computation “easy” • One Way Hash Function (OWHF): preimage resistant: ! h(x) x with h(x) = h(x ) • 6) 0 0 2nd preimage resistant: • ! x; h(x) x (= x) with h(x ) = h(x) 6) 0 6 0 Collision Resistant Hash Function (CRHF) = OWHF + collision resistant: • x, x (x = x) with h(x) = h(x ). 6) 0 0 6 0 3 Informal definitions (2) preimage resistant 2nd preimage resistant 6) take a preimage resistant hash function; add an input bit b and • replace one input bit by the sum modulo 2 of this input bit and b 2nd preimage resistant preimage resistant 6) if h is OWHF, h is 2nd preimage resistant but not preimage • resistant 0 X if X n h(X) = 1kh(X) otherwise.j j < ( k collision resistant 2nd preimage resistant ) [Simon 98] one cannot derive collision resistance from ‘general’ preimage resistance 4 Formal definitions: (2nd) preimage resistance Notation: L = 0; 1 , l(n) > n f g A one-way hash function H is a function with domain D = Ll(n) and range R = Ln that satisfies the following conditions: preimage resistance: let x be selected uniformly in D and let M • be an adversary that on input h(x) uses time t and outputs < M(h(x)) D.
    [Show full text]
  • Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition
    KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Promotor: Proefschrift voorgedragen tot Prof. Dr. ir. Bart Preneel het behalen van het doctoraat in de ingenieurswetenschappen door Souradyuti Paul November 2006 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Jury: Proefschrift voorgedragen tot Prof. Dr. ir. Etienne Aernoudt, voorzitter het behalen van het doctoraat Prof. Dr. ir. Bart Preneel, promotor in de ingenieurswetenschappen Prof. Dr. ir. Andr´eBarb´e door Prof. Dr. ir. Marc Van Barel Prof. Dr. ir. Joos Vandewalle Souradyuti Paul Prof. Dr. Lars Knudsen (Technical University, Denmark) U.D.C. 681.3*D46 November 2006 ⃝c Katholieke Universiteit Leuven { Faculteit Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron- isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2006/7515/88 ISBN 978-90-5682-754-0 To my parents for their unyielding ambition to see me educated and Prof. Bimal Roy for making cryptology possible in my life ... My Gratitude It feels awkward to claim the thesis to be singularly mine as a great number of people, directly or indirectly, participated in the process to make it see the light of day.
    [Show full text]
  • The Whirlpool Secure Hash Function
    Cryptologia, 30:55–67, 2006 Copyright Taylor & Francis Group, LLC ISSN: 0161-1194 print DOI: 10.1080/01611190500380090 The Whirlpool Secure Hash Function WILLIAM STALLINGS Abstract In this paper, we describe Whirlpool, which is a block-cipher-based secure hash function. Whirlpool produces a hash code of 512 bits for an input message of maximum length less than 2256 bits. The underlying block cipher, based on the Advanced Encryption Standard (AES), takes a 512-bit key and oper- ates on 512-bit blocks of plaintext. Whirlpool has been endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption), which is a European Union-sponsored effort to put forward a portfolio of strong crypto- graphic primitives of various types. Keywords advanced encryption standard, block cipher, hash function, sym- metric cipher, Whirlpool Introduction In this paper, we examine the hash function Whirlpool [1]. Whirlpool was developed by Vincent Rijmen, a Belgian who is co-inventor of Rijndael, adopted as the Advanced Encryption Standard (AES); and by Paulo Barreto, a Brazilian crypto- grapher. Whirlpool is one of only two hash functions endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption) [13].1 The NESSIE project is a European Union-sponsored effort to put forward a portfolio of strong cryptographic primitives of various types, including block ciphers, symmetric ciphers, hash functions, and message authentication codes. Background An essential element of most digital signature and message authentication schemes is a hash function. A hash function accepts a variable-size message M as input and pro- duces a fixed-size hash code HðMÞ, sometimes called a message digest, as output.
    [Show full text]
  • David Wong Snefru
    SHA-3 vs the world David Wong Snefru MD4 Snefru MD4 Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2 Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2 Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2 Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2 Keccak BLAKE, Grøstl, JH, Skein Outline 1.SHA-3 2.derived functions 3.derived protocols f permutation-based cryptography AES is a permutation input AES output AES is a permutation 0 input 0 0 0 0 0 0 0 key 0 AES 0 0 0 0 0 0 output 0 Sponge Construction f Sponge Construction 0 0 0 1 0 0 0 1 f 0 1 0 0 0 0 0 1 Sponge Construction 0 0 0 1 r 0 0 0 1 f 0 1 0 0 c 0 0 0 1 Sponge Construction 0 0 0 1 r 0 0 0 1 f r c 0 1 0 0 0 0 0 0 c 0 0 0 0 0 1 0 0 key 0 AES 0 0 0 0 0 0 0 Sponge Construction message 0 1 0 1 0 ⊕ 1 0 0 f 0 0 0 0 0 1 0 0 Sponge Construction message 0 0 0 ⊕ ⊕ 0 f 0 0 0 0 Sponge Construction message 0 0 0 ⊕ ⊕ 0 f f 0 0 0 0 Sponge Construction message 0 0 0 ⊕ ⊕ ⊕ 0 f f 0 0 0 0 Sponge Construction message 0 0 0 ⊕ ⊕ ⊕ 0 f f f 0 0 0 0 Sponge Construction message 0 0 0 ⊕ ⊕ ⊕ 0 f f f 0 0 0 0 absorbing Sponge Construction message output 0 0 0 ⊕ ⊕ ⊕ 0 f f f 0 0 0 0 absorbing Sponge Construction message output 0 0 0 ⊕ ⊕ ⊕ 0 f f f f 0 0 0 0 absorbing Sponge Construction message output 0 0 0 ⊕ ⊕ ⊕ 0 f f f f 0 0 0 0 absorbing Sponge Construction message output 0 0 0 ⊕ ⊕ ⊕ 0 f f f f f 0 0 0 0 absorbing Sponge Construction message output 0 0 0 ⊕ ⊕ ⊕ 0 f f f f f 0 0 0 0 absorbing squeezing Keccak Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche 2007 SHA-3 competition 2012 2007 SHA-3 competition 2012 SHA-3 standard
    [Show full text]
  • NISTIR 7620 Status Report on the First Round of the SHA-3
    NISTIR 7620 Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Andrew Regenscheid Ray Perlner Shu-jen Chang John Kelsey Mridul Nandi Souradyuti Paul NISTIR 7620 Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Andrew Regenscheid Ray Perlner Shu-jen Chang John Kelsey Mridul Nandi Souradyuti Paul Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 September 2009 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Deputy Director NISTIR 7620: Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Abstract The National Institute of Standards and Technology is in the process of selecting a new cryptographic hash algorithm through a public competition. The new hash algorithm will be referred to as “SHA-3” and will complement the SHA-2 hash algorithms currently specified in FIPS 180-3, Secure Hash Standard. In October, 2008, 64 candidate algorithms were submitted to NIST for consideration. Among these, 51 met the minimum acceptance criteria and were accepted as First-Round Candidates on Dec. 10, 2008, marking the beginning of the First Round of the SHA-3 cryptographic hash algorithm competition. This report describes the evaluation criteria and selection process, based on public feedback and internal review of the first-round candidates, and summarizes the 14 candidate algorithms announced on July 24, 2009 for moving forward to the second round of the competition. The 14 Second-Round Candidates are BLAKE, BLUE MIDNIGHT WISH, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein.
    [Show full text]
  • Implementaç˜Ao Em Software De Algoritmos De Resumo Criptográfico
    Instituto de Computa¸c~ao Universidade Estadual de Campinas Implementa¸c~aoem software de algoritmos de resumo criptogr´afico Thomaz Eduardo de Figueiredo Oliveira i FICHA CATALOGRÁFICA ELABORADA PELA BIBLIOTECA DO IMECC DA UNICAMP Bibliotecária: Maria Fabiana Bezerra Müller – CRB8 / 6162 Oliveira, Thomaz Eduardo de Figueiredo OL4i Implementação em software de algoritmos de resumo criptográfico/Thomaz Eduardo de Figueiredo Oliveira-- Campinas, [S.P. : s.n.], 2011. Orientador : Julio César López Hernández. Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação. 1.Criptografia. 2.Hashing (Computação). 3.Arquitetura de computadores. I. López Hernández, Julio César. II. Universidade Estadual de Campinas. Instituto de Computação. III. Título. Título em inglês: Software implementation of cryptographic hash algorithms Palavras-chave em inglês (Keywords): Cryptography Hashing (Computer science) Computer architecture Área de concentração: Teoria da Computação Titulação: Mestre em Ciência da Computação Banca examinadora: Prof. Dr. Julio César López Hernández (IC – UNICAMP) Prof. Dr. Ricardo Dahab (IC – UNICAMP) Dr. José Antônio Carrijo Barbosa (CEPESC-ABIN) Data da defesa: 16/06/2011 Programa de Pós-Graduação: Mestrado em Ciência da Computação ii Instituto de Computa¸c~ao Universidade Estadual de Campinas Implementa¸c~aoem software de algoritmos de resumo criptogr´afico Thomaz Eduardo de Figueiredo Oliveira1 16 de junho de 2011 Banca Examinadora: • Prof. Dr. Julio C´esarL´opez Hern´andez IC/Universidade Estadual de Campinas (Orientador) • Prof. Dr. Ricardo Dahab IC/Universidade Estadual de Campinas • Dr. Jos´eAnt^onioCarrijo Barbosa CEPESC/Ag^enciaBrasileira de Intelig^encia • Prof. Dr. Paulo L´ıciode Geus (Suplente) IC/Universidade Estadual de Campinas • Prof. Dr. Routo Terada (Suplente) IME/Universidade de S~aoPaulo 1Suporte financeiro de: CNPq (processo 133033/2009-0) 2009{2011.
    [Show full text]
  • Data Intensive Dynamic Scheduling Model and Algorithm for Cloud Computing Security Md
    1796 JOURNAL OF COMPUTERS, VOL. 9, NO. 8, AUGUST 2014 Data Intensive Dynamic Scheduling Model and Algorithm for Cloud Computing Security Md. Rafiqul Islam1,2 1Computer Science Department, American International University Bangladesh, Dhaka, Bangladesh 2Computer Science and Engineering Discipline, Khulna University, Khulna, Bangladesh Email: [email protected] Mansura Habiba Computer Science Department, American International University Bangladesh, Dhaka, Bangladesh Email: [email protected] Abstract—As cloud is growing immensely, different point cloud computing has gained widespread acceptance. types of data are getting more and more dynamic in However, without appropriate security and privacy terms of security. Ensuring high level of security for solutions designed for clouds, cloud computing becomes all data in storages is highly expensive and time a huge failure [2, 3]. Amazon provides a centralized consuming. Unsecured services on data are also cloud computing consisting simple storage services (S3) becoming vulnerable for malicious threats and data and elastic compute cloud (EC2). Google App Engine is leakage. The main reason for this is that, the also an example of cloud computing. While these traditional scheduling algorithms for executing internet-based online services do provide huge amounts different services on data stored in cloud usually of storage space and customizable computing resources. sacrifice security privilege in order to achieve It is eliminating the responsibility of local machines for deadline. To provide adequate security without storing and maintenance of data. Considering various sacrificing cost and deadline for real time data- kinds of data for each user stored in the cloud and the intensive cloud system, security aware scheduling demand of long term continuous assurance of their data algorithm has become an effective and important safety, security is one of the prime concerns for the feature.
    [Show full text]
  • Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain
    I. J. Computer Network and Information Security, 2021, 2, 1-15 Published Online April 2021 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2021.02.01 Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain Alexandr Kuznetsov1 , Inna Oleshko2, Vladyslav Tymchenko3, Konstantin Lisitsky4, Mariia Rodinko5 and Andrii Kolhatin6 1,3,4,5,6 V. N. Karazin Kharkiv National University, Svobody sq., 4, Kharkiv, 61022, Ukraine E-mail: [email protected], [email protected], [email protected], [email protected], [email protected] 2 Kharkiv National University of Radio Electronics, Nauky Ave. 14, Kharkiv, 61166, Ukraine E-mail: [email protected] Received: 30 June 2020; Accepted: 21 October 2020; Published: 08 April 2021 Abstract: A blockchain, or in other words a chain of transaction blocks, is a distributed database that maintains an ordered chain of blocks that reliably connect the information contained in them. Copies of chain blocks are usually stored on multiple computers and synchronized in accordance with the rules of building a chain of blocks, which provides secure and change-resistant storage of information. To build linked lists of blocks hashing is used. Hashing is a special cryptographic primitive that provides one-way, resistance to collisions and search for prototypes computation of hash value (hash or message digest). In this paper a comparative analysis of the performance of hashing algorithms that can be used in modern decentralized blockchain networks are conducted. Specifically, the hash performance on different desktop systems, the number of cycles per byte (Cycles/byte), the amount of hashed message per second (MB/s) and the hash rate (KHash/s) are investigated.
    [Show full text]
  • A Fast New Cryptographic Hash Function Based on Integer Tent Mapping System
    JOURNAL OF COMPUTERS, VOL. 7, NO. 7, JULY 2012 1671 A Fast New Cryptographic Hash Function Based on Integer Tent Mapping System Jiandong Liu Information Engineering College, Beijing Institute of Petrochemical Technology, Beijing, China [email protected] Xiahui Wang, Kai Yang, Chen Zhao Information Engineering College, Beijing Institute of Petrochemical Technology, Beijing, China {Wnagxiahui, Yangkai0212, zhao_chen}@bipt.edu.cn Abstract—This paper proposes a novel one-way Hash collisions by SHA-1” by Wang and Yu is another function which is based on the Coupled Integer Tent breakthrough in the hash functions history [11]. Mapping System and termed as THA (THA-160, THA-256). Based on the MD iteration structure [3], the The THA-160 compresses a message of arbitrary length into conventional Hash functions (MDx and SHA) have many a fingerprint of 160 bits, well the THA-256 compresses a common design guidelines. The designs of their mixed message of arbitrary length into a fingerprint of 256 bits. The algorithm adopts a piecewise message expansion operations for each round are very similar, and all of scheme. Compared with SHA-1 and SHA-256 message them adopt integer modulo addition and logic function; expansion, the message expansion scheme has enhanced the therefore, many Hash functions have been breached degree of nonlinear diffusion of the message expansion, and successively within a short period of time, which thus increased the computation efficiency. In addition, as indicates the defects in the design of the Hash functions. the major nonlinear component of compression function, the In recent years, in order to obtain more secure hash traditional logic functions are replaced by the integer tent functions, the research on constructing one-way hash map, and so the scheme has ideal properties of diffusion and function has been carried out and it has achieved progress confusion.
    [Show full text]