V. Ruzhentsev
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher Florian Mendel1, Thomas Peyrin2, Christian Rechberger1, and Martin Schl¨affer1 1 IAIK, Graz University of Technology, Austria 2 Ingenico, France [email protected],[email protected] Abstract. In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Grøstl, and ECHO, and apply these attacks also to the AES. Our results improve upon and extend the rebound attack. Using the new techniques, we are able to extend the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Grøstl-256 output transformation3 and improve the semi-free-start collision attack on 6 rounds. Further, we present an improved known-key distinguisher for 7 rounds of the AES block cipher and the internal permutation used in ECHO. Keywords: hash function, block cipher, cryptanalysis, semi-free-start collision, known-key distinguisher 1 Introduction Recently, a new wave of hash function proposals appeared, following a call for submissions to the SHA-3 contest organized by NIST [26]. In order to analyze these proposals, the toolbox which is at the cryptanalysts' disposal needs to be extended. Meet-in-the-middle and differential attacks are commonly used. A recent extension of differential cryptanalysis to hash functions is the rebound attack [22] originally applied to reduced (7.5 rounds) Whirlpool (standardized since 2000 by ISO/IEC 10118-3:2004) and a reduced version (6 rounds) of the SHA-3 candidate Grøstl-256 [14], which both have 10 rounds in total. -
Cryptanalysis of Block Ciphers with New Design Strategies
Cryptanalysis of Block Ciphers with New Design Strategies Mohamed Tolba A Thesis in The Concordia Institute for Information Systems Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy (Information Systems Engineering) at Concordia University Montreal, Quebec, Canada October 2017 ©Mohamed Tolba, 2017 CONCORDIA UNIVERSITY SCHOOL OF GRADUATE STUDIES This is to certify that the thesis prepared By: Mohamed Tolba Entitled: Cryptanalysis of Block Ciphers with New Design Strategies and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Information Systems Engineering) complies with the regulations of the University and meets the accepted standards with re- spect to originality and quality. Signed by the final examining committee: Chair Dr. Theodore Stathopoulos External Examiner Dr. Huapeng Wu External to Program Dr. Anjali Agarwal Examiner Dr. Lingyu Wang Examiner Dr. Mohammad Mannan Thesis Supervisor Dr. Amr M. Youssef Approved by Dr. Chadi Assi, Graduate Program Director December 4th,2017 Dr. Amir Asif, Dean, Faculty of Engineering and Computer Science Abstract Cryptanalysis of Block Ciphers with New Design Strategies Mohamed Tolba, Ph.D. Concordia University, 2017 Block ciphers are among the mostly widely used symmetric-key cryptographic primitives, which are fundamental building blocks in cryptographic/security systems. Most of the public- key primitives are based on hard mathematical problems such as the integer factorization in the RSA algorithm and discrete logarithm problem in the DiffieHellman. Therefore, their security are mathematically proven. In contrast, symmetric-key primitives are usually not constructed based on well-defined hard mathematical problems. Hence, in order to get some assurance in their claimed security properties, they must be studied against different types of cryptanalytic techniques. -
Efficient Hashing Using the AES Instruction
Efficient Hashing Using the AES Instruction Set Joppe W. Bos1, Onur Özen1, and Martijn Stam2 1 Laboratory for Cryptologic Algorithms, EPFL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos,onur.ozen}@epfl.ch 2 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom [email protected] Abstract. In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockci- pher with AES, which allows us to exploit the recent AES instruction set (AES- NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL- 256. Although we primarily target architectures supporting AES-NI, our frame- work has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi- block-length hash functions in software. 1 Introduction Historically, the most popular way of constructing a hash function is to iterate a com- pression function that itself is based on a blockcipher (this idea dates back to Ra- bin [49]). This approach has the practical advantage—especially on resource-constrained devices—that only a single primitive is needed to implement two functionalities (namely encrypting and hashing). Moreover, trust in the blockcipher can be conferred to the cor- responding hash function. The wisdom of blockcipher-based hashing is still valid today. Indeed, the current cryptographic hash function standard SHA-2 and some of the SHA- 3 candidates are, or can be regarded as, blockcipher-based designs. -
International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, ISSN 2321-3469
International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469 PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD Nousheen R1, Shanmugapriya M2, Sujatha P3,Dhinakaran D4 Student, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 1,2,3 Assistant professor, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 4 ABSTRACT: Cloud computing is current trend in market .It reduce the cost and complexity of service providers by the means of capital and operational cost.It allows users to access application remotely. This construct directs cloud service provider to handle cost of servers, software updates,etc. If the session tokens are not properly protected, an attacker can hijack an active session and assume the identity of a user. To focusing on session hijacking and broken authenticationOTP is generated it will send user mail.Once the user is authenticatedthey will be split into virtual machine it is initiate to the upload process into the cloud.Thecloud user files are uploaded and stored in domain based .Also in our proposed system encryption keys are maintained outside of the IaaS domain.For encryption, we proposed RSA algorithm .For data owner file encryption, we use camellia algorithm. Finally the files are stored in the public cloud named CloudMe. Keywords: Cloud computing, session hijacking, OTP, Virtual machine, Iaas, CloudMe [1] INTRODUCTION Cloud computing is an information technology(IT) standard that enables universal access to share group of configurable system resource and higher-level services that can be quickly provisioned with minimal management effort, often over the internet. -
Analysis of the Kupyna-256 Hash Function
Analysis OF THE Kupyna-256 Hash Function Christoph DobrAUNIG Maria Eichlseder Florian Mendel FSE 2016 M I T + Permutation-based DESIGN 2 N H −1 H AES-like ROUND TRANSFORMATIONS I T ⊕ I 2 2 N N Similar TO Grøstl Modular ADDITIONS INSIDE www.iaik.tugraz.at The Kupyna Hash Function UkrAINIAN STANDARD DSTU 7564:2014 [Oli+15; Олi+15a] M1 M2 M T IV F F F Ω HASH 2 2 2 N N N N N 2 f256; 512g 1 / 14 www.iaik.tugraz.at The Kupyna Hash Function UkrAINIAN STANDARD DSTU 7564:2014 [Oli+15; Олi+15a] M1 M2 M T IV F F F Ω HASH 2 2 2 N N N N N 2 f256; 512g M I T + Permutation-based DESIGN 2 N H −1 H AES-like ROUND TRANSFORMATIONS I T ⊕ I 2 2 N N Similar TO Grøstl Modular ADDITIONS INSIDE 1 / 14 www.iaik.tugraz.at The Kupyna-256 Round TRANSFORMATIONS Kupyna-512: 8 × 16 state, 14 ROUNDS Kupyna-256: 8 × 8 state, 10 rounds: AddConstant SubBytes ShiftBytes MixBytes f3f3f3f3f3f3f3f3 f0f0f0f0f0f0f0f0 f0f0f0f0f0f0f0f0 S + f0f0f0f0f0f0f0f0 T : f0f0f0f0f0f0f0f0 f0f0f0f0f0f0f0f0 f0f0f0f0f0f0f0f0 f¯ı e¯ı d¯ı c¯ı b¯ı a¯ı 9¯ı 8¯ı 0I 1I 2I 3I 4I 5I 6I 7I T ⊕: S R = MB ◦ RB ◦ SB ◦ AC I 2 / 14 Destroys byte-alignment & MDS PROPERTY BrANCH NUMBER OF T + REDUCED FROM 9 TO ≤ 6: MB AC > MB > AC > X1:(00 00 00 00 00 00 00 00) 7−−!(00 00 00 00 00 00 00 00) 7−!(F3 F0 F0 F0 F0 F0 F0 70); > MB > AC > X2:(00 00 00 00 00 00 00 FF) 7−−!(DB C7 38 AB FF 24 FF FF) 7−!(CE B8 29 9C F0 15 F0 70); > MB > AC > ∆:(00 00 00 00 00 00 00FF ) 7−−!(DB C7 38 AB FF 24 FF FF) 7−!(3D 48 D9 6C 00 E5 00 00): www.iaik.tugraz.at Modular Constant Addition Prevent SAME TRAILS FOR T +, T ⊕ Grøstl INSTEAD HAS -
Rotational Rebound Attacks on Reduced Skein
Rotational Rebound Attacks on Reduced Skein Dmitry Khovratovich1;2, Ivica Nikoli´c1, and Christian Rechberger3 1: University of Luxembourg; 2: Microsoft Research Redmond, USA; 3: Katholieke Universiteit Leuven, ESAT/COSIC, and IBBT, Belgium [email protected], [email protected], [email protected] Abstract. In this paper we combine the recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach can also be applied to very different construc- tions. In more detail, we develop a number of techniques that extend the reach of both the inbound and the outbound phase, leading to rotational collisions for about 53/57 out of the 72 rounds of the Skein-256/512 com- pression function and the Threefish cipher. At this point, the results do not threaten the security of the full-round Skein hash function. The new techniques include an analytical search for optimal input values in the rotational cryptanalysis, which allows to extend the outbound phase of the attack with a precomputation phase, an approach never used in any rebound-style attack before. Further we show how to combine multiple inside-out computations and neutral bits in the inbound phase of the rebound attack, and give well-defined rotational distinguishers as certificates of weaknesses for the compression functions and block ciphers. Keywords: Skein, SHA-3, hash function, compression function, cipher, rotational cryptanalysis, rebound attack, distinguisher. 1 Introduction Rotational cryptanalysis and the rebound attack proved to be very effective in the analysis of SHA-3 candidates and related primitives. -
Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain
I. J. Computer Network and Information Security, 2021, 2, 1-15 Published Online April 2021 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2021.02.01 Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain Alexandr Kuznetsov1 , Inna Oleshko2, Vladyslav Tymchenko3, Konstantin Lisitsky4, Mariia Rodinko5 and Andrii Kolhatin6 1,3,4,5,6 V. N. Karazin Kharkiv National University, Svobody sq., 4, Kharkiv, 61022, Ukraine E-mail: [email protected], [email protected], [email protected], [email protected], [email protected] 2 Kharkiv National University of Radio Electronics, Nauky Ave. 14, Kharkiv, 61166, Ukraine E-mail: [email protected] Received: 30 June 2020; Accepted: 21 October 2020; Published: 08 April 2021 Abstract: A blockchain, or in other words a chain of transaction blocks, is a distributed database that maintains an ordered chain of blocks that reliably connect the information contained in them. Copies of chain blocks are usually stored on multiple computers and synchronized in accordance with the rules of building a chain of blocks, which provides secure and change-resistant storage of information. To build linked lists of blocks hashing is used. Hashing is a special cryptographic primitive that provides one-way, resistance to collisions and search for prototypes computation of hash value (hash or message digest). In this paper a comparative analysis of the performance of hashing algorithms that can be used in modern decentralized blockchain networks are conducted. Specifically, the hash performance on different desktop systems, the number of cycles per byte (Cycles/byte), the amount of hashed message per second (MB/s) and the hash rate (KHash/s) are investigated. -
Minalpher V1.1
Minalpher v1.1 Designers Yu Sasaki, Yosuke Todo, Kazumaro Aoki, Yusuke Naito, Takeshi Sugawara, Yumiko Murakami, Mitsuru Matsui, Shoichi Hirose Submitters NTT Secure Platform Laboratories, Mitsubishi Electric Corporation, University of Fukui Contact [email protected] Version 1.1: 29 August 2015 Changes From v1.0 to v1.1 { Clarified the handling of illegal input length, specially, when a ciphertext length is not a multiple of a block. { Updated the numbers for software implementation on x86 64. { Added references which are found after the submission of v1.0. { Corrected typos. 2 1 Specification Section 1.1 specifies the mode of operation of Minalpher. Section 1.2 shows the exact parameters in our design. Section 1.3 defines the maximum input message length to Minalpher. Section 1.4 specifies the underlying primitive in Minalpher. 1.1 Mode of Operation Minalpher supports two functionalities: authenticated encryption with associated data (AEAD) and mes- sage authentication code (MAC). In this section, we specify these modes of operation. Subsection 1.1.1 gives notations used in the modes of operation. Subsection 1.1.2 specifies a padding rule used in the modes of operation. Subsection 1.1.3 specifies a primitive which we call tweakable Even- Mansour. The construction dates back to Kurosawa [27, 28], who builds a tweakable block-cipher from a permutation-based block-cipher proposed by Even and Mansour [18]. Tweakable block-ciphers are originated by Liskov, Rivest and Wagner [33]. Subsection 1.1.4 specifies the AEAD mode of operation. Subsection 1.1.5 specifies the MAC mode of operation. -
Cryptanalysis of the Round-Reduced Kupyna Hash Function
Cryptanalysis of the Round-Reduced Kupyna Hash Function Jian Zou1;2, Le Dong3 1Mathematics and Computer Science of Fuzhou University, Fuzhou, China, 350108 2Key Lab of Information Security of Network Systems (Fuzhou University), Fuzhou, China, China, 350108 3 College of Mathematics and Information Science, Henan Normal University, Xinxiang, China, 453007 [email protected], [email protected] Abstract. The Kupyna hash function was selected as the new Ukrainian standard DSTU 7564:2014 in 2015. It is designed to replace the old In- dependent States (CIS) standard GOST 34.311-95. The Kupyna hash function is an AES-based primitive, which uses Merkle-Damg˚ardcom- pression function based on Even-Mansour design. In this paper, we show the first cryptanalytic attacks on the round-reduced Kupyna hash func- tion. Using the rebound attack, we present a collision attack on 5-round of the Kupyna-256 hash function. The complexity of this collision at- tack is (2120; 264) (in time and memory). Furthermore, we use guess-and- determine MitM attack to construct pseudo-preimage attacks on 6-round Kupyna-256 and Kupyna-512 hash function, respectively. The complex- ity of these preimage attacks are (2250:33; 2250:33) and (2498:33; 2498:33) (in time and memory), respectively. Key words: Kupyna, preimage attack, collision attack, rebound attack, meet-in-the-middle, guess-and-determine 1 Introduction Cryptographic hash functions are playing important roles in the modern cryp- tography. They have many important applications, such as authentication and digital signatures. In general, hash function must satisfy three security require- ments: preimage resistance, second preimage resistance and collision resistance. -
Rebound Attacks on Stribog
Rebound Attacks on Stribog B Riham AlTawy( ), Aleksandar Kircanski, and Amr M. Youssef Concordia Institute for Information Systems Engineering, Concordia University, Montr´eal, QC H4B 1R6, Canada r [email protected] Abstract. In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11–2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities 28 and 240, respectively. Finally, the compression function is analyzed and a 7.75 round semi free- start collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 50 out of 64 bytes near colliding message pair. Keywords: Cryptanalysis · Hash functions · Meet in the middle · Rebound attack · GOST R 34.11-2012 · Stribog 1 Introduction Wang et al. attacks on MD5 [21] and SHA-1 [20] followed by the SHA-3 compe- tition [3] have led to a flurry in the area of hash function cryptanalysis where different design concepts and various attack strategies were introduced. Many of the proposed attacks were not only targeting basic properties but they also stud- ied any non-ideal behaviour of the hash function, compression function, internal cipher, or the used domain extender. -
CRYPTREC Report 2009 暗号方式委員会報告書
CRYPTREC Report 2009 平成22年3月 独立行政法人情報通信研究機構 独立行政法人情報処理推進機構 「暗号方式委員会報告」 目次 はじめに ······················································· 1 本報告書の利用にあたって ······································· 2 委員会構成 ····················································· 3 委員名簿 ······················································· 4 第 1 章 活動の目的 ··················································· 7 1.1 電子政府システムの安全性確保 ··································· 7 1.2 暗号方式委員会 ················································· 8 1.3 電子政府推奨暗号リスト ········································· 9 1.4 活動の方針 ····················································· 9 第 2 章 電子政府推奨暗号リスト改訂について ·························· 11 2.1 改訂の背景 ··················································· 11 2.2 改訂の目的 ··················································· 11 2.3 電子政府推奨暗号リスト改訂のための暗号技術公募(2009 年度) ····· 12 2.3.1 公募の概要 ·············································· 12 2.3.2 2009 年度公募カテゴリ ···································· 12 2.3.3 公募期間 ················································ 13 2.3.4 評価スケジュール ········································ 13 2.3.5 評価項目 ················································ 14 2.3.6 応募暗号技術 ············································ 14 2.3.7 事務局選出技術 ·········································· 15 2.3.8 CRYPTREC シンポジウムの開催 ······························ 15 2.4 CRYPTREC シンポジウム 2010―応募暗号説明会―について ··········· 16 2.4.1 開催目的 ················································ 16 2.4.2 プログラムの概要 ········································ 16 2.4.3 意見・コメントの概要 ···································· -
Embeddability Is One of the Most Important Properties for Dedicate Interconnection Networks
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING XX, XXX-XXX (201X) Cryptanalysis of the Round-Reduced Kupyna 1,2 3 JIAN ZOU , LE DONG 1Mathematics and Computer Science of Fuzhou University, Fuzhou, China, 350108 2Key Lab of Information Security of Network Systems (Fuzhou University), Fuzhou, China, 350108 3 Henan Engineering Laboratory for Big Data Statistical Analysis and Optimal Control, Henan Normal University, Xinxiang, China, 453007 E-mail: {[email protected], [email protected]} Kupyna was approved as the new Ukrainian hash standard in 2015. In this paper, we show several pseudo-preimage attacks and collision attacks on Kupyna. Due to the wide-pipe design, it is hard to construct pseudo-preimage attacks on Kupyna. Combining the meet-in-the-middle attack with the guess-and-determine technique, we propose some pseudo-preimage attacks on the compression function for 5-round Kupyna-256 and 7-round Kupyna-512. The complexities of these two pseudo-preimage attacks are 2229.5 (for 5-round Kupyna-256) and 2499 (for 7-round Kupyna-512) respectively. Regarding the collision attack, we can not only construct a collision attack on the 7-round Kupyna-512 compression function with a complexity of 2159.3, but also construct a colli- sion attack on the 5-round Kupyna-512 hash function with a complexity of 2240. Key words: Kupyna, pseudo-preimage, collision, rebound attack, meet-in-the-middle. 1 INTRODUCTION Cryptographic hash functions are playing important roles in the modern cryptography. In general, hash function must satisfy three security requirements: preimage resistance, second preimage resistance and collision resistance. Regarding the preimage attack, the meet-in-the-middle (MitM) attack proposed by Aoki and Sasaki [1] was a generic method to construct preimage attacks against hash function.