Building Provably Secure Block Ciphers from Cryptographic Hash Functions

Building Provably Secure Block Ciphers from Cryptographic Hash Functions

International Journal of Computer Applications (0975 - 8887) Volume 176 - No.16, April 2020 Building Provably Secure Block Ciphers from Cryptographic Hash Functions Charles F. de Barros Department of Computer Science Federal University of Sao˜ Joao˜ del Rei Minas Gerais, Brazil ABSTRACT The former must satisfy certain criteria, such as confusion and diffusion, while the latter should have properties like collision This paper presents a proposal for the construction of provably resistance. It can be said that these primitives are inherently secure block ciphers based on cryptographic hash functions. different, mainly because block ciphers are reversible (it is always The core idea consists of using a hash function to generate possible to decrypt an encrypted message, given the proper key), pseudorandom strings to be combined with the message blocks. while hash functions are, by design, irreversible. Each one of these strings depend on the previous ciphertext block Nevertheless, there is a certain similarity in the way block ciphers (or the initialization vector, in the case of the first message block), and hash functions are built. In fact, both are based on iterations: the secret key k and a block key derived from k. One of the block ciphers consist of iterations of a round function, while hash main features of the proposed construction is that it allows keys of algorithms are built upon iterations of a compression function. As arbitrary length, since the key itself is never directly combined with a matter of fact, it is possible to build hash functions from block the message. Furthermore, even if an adversary manages to guess ciphers, due to the fact that block ciphers are natural compression all of the block keys, he can’t efficiently retrieve the master secret functions, which makes them suitable to be used at the core of key or the message, provided that the underlying hash function the so-called Merkle-Damgard˚ [1] construction for cryptographic is cryptographically secure. Finally, the proposal also embeds an hash functions. This is indeed the underlying design of well known authentication tag in the initialization vector. Hence, instead of cryptographic hash functions, such as MD5, SHA-1 and SHA-2 [2]. being randomly chosen, the IV is always dependent on the key Recently, NIST released SHA-3 [3], a new member of the Secure and the message, which is crucial to generate confusion, diffusion Hash Algorithm family of standards. This new cryptographic hash and avalanche effect, since any minor change in the key or in the function is actually based on a primitive family called Keccak message will cause the IV to be drastically different, due to the [4], which is built upon a new design principle known as sponge properties of the HMAC, and because of the chained nature of the construction. construction, this change will propagate to all ciphertext blocks. On the other hand, the construction of block ciphers from hash functions has already been proven possible. There are concrete General Terms examples in the literature, such as SHACAL [5] and its successor SHACAL-2, based on the compression functions of SHA-1 and Block Ciphers, Cryptographic Hash Functions, Symmetric-Key SHA-2, respectively. Nevertheless, the design principle of ciphers Criptography like SHACAL is different from the one presented in this paper. While SHACAL is based on turning the compression function of Keywords the underlying hash algorithm into a block cipher, the construction presented in this paper uses the entire hash function to generate Block Ciphers, Cryptographic Hash Functions, Symmetric-Key pseudorandom strings to be combined with the message blocks. Criptography There are also constructions of block ciphers based on a result due to [6], which shows how to obtain a secure block cipher from 1. INTRODUCTION three pseudorandom functions, combined in a three round Feistel Block ciphers and hash functions are fundamental primitives of network. These constructions typically use both hash functions and any cryptographic protocol. Although each serves a different stream ciphers as sources of pseudorandomness. BEAR and LION purpose, they are usually combined in order to achieve [7] are examples of provably secure block ciphers based on this different goals simultaneously, namely confidentiality, integrity and result. They are built upon a Feistel structure, in a DES-like manner, authentication. Authenticated encryption is a typical example in with BEAR using two hash function calls and one stream cipher which both primitives are combined, the block cipher being used to call, while LION uses the hash function once and calls the stream provide confidentiality, and the hash function being used to provide cipher twice. integrity and authentication, by means of an HMAC. This paper presents a new construction as an improvement of Since they are meant to achieve different cryptographic goals, the aforementioned examples in terms of efficiency. In fact, the block ciphers and hash functions have different design principles. proposed block cipher requires only two calls to a hash function per 1 International Journal of Computer Applications (0975 - 8887) Volume 176 - No.16, April 2020 message block. The first call takes as input the previous ciphertext changes in the input cause significant changes in the output. Put block, combined with the master secret key and a block key, and into more formal terms, if a single input bit is flipped, we expect outputs a string which enciphers the current message block. The every output bit to be flipped with probability 1=2. In other words, second call generates the block key from the master secret key to every time an input bit is changed, around 50% of the output bits be combined with the current ciphertext block, in order to produce will be changed. the string that will encipher the next message block. Note that a block cipher specifies how a single message block The proposed construction presents some interesting features, such is encrypted and decrypted. In order to determine how the entire as the possibility to use arbitrary length keys, since the message message (which can be larger than the block size) is processed, a blocks are never combined directly with the key, but with the result mode of operation must be specified. For instance, in the Electronic of a hash function. Furthermore, the construction is based on the CodeBook (ECB) mode, each message block is independently generation of block keys k0; k1; ··· ; k` from the master secret key encrypted. Consequently, decryption is also performed in an k. Even if an adversary manages to guess all of these block keys, independent way. This mode of operation is not considered secure, he is unable to efficiently retrieve the message or the master secret as similar message blocks will always be encrypted as similar key, provided that the hash function is cryptographically secure. ciphertext blocks, which reveals the relationship between the plaintext and the ciphertext. 1.1 Roadmap In the Cipher Block Chaining (CBC) mode of operation, each message block is XORed with the previous ciphertext block prior This paper is organized as follows: section 2 presents a brief to being encrypted. The first message block is XORed with review on block ciphers and cryptographic hash functions. In a randomly generated Initialization Vector (IV). Decryption is section 3, the construction of a block cipher based on hash performed in a similar way, XORing the result of each decrypted functions is presented in details. Section 4 discusses the security block with the previous ciphertext block. Other well known modes of the proposed construction. In section 5, experimental results of operation, such as Cipher FeedBack (CFB), Output FeedBack that corroborate the usability and security of the proposed block (OFB) and Counter (CTR), were designed to turn a block cipher cipher are presented. Finally, section 6 presents conclusions and into a stream cipher, as the encryption algorithm is used to generate final remarks. pseudorandom strings to be XORed with the message blocks. 2. THEORETICAL REVIEW 2.2 Cryptographic Hash Functions This section presents a brief theoretical review on block ciphers A hash function takes as input a message of arbitrary size and and cryptographic hash functions, discussing the major design returns a digest of fixed size. In other words, it is a function principles of these cryptographic primitives, such as confusion H: f0; 1g∗ ! f0; 1gn for some fixed value of n. A crucial feature and diffusion for block ciphers, and collision-resistance for hash of cryptographic hash functions is one-wayness. Roughly speaking, functions. a one-way function is easy to compute, but difficult to invert. In As usual, the set of binary strings of length n will be denoted by order to be cryptographically secure, a hash function H must satisfy n f0; 1g , and the set of binary strings of arbitrary length (including the following conditions: 0) shall be represented by f0; 1g∗. Concatenation of strings will be (1) Preimage resistance: given y 2 f0; 1gn, it is computationally denoted by jj, and the XOR operation by ⊕. The Hamming distance ∗ between two binary strings of the same length x and y corresponds infeasible to find x 2 f0; 1g such that H(x) = y; ∗ to the number of bits in which x and y differ. (2) Second preimage resistance: given x 2 f0; 1g , it is computationally infeasible to find x0 2 f0; 1g∗ such that 2.1 Block Ciphers H(x) = H(x0); (3) Collision resistance: it is computationally infeasible to find a Block ciphers, as the name itself suggests, process messages in pair x; x0, with x 6= x0, such that H(x) = H(x0). blocks of fixed length, generating fixed-size ciphertext blocks. The canonical construction of block ciphers consists of iterated Hash functions must also satisfy criteria related to diffusion and round functions.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    7 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us