Integrated-Key Cryptographic Hash Functions

Integrated-Key Cryptographic Hash Functions

Integrated-Key Cryptographic Hash Functions submitted by Saif Mohammed S. A. Al-Kuwari for the degree of Doctor of Philosophy of the University of Bath Department of Computer Science September 2011 COPYRIGHT Attention is drawn to the fact that copyright of this thesis rests with its author. A copy of this thesis has been supplied on condition that anyone who consults it is understood to recognise that its copyright rests with the author and they must not copy it or use material from it except as permitted by law or with the consent of the author. This thesis may be made available for consultation within the University Library and may be photocopied or lent to other libraries for the purposes of consultation. Signature of Author . Saif Mohammed S. A. Al-Kuwari ¢lA ¯ ¨qyw A ¤ “I cannot succeed except through God” Abstract Cryptographic hash functions have always played a major role in most cryptographic applications. Traditionally, hash functions were designed in the keyless setting, where a hash function accepts a variable-length message and returns a fixed-length fingerprint. Unfortunately, over the years, significant weaknesses were reported on instances of some popular \keyless" hash functions. This has motivated the research community to start considering the dedicated-key setting, where a hash function is publicly keyed. In this approach, families of hash functions are constructed such that the individual members are indexed by different publicly-known keys. This has, evidently, also allowed for more rigorous security arguments. However, it turns out that converting an existing keyless hash function into a dedicated-key one is usually non-trivial since the underlying key- less compression function of the keyless hash function does not normally accommodate the extra key input. In this thesis we define and formalise a flexible approach to solve this problem. Hash functions adopting our approach are said to be constructed in the integrated-key setting, where keyless hash functions are seamlessly and transparently transformed into keyed variants by introducing an extra component accompanying the (still keyless) compression function to handle the key input separately outside the com- pression function. We also propose several integrated-key constructions and prove that they are collision resistant, pre-image resistant, 2nd pre-image resistant, indifferentiable from Random Oracle (RO), indistinguishable from Pseudorandom Functions (PRFs) and Unforgeable when instantiated as Message Authentication Codes (MACs) in the private key setting. We further prove that hash functions constructed in the integrated- key setting are indistinguishable from their variants in the conventional dedicated-key setting, which implies that proofs from the dedicated-key setting can be naturally re- duced to the integrated-key setting. i Acknowledgement First and foremost, all thanks and praised are due to God, for giving me the strength and patience to complete this thesis, like many other things in life. This project (and everything I have ever done) could not have been completed without his blessings. On Earth, I would like to thank my supervisors, Prof. James H. Davenport and Dr. Russell J. Bradford, for their support and supervision throughout my PhD. I was very fortunate to have been supervised by them, I would not have asked for better supervisors. James has always provided very insightful comments, which not only improved my thesis, but also even improved my understanding of my own work. I appreciate the endless emails we exchanged, even during weekends and his holidays. This thesis would not have been possible without all the time and effort he put in supervising it. I would also like to thank my examiners, Dr. Liqun Chen and Prof. Guy McCusker for their valuable comments on my thesis. Guy is also our director of studies so I would like to reiterate my gratitude to him, this time for his support as a director of research, especially in the first two years of my PhD. During the time I spent in Bath, I had the privilege to meet many great people. Unfortunately, this acknowledgement is too small to list them all, but I would like to particularly thank Dalia Khader, Anupriya Balikai, Ana Calderon, Martin Brain, Fabio Nemetz and Mayuree Srikulwong for their friendship and support through the years. From the university of Essex (where I did my undergraduate studies), I would like to thank Prof. Peter Higgins and Dr. Alexei Vernitski, who introduced me to the world of cryptography. When I first attended my first lecture in cryptography given by Alexei, I immediately knew that this topic (whose name I could not even pronounce correctly) would be an important part of my life. My interest in cryptography has further been boosted the following year when I opted to take a mathematically oriented cryptography course given by Prof. Higgins. I am also in dept to Dr. David Hunter who was my final year project supervisor. David taught me that research is a passion more than anything else, the more I do research the more I appreciate how right he was. Thanks to my family for always being there for me. Thanks to my mother for putting up with me being away for a long time, and for my father for being such a great role model. Thanks for the endless prayers of my grandmother and aunts, and for my lovely nieces and nephews who were born while I was abroad. I would also like to thank Alice and Bob for their great company in my long journey through the world of cryptography, they are truly my and every cryptographer's heroes. Finally, thanks to everyone who believed in me for giving me the opportunity to earn their trust, and for everyone who did not believe in me for giving me the opportunity to prove them wrong. ii Contents 1 Introduction1 1.1 Contributions.................................3 1.2 Notation....................................4 1.3 Preliminaries.................................6 1.4 Thesis Outline................................8 2 Security of Hash Functions 11 2.1 Introduction.................................. 11 2.2 Classical Properties.............................. 12 2.2.1 Collision-Resistance (CR)...................... 13 2.2.2 Pre-image Resistance (Pre)..................... 14 2.2.3 2nd Pre-image Resistance (Sec)................... 15 2.2.4 Other Properties........................... 15 2.3 Indifferentiability from RO ......................... 17 2.3.1 Game-playing............................. 21 2.3.2 Salvaging differentiable Constructions............... 21 2.4 Indistinguishability from PRF........................ 22 2.5 Unforgeability................................. 23 2.6 Other Notions................................. 24 2.7 Multi-Property-Preserving.......................... 25 2.8 Cryptographic Proofs............................ 27 2.9 Summary................................... 28 3 Design of Hash Functions 29 3.1 Introduction.................................. 29 3.2 Keyless vs. Keyed Hash Functions..................... 31 3.3 Iterative Hash Functions........................... 32 3.3.1 Merkle-Damg˚ardConstruction................... 32 iii 3.3.2 Generic Attacks Against Merkle-Damg˚ard............. 33 3.3.3 Variants of Merkle-Damg˚ard.................... 37 3.3.4 Sponge Construction......................... 43 3.4 Tree-based Hash Functions......................... 44 3.5 Compression Functions............................ 45 3.5.1 Hash Functions Based on Block and Stream Ciphers....... 45 3.5.2 Hash Functions Based on Mathematical Problems........ 47 3.5.3 Other Approaches.......................... 47 3.6 Summary................................... 48 4 Integrated-Key Hash Functions 49 4.1 Introduction.................................. 49 4.2 Integrated-key Hash Functions....................... 52 4.3 The iMD Constructions........................... 54 4.4 Security Analysis............................... 55 4.4.1 Collision Resistance (CR)...................... 56 4.4.2 2nd Pre-image Resistance (Sec)................... 61 4.4.3 Pre-image Resistance (Pre)..................... 65 4.5 Summary................................... 68 5 Indifferentiability of the iMD Constructions 69 5.1 Introduction.................................. 69 5.2 The iMD Constructions (Recalled)..................... 70 5.3 The Indifferentiability Framework...................... 71 5.4 The Indifferentiability proof......................... 72 5.4.1 The Distinguisher.......................... 73 5.4.2 The Proof............................... 74 5.5 Summary................................... 103 6 Indistinguishability and Unforgeability 104 6.1 Introduction.................................. 104 6.2 Composition and Indistinguishability.................... 107 6.2.1 Indistinguishability from the Dedicated-key Setting........ 108 6.2.2 Indistinguishability from PRF.................... 112 6.3 Unforgeability of the iMD Constructions.................. 112 6.4 Summary................................... 118 iv 7 Conclusion and Future Work 119 7.1 Preservation of Other Properties...................... 120 7.2 Unified Message Preservation........................ 120 7.3 Keyless Hash Functions from Keyed Ones................. 122 7.4 Integration Function Design......................... 122 7.5 Pre Proof in the Standard Model...................... 123 7.6 Final Remarks................................ 123 Bibliography 123 A Engineering Aspects of Hash Functions 139 A.1 Introduction.................................. 139 A.2 Efficiency Evaluation............................. 140 A.2.1 Software Optimisation.......................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    168 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us