检索结果-内蒙古大学图书馆

Improved boomerang attacks on round-reduced SM3 and keyed permutation of BLAKE-256

IET INFORMATION SECURITY 2015年第3期9卷 167-178页

作者： Bai, Dongxia Yu, Hongbo Wang, Gaoli Wang, Xiaoyun Tsinghua Univ Dept Comp Sci & Technol Beijing 100084 Peoples R China Donghua Univ Sch Comp Sci & Technol Shanghai 201620 Peoples R China Tsinghua Univ Inst Adv Study Beijing 100084 Peoples R China Shandong Univ Minist Educ Key Lab Cryptol Technol & Informat Secur Jinan 250100 Peoples R China Shandong Univ Sch Math Jinan 250100 Peoples R China

In this study, the authors study the security of hash functions SM3 and BLAKE-256 against boomerang attack. SM3 is designed by Wang et al. and published by Chinese Commercial Cryptography Administration Office for the use of electronic certification service system in China. BLAKE is one of the five finalists of the NIST SHA-3 competition submitted by Aumasson et al. For SM3, they present boomerang distinguishers for the compression function reduced to 34/35/36/37 steps out of 64 steps, with time complexities 2(31.4), 2(33.6), 2(73.4) and 2(192), respectively. Then, they show some incompatible problems existed in the previous boomerang attacks on SM3. Meanwhile, they launch boomerang attacks on up to 7- and 8-round keyed permutation of BLAKE-256, which are the first valid 7-round and 8-round boomerangs for BLAKE-256. Especially, since the author's distinguishers on 34/35-steps compression function of SM3 and 7-round keyed permutation of BLAKE-256 are practical, they are able to obtain boomerang quartets of these attacks. As far as they know, these are the best results against round-reduced SM3 and BLAKE-256.

关键词： cryptography boomerang attack round-reduced SM3 BLAKE-256 security hash function SM3 electronic certification service system compression function 7-round keyed permutation

来源：评论

学校读者我要写书评

暂无评论

Watch your constants: malicious Streebog

引用

IET INFORMATION SECURITY 2015年第6期9卷 328-333页

作者： AlTawy, Riham Youssef, Amr M. Concordia Univ Concordia Inst Informat Syst Engn Montreal PQ Canada

In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). In this study, the authors investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, they apply the rebound attack to find three solutions for three different differential paths for four rounds. Then, using the freedom of the round constants they connect them to obtain a collision for the 12 rounds of the compression function. Additionally, and because of the simple processing of the counter, they bypass the barrier of the checksum finalisation step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. Although the results of this study may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and widespread adoption by the security community.

关键词： cryptography Streebog hash function Russian cryptographic hash standard malicious hashing full hash function rebound attack compression function checksum finalisation step used parameters security community

来源：评论

学校读者我要写书评

暂无评论

Counter-bDM: A Provably Secure Family of Multi-Block-Length compression functions

Counter-<i>b</i>DM: A Provably Secure Family of Multi-Block-...

引用

7th International Conference on Cryptology in Africa (AFRICACRYPT)

作者： Abed, Farzaneh Forler, Christian List, Eik Lucks, Stefan Wenzel, Jakob Bauhaus Univ Weimar Weimar Germany

ISBN: (纸本)9783319067339;9783319067346

Block-cipher-based compression functions serve an important purpose in cryptography since they allow to turn a given block cipher into a one-way hash function. While there are a number of secure double-block-length compression functions, there is little research on generalized constructions. This paper introduces the Counter-bDM family of multi-block-length compression functions, which, to the best of our knowledge, is the first provably secure block-cipher-based compression function with freely scalable output size. We present generic collision-and preimage-security proofs for it, and compare our results with those of existing double-block-length constructions. Our security bounds show that our construction is competitive with the best collision-and equal to the best preimage-security bound of existing double-block-length constructions.

关键词： block cipher compression function hash function provable security

来源：评论

学校读者我要写书评

暂无评论

Rotational Rebound Attacks on Reduced Skein

引用

JOURNAL OF CRYPTOLOGY 2014年第3期27卷 452-479页

作者： Khovratovich, Dmitry Nikolic, Ivica Rechberger, Christian Univ Luxembourg Luxembourg Luxembourg Nanyang Technol Univ Singapore 639798 Singapore DTU Lyngby Denmark

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core-the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.

关键词： Skein SHA-3 Hash function compression function Cipher Rotational cryptanalysis Rebound attack Distinguisher

来源：评论

学校读者我要写书评

暂无评论

PAPR Reduction of OFDM Signals using Adaptive Companding Scheme

PAPR Reduction of OFDM Signals using Adaptive Companding Sch...

引用

18th International Conference on Applied Electronics

作者： Cuteanu, Eugen-Victor Politehn Univ Dept Commun Timisoara Romania

ISBN: (纸本)9788026101666

One of the main problems of the multicarrier communication systems based on Orthogonal Frequency Division Multiplexing is the high peak-to-average power ratio of the transmitted signal. This paper presents a new adaptive companding scheme which requires only few additional operations to improve the peak-to-average power ratio reduction. The paper highlights the performance and advantages of the proposed technique and compares it with other existing methods.

关键词： OFDM PAPR adaptive companding compression function

来源：评论

学校读者我要写书评

暂无评论

Improved Cryptanalysis of Reduced RIPEMD-160

Improved Cryptanalysis of Reduced RIPEMD-160

引用

19th International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT)

作者： Mendel, Florian Peyrin, Thomas Schlaeffer, Martin Wang, Lei Wu, Shuang Graz Univ Technol IAIK Graz Austria Nanyang Technol Univ Singapore Singapore

ISBN: (纸本)9783642420450;9783642420443

In this article, we propose an improved cryptanalysis of the double-branch hash function standard RIPEMD-160. Using a carefully designed non-linear path search tool, we study the potential differential paths that can be constructed from a difference in a single message word and show that some of these message words can lead to very good differential path candidates. Leveraging the recent freedom degree utilization technique from Landelle and Peyrin to merge two branch instances, we eventually manage to obtain a semi-free-start collision attack for 42 steps of the RIPEMD-160 compression function, while the previously best know result reached 36 steps. In addition, we also describe a 36-step semi-free-start collision attack which starts from the first step.

关键词： RIPEMD-160 semi-free-start collision compression function hash function

来源：评论

学校读者我要写书评

暂无评论

Limited-Birthday Distinguishers for Hash functions Collisions beyond the Birthday Bound Can Be Meaningful

Limited-Birthday Distinguishers for Hash Functions Collision...

引用

19th International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT)

作者： Iwamoto, Mitsugu Peyrin, Thomas Sasaki, Yu Univ Electrocommun Ctr Frontier Sci & Engn Chofu Tokyo Japan Nanyang Technol Univ Sch Phys & Math Sci Div Math Sci Singapore Singapore Nippon Telegraph & Tel Corp Secure Platform Labs Otemachi Japan

ISBN: (纸本)9783642420450;9783642420443

In this article, we investigate the use of limited-birthday distinguishers to the context of hash functions. We first provide a proper understanding of the limited-birthday problem and demonstrate its soundness by using a new security notion Differential Target Collision Resistance (dTCR) that is related to the classical Target Collision Resistance (TCR) notion. We then solve an open problem and close the existing security gap by proving that the best known generic attack proposed at FSE 2010 for the limited-birthday problem is indeed the best possible method. Moreover, we show that almost all known collision attacks are in fact more than just a collision finding algorithm, since the difference mask for the message input is usually fixed. A direct and surprising corollary is that these collision attacks are interesting for cryptanalysis even when their complexity goes beyond the 2(n/2) birthday bound and up to the 2(n) preimage bound, and can be used to derive distinguishers using the limited-birthday problem. Interestingly, cryptanalysts can now search for collision attacks beyond the 2(n/2) birthday bound. Finally, we describe a generic algorithm that turns a semi-free-start collision attack on a compression function (even if its complexity is beyond the birthday bound) into a distinguisher on the whole hash function when its internal state is not too wide. To the best of our knowledge, this is the first result that exploits classical semi-free-start collisions on the compression function to exhibit a weakness on the whole hash function. As an application of our findings, we provide distinguishers on reduced or full version of several hash functions, such as RIPEMD-128, SHA-256, Whirlpool, etc.(I)n this article, we investigate the use of limited-birthday distinguishers to the context of hash functions. We first provide a proper understanding of the limited-birthday problem and demonstrate its soundness by using a new security notion Differential Target Collision R

关键词： hash function compression function distinguisher limited-birthday semi-free-start collision differential target collision resistance

来源：评论

学校读者我要写书评

暂无评论

Tradeoff tables for compression functions: how to invert hash values

引用

TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES 2012年第1期20卷 57-70页

作者： Kara, Orhun Atalay, Adem TUBITAK BILGEM UEKAE Natl Res Inst Elect & Cryptol TR-41470 Gebze Kocaeli Turkey

Hash functions are one of the ubiquitous cryptographic functions used widely for various applications such as digital signatures, data integrity, authentication protocols, MAC algorithms, RNGs, etc. Hash functions are supposed to be one-way, i.e., preimage resistant. One interesting property of hash functions is that they process arbitrary-length messages into fixed-length outputs. In general, this can be achieved mostly by applying compression functions onto the message blocks of fixed length, recursively. The length of the message is incorporated as padding in the last block prior to the hash, a procedure called the Merkle-Damgard strengthening. In this paper, we introduce a new way to find preimages on a hash function by using a rainbow table of its compression function even if the hash function utilizes the Merkle-Damgard (MD) strengthening as a padding procedure. To overcome the MD strengthening, we identify the column functions as representatives of certain set of preimages, unlike conventional usage of rainbow tables or Hellman tables to invert one-way functions. As a different approach, we use the position of the given value in the table to invert it. The workload of finding a preimage of a given arbitrary digest value is 2(2n/3) steps by using 2(2n/3) memory, where n is both the digest size and the length of the chaining value. We give some extensions of the preimage attack on certain improved variants of MD constructions such as using output functions, incorporating the length of message blocks or using random salt values. Moreover, we introduce the notion of "near-preimage" and mount an attack to find near-prelinages. We generalize the attack when the digest size is not equal to the length of chaining value. We have verified the results experimentally, in which we could find a preimage in one minute for the 40-bit hash function, whereas the exhaustive search took roughly one week on a standard PC.

关键词： Cryptographic hash function compression function preimage resistance trade-off Hellman table rainbow table one-way function

来源：评论

学校读者我要写书评

暂无评论

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

引用

JOURNAL OF CRYPTOLOGY 2012年第4期25卷 748-779页

作者： Gauravaram, Praveen Knudsen, Lars R. Tech Univ Denmark Dept Math DK-2800 Lyngby Denmark

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean's method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with 'built-in' randomization. Finally,

关键词： Collision resistance compression function Davies-Meyer Digital signature Hash function Merkle-Damgard Randomized hashing RMX Second preimage resistance SHA-3 hash function competition

来源：评论

学校读者我要写书评

暂无评论

Cryptanalysis of the Reduced-Round Version of JH

Cryptanalysis of the Reduced-Round Version of JH

引用

6th International Symposium on Telecommunications (IST) with Emphasis on Information and Communication Technology

作者： Nourizadeh, Saeid Javanmardi, Mojtaba Sadeghiyan, Babak Amirkabir Univ Technol Dept Comp Engn & Informat Technol Tehran Polytech Tehran Iran

ISBN: (纸本)9781467320733

The JH hash function, introduced by Wu, is the one of the algorithms that was selected to the final round of SHA3 competition. In this paper, we are proud to present two kinds of attack on JH-512 hash function. One of them is a pre-image attack on the 10 rounds and the other is a collision attack on the 6 rounds of the compression function of JH. The former complexity is 2(325) and the later one has a complexity of 2(337). First of all, we consider JH hash function with the d=4 and explain the pre-image attack on it. And finally we give proper differential trails for the 512-bit version (d=8) of JH. Despite of the good result of this paper for breaking this hash function, the system has not broken till now.

关键词： JH hash function compression function differential cryptanalysis pre-image attack collision attack

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：