Evaluate the security margins of SHA-512, SHA-256 and DHA-256 against the boomerang attack评估飞去来器方法对 SHA-512, SHA-256 和 DHA-256 三种哈希函数的攻击效率

For an n-bit random permutation, there are three types of boomerang distinguishers, denoted as Type I, II and III, with generic complexities 2ⁿ, 2^n/3 and 2^n/2 respectively. In this paper, we try to evaluate the security margins of three hash functions namely SHA-512, SHA-256 and DHA-256 against the boomerang attack. Firstly, we give a boomerang attack on 48-step SHA-512 with a practical complexity of 2⁵¹. The correctness of this attack is verified by providing a Type III boomerang quartet. Then, we extend the existing differential characteristics of the three hash functions to more rounds. We deduce the sufficient conditions and give thorough evaluations to the security margins as follows: Type I boomerang method can attack 54-step SHA-512, 51-step SHA-256 and 46-step DHA-256 with complexities 2⁴⁸⁰, 2²¹⁸ and 2²³⁶ respectively. Type II boomerang method can attack 51-step SHA-512, 49-step SHA-256 and 43-step DHA-256 with complexities 2^158.50, 2^72.91 and 2^74.50 respectively. Type III boomerang method can attack 52-step SHA-512, 50-step SHA-256 and 44-step DHA-256 with complexities 2^223.80, 2^123.63 and 2^99.85 respectively.     

Cryptanalysis of GOST R hash function

GOST R 34.11-2012 is the new Russian hash function standard. This paper presents some cryptanalytic results on GOST R. Using the rebound attack technique, we achieve collision attacks on the reduced round compression function. Result on up to 9.5 rounds is proposed, the time complexity is 2¹⁷⁶ and the memory requirement is 2¹²⁸ bytes. Based on the 9.5-round collision result, a limited birthday distinguisher is presented. More over, a k-collision on 512-bit version of GOST R is constructed which shows the weakness of the structure used in GOST R.     

On the cryptanalysis of the hash function Fugue: Partitioning and inside-out distinguishers

Fugue is an intriguing hash function design with a novel shift-register based compression structure and has formal security proofs e.g. against collision attacks. In this paper, we present an analysis of Fugue?s structural properties, and describe our strategies to construct distinguishers for Fugue components.     

An improved preimage attack against HAVAL-3

Hash functions play an important role in constructing cryptographic schemes that provide security services, such as confidentiality in an encryption scheme, authenticity in an authentication protocol and integrity in a digital signature scheme and so on. Such hash function is needed to process a challenge, a message, an identifier or a private key. In this paper, we propose an attack against HAVAL-3 hash function, which is used in open source Tripwire and is included in GNU Crypto. Under the meet-in-the-middle (MITM) preimage attack framework proposed by Aoki and Sasaki in 2008, the one-wayness of several (reduced-)hash functions had been broken recently. However, most of the attacks are of complexity close to brute-force search. Focusing on reducing the time complexity of such MITM attacks, we improve the preimage attacks against HAVAL-3 hash function to within lower time complexity and memory requirement, compared with the best known attack proposed by Sasaki and Aoki in ASIACRYPT 2008. Besides the 256-bit variant of HAVAL-3, similar improvements can be applied to some truncated variants as well. Interestingly, due to the low complexity of our attack, the preimage attack applies to the 192-bit variant of HAVAL-3 for the first time.     

New related-key rectangle attacks on reduced AES-192 and AES-256

In this paper, we examine the security of reduced AES-192 and AES-256 against related-key rectangle attacks by exploiting the weakness in the AES key schedule. We find the following two new attacks: 9-round reduced AES-192 with 4 related keys, and 10-round reduced AES-256 with 4 related keys. Our results show that related-key rectangle attack with 4 related keys on 9-round reduced AES-192 requires a data complexity of about 2¹⁰¹ chosen plaintexts and a time complexity of about 2^174.8 encryptions, and moreover, related-key rectangle attack with 4 related keys on 10-round reduced AES-256 requires a data complexity of about 2^97.5 chosen plaintexts and a time complexity of about 2²⁵⁴ encryptions. These attacks are the first known attacks on 9-round reduced AES-192 and 10-round reduced AES-256 with only 4 related keys. Furthermore, we give an improvement of the 10-round reduced AES-192 attack presented at FSE2007, which reduces both the data complexity and the time complexity. Supported by the National Natural Science Foundation of China (Grant No. 60673072), and the National Basic Research Program of China (Grant No. 2007CB311201)     

A novel Hash algorithm construction based on chaotic neural network

An algorithm for constructing a one-way novel Hash function based on two-layer chaotic neural network structure is proposed. The piecewise linear chaotic map (PWLCM) is utilized as transfer function, and the 4-dimensional and one-way coupled map lattices (4D OWCML) is employed as key generator of the chaotic neural network. Theoretical analysis and computer simulation indicate that the proposed algorithm presents several interesting features, such as high message and key sensitivity, good statistical properties, collision resistance and secure against meet-in-the-middle attacks, which can satisfy the performance requirements of Hash function.     

A practical distinguisher for the Shannon cipher

In this paper, we present a practical linear distinguisher on the Shannon stream cipher. Shannon is a synchronous stream cipher that uses at most 256-bit secret key. In the specification for Shannon, designers state that the intention of the design is to make sure that there are no distinguishing attacks on Shannon requiring less than 2⁸⁰ keystream words and less than 2¹²⁸ computations. In this work we use the Crossword Puzzle attack technique to construct a distinguisher which requires a keystream of length about 2³¹ words with workload about 2³¹.     

基于Hash函数的无线传感器网络密钥预分配方案

密钥分配是无线传感器网络通信安全的基础。在Echenauer和Gligor的随机密钥预分配方案的基础上，提出了一个基于Hash函数的密钥预分配方案。该方案利用Hash函数来计算出节点中部分的预置密钥，用Hash函数的单向运算特性来增强网络抵抗攻击的能力。分析表明，与现有的密钥预分配方案相比，该方案的计算负载小，安全性能高，更适合于无线传感器网络。     

链接变量循环的Hash函数结构

现有的Hash函数基本上都是根据Merkle-Damg?ard结构设计的。基于Merkle-Damg?ard结构易受到长度扩展攻击、多碰撞攻击、Herding攻击等这些缺陷,设计了一种链接变量循环的Hash结构,该结构是基于宽管道Hash结构的,具有大的内部状态,可以有效抵抗上述针对Merkle-Damg?ard结构的攻击。结构具有可分析的安全性,可以提高Hash函数的性能,尤其是基于数学困难问题的Hash算法,增加了消息块对Hash值的作用。     

基于分段Logistic映射的并行Hash函数构造算法

分段后的Logistic映射比原映射具有更好的密码学性能。采用并行处理的思路,基于分段Logistic映射提出一种Hash函数的方法。该方法在初始化阶段,通过混沌映射的迭代实现了消息块之间的相互影响与扩散,可有效防止对并行Hash函数的伪造攻击。对初始化后的消息块,采用并行方式产生中间输出结果,有效提高了算法的运行速度。理论分析和实验仿真的结果表明,该算法很好地利用了混沌映射的特性,具有良好的明文消息敏感性、抗碰撞性,且运行速度快,能够满足实际的信息安全应用需要。     

基于Rijindael的安全Hash函数

该文提出了基于分组密码算法Rijindael的安全Hash函数。此Hash函数基于分组长度和密钥长度均为256比特的分组密码算法Rijindael-(256,256),其输出长度为256比特。并且该文证明了此Hash算法抵抗碰撞及作为单向函数的安全性。     

一种基于神经网络的Hash函数算法研究

如何设计高效、安全的带秘密密钥的单向函数一直是现代密码学研究中的一个热点。首先用神经网络来训练一维非线性分段映射产生混沌序列,并利用该模型产生的非线性序列构造带秘密密钥的Hash函数,该算法的优点之一是神经网络隐式混沌映射关系使直接获取映射关系变得困难,实验结果表明,这种算法具有对初值有高度敏感性、很好的单向性、弱碰撞性,较基于单一混沌映射的Hash函数具有更强的保密性能,且实现简单。     

Automatic search method for multiple differentials and its application on MANTIS

Rijndael is a substitution-permutation network (SPN) block cipher for the AES development process. Its block and key sizes range from 128 to 256 bits in steps of 32 bits, which can be denoted by Rijndael-b-k, where b and k are the block and key sizes, respectively. Among them, Rijndael-128-128/192/256, that is, AES, has been studied by many researchers, and the security of other large-block versions of Rijndael has been exploited less frequently. However, more attention has been paid to large-block versions of block ciphers with the fast development of quantum computers. In this paper, we propose improved impossible differential attacks on 10-round Rijndael-256-256, 10-round Rijndael-224-256, and 9-round Rijndael-224-224 using precomputation tables, redundancies of key schedules, and multiple impossible differentials. For 10-round Rijndael-256-256, the data, time, and memory complexities of our attack were approximately 2^244.4 chosen plaintexts, 2^240.1 encryptions, and 2^181.4 blocks, respectively. For 10-round Rijndael-224-256, the data, time, and memory complexities of our attack were approximately 2^214.4 chosen plaintexts, 2^241.3 encryptions, and 2^183.4 blocks, respectively. For 9-round Rijndael-224-224, the data, time, and memory complexities of our attack are approximately 2^214.4 chosen plaintexts, 2^113.4 encryptions, and 2^87.4 blocks, respectively, or 2^206.6 chosen plaintexts, 2^153.6 encryptions, and 2^111.6 blocks, respectively. To the best of our knowledge, our results are currently the best on Rijndael-256-256 and Rijndael-224-224/256.

     

Compression and decompression of images with discrete fuzzy transforms

In foregoing papers we have used the compression/decompression method of images based on the concept of discrete fuzzy transform (and its inverse) of a function f defined on a real interval with respect to the fuzzy sets A₁,…,A_n forming a fuzzy partition of such interval. Here we make a detailed experimental comparison with the similar method based on the fuzzy transforms F^↑ and F^↓ of f defined via a continuous triangular norm and its corresponding residuum, respectively. We consider some images of sizes 256 × 256 (pixels) extracted from the well-known database Corel Galery (Arizona Directory). By using the same compression rate in both methods, we have that the PSNR (Peak Signal to Noise Ratio) obtained with the discrete fuzzy transform (and its inverse) of f is more higher than the PSNR determined with the operators F^↑ and F^↓ defined via the usual Lukasiewicz, product and minimum triangular norms. Moreover, we compare our results with the classical JPEG method for values of compression rate approximately equal to those used in the previous methods.     

代数系统求解4轮Keccak-256原像攻击的完善

Keccak哈希函数是第三代安全哈希函数,具有可证明的安全性与良好的实现性能。讨论基于代数系统求解的4轮Keccak-256原像攻击,对已有的4轮原像攻击方法进行了完善,有效降低了理论复杂度。目前,4轮Keccak-256原像攻击的理论复杂度最低为2239,通过充分利用二次比特的因式之间的关系,在自由度相同的情况下,线性化更多的二次比特,将理论复杂度降低至2216。     

Cryptanalysis of Reduced-Round DASH

In ACISP 2008,the hash family DASH has been proposed by Billet et al.,which considers the design of Rijndael and RC6.DASH family has two variants that support 256-bit and 512-bit output length respectively.This paper presents the first third-party cryptanalysis of DASH-256 with a focus on the underlying block cipher A256.In particular,we study the distinguisher using differential and boomerang attack.As a result,we build a distinguishing attack for the compression function of DASH-256 with 8-round A256 using the differential cryptanalysis.Finally,we obtain a boomerang distinguisher of 9-round A256.     

Improved preimage attack on one-block MD4

MD4 is a hash function designed by Rivest in 1990. The design philosophy of many important hash functions, such as MD5, SHA-1 and SHA-2, originated from that of MD4. We propose an improved preimage attack on one-block MD4 with the time complexity 2⁹⁵ MD4 compression function operations, as compared to the 2^{107 1} complexity of the previous attack by Aoki et al. (SAC 2008). The attack is based on previous methods, but introduces new techniques. We also use the same techniques to improve the pseudo-preimage and preimage attacks on Extended MD4 with 2^25.2 and 2^12.6 improvement factor, as compared to previous attacks by Sasaki et al. (ACISP 2009).     

基于RBF神经网络和混沌映射的Hash函数构造

单向Hash函数在数字签名、身份认证和完整性检验等方面得到广泛的应用，也是现代密码领域中的研究热点。本文中，首先利用神经网络来训练一维非线性映射产生的混沌序列，然后利用改序列构造带秘密密钥的Hash函数，该算法的优点之一是神经网络隐藏混沌映射关系使得直接获得映射变得困难。模拟实验表明该算法具有很好的单向性、弱的碰撞性，较基于传统的Hash函数具有更强的保密性且实现简单。     

SHA-256输出序列的随机性研究

密码学中Hash函数能够用于数据完整性和消息认证以及数字签名,SHA-256是使用最广泛的一种Hash函数。针对SHA-256,用已有统计检测方法中的x2检验对其进行了随机性测试以及雪崩效应的测试,并对测试结果进行了分析讨论,指出了该算法中的一些不足之处,并验证了算法的有效性。     

Side-channel attacks on HIGHT with reduced masked rounds suitable for the protection of multimedia computing system

At CHES 2007, Biryukov and Knovratovich introduced a concept of side-channel attacks based on impossible collisions, and applied it to AES with reduced masked rounds. In this paper, we propose side-channel attacks on HIGHT (HIGh security and light weigHT) with the first 11, 12, 13 reduced masked rounds using impossible collision. Our best attacks on HIGHT with the first 11, 12 and 13 reduced masked rounds need 2¹⁷, 2³² and 2⁴⁰ chosen plaintexts and 2^23.6, 2^56.6 and 2^80.6 curve comparisons, respectively. They are the first known side-channel attacks on HIGHT with reduced masked rounds.