A new and fast cryptographic hash function based on RC4

This article proposes a new cryptographic hash function, called RC4-BHF, which is designed to be both fast and secure. This is a new attempt to design a cryptographic hash function based on the RC4 algorithm. Since vulnerabilities have been discovered in many of the existing hash functions, it is beneficial to construct a hash function which has different internal structure, and RC4-BHF is such a new hash function. Moreover, RC4-BHF is suitable for ultra-low power devices, such as sensor node, which are normally equipped with 8-bit processors, and most other hash functions cannot be implemented efficiently or are not applicable. RC4-BHF can run much faster compared to the existing well-known hash functions and is exceptionally fast on 8-bit processors.     

Hardware implementation analysis of SHA-256 and SHA-512 algorithms on FPGAs

Hash functions are common and important cryptographic primitives, which are very critical for data integrity assurance and data origin authentication security services. Field programmable gate arrays (FPGAs) being reconfigurable, flexible and physically secure are a natural choice for implementation of hash functions in a broad range of applications with different area-performance requirements. In this paper, we explore alternative architectures for the implementation of hash algorithms of the secure hash standards SHA-256 and SHA-512 on FPGAs and study their area-performance trade-offs. As several 64-bit adders are needed in SHA-512 hash value computation, new architectures proposed in this paper implement modulo-64 addition as modulo-32, modulo-16 and modulo-8 additions with a view to reduce the chip area. Hash function SHA-512 is implemented in different FPGA families of ALTERA to compare their performance metrics such as area, memory, latency, clocking frequency and throughput to guide a designer to select the most suitable FPGA for an application. In addition, a common architecture is designed for implementing SHA-256 and SHA-512 algorithms.     

安全的程序混淆研究综述

程序混淆可以理解为一个编译器,它将源程序转化成一种不被理解的形式,但依然保持其功能特性。混淆的概念最早在代码混淆领域被提出,在软件保护、数字水印等领域有着实际的应用,但缺乏严格的安全分析与证明。混淆在密码学领域的研究最早由Barak等人引入,并提出了虚拟黑盒混淆的形式化定义及安全性要求。对密码函数的安全通用混淆研究具有非常重要的理论意义,其与随机预言机、全同态加密、零知识证明等其他密码原语有着紧密的联系。对具体密码函数的安全混淆在云计算、代理计算等领域也有着实际的应用价值。近年来,安全的程序混淆研究成为当前密码研究领域的一个热点。由于在Barak提出的标准定义下已证明不存在通用的安全混淆,因此后续的程序混淆方面的研究工作主要集中在3个方面：对具体函数类的混淆实现、混淆的新模型研究以及混淆与其他密码模型的关系研究及应用。文章给出了安全的程序混淆的一个研究综述,对对具体函数类的安全混淆、混淆模型的研究以及混淆的推广和应用都分别给出了一个较为详细的介绍。     

基于整数耦合帐篷映射的单向Hash函数及其性能分析

提出一种基于整数耦合帐篷映射的单向Hash函数,并对其特性进行了分析.提出的算法采用双向耦合映像格子模型,用整数帐篷映射取代了传统的逻辑函数,具有较为理想的混淆与扩散特性.应用该算法,可将任意长度的明文序列单向散列为160比特Hash值.实验与分析结果表明,这种Hash函数具有很好的单向性、抗碰撞性,满足单向Hash函数的各项性能要求.该算法全部采用有限整数集内的简单位操作完成,便于软硬件实现,并且有高的执行效率.     

一种快速的键控散列算法

介绍了MD5算法及对它的安全性能分析，提出了一个基于MD5的键控散列算法。新算法具有一个可变长度密钥，输出256位的报文鉴别码(MAC)。分析了新算法的安全性和运行效率，结果表明，该算法安全，运行效率高。     

基于密码信息技术的网上招投标安全解决方案

密码信息技术是实现网络安全的关键技术之一,本文首先介绍相关的密码信息技术,然后基于公钥基础设施(PKI)、对称加密、Hash函数和(t,n)门限密钥分配等密码技术提出解决网上招投标安全问题的方案,并且指出第三方认证机构(CA)在网上招投标安全中的地位。     

A Top-Down Design Methodology for Ultrahigh-Performance Hashing Cores

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec, and VPNs utilize hash functions, which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used—and those expected to be used in the near future—hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, SHA-512, and so forth. In the proposed methodology, five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160 percent throughput increase.     

Spatio–Temporal Transform Based Video Hashing

Identification and verification of a video clip via its fingerprint find applications in video browsing, database search and security. For this purpose, the video sequence must be collapsed into a short fingerprint using a robust hash function based on signal processing operations. We propose two robust hash algorithms for video based both on the discrete cosine transform (DCT), one on the classical basis set and the other on a novel randomized basis set (RBT). The robustness and randomness properties of the proposed hash functions are investigated in detail. It is found that these hash functions are resistant to signal processing and transmission impairments, and therefore can be instrumental in building database search, broadcast monitoring and watermarking applications for video. The DCT hash is more robust, but lacks security aspect, as it is easy to find different video clips with the same hash value. The RBT based hash, being secret key based, does not allow this and is more secure at the cost of a slight loss in the receiver operating curves     

Efficient and provably-secure certificateless short signature scheme from bilinear pairings

Certificateless public key cryptography is a recently proposed attractive paradigm which combines advantages of both certificate-based and ID-based public key cryptosystems as it avoids usage of certificates and does not suffer from key escrow. In this paper, we present a certificateless signature (CLS) scheme that is proved to be secure in the random oracle model under the hardness assumptions of k-CAA and Inv-CDHP. Our scheme upholds all desirable properties of previously proposed CLS schemes, and requires general cryptographic hash functions instead of the MapToPoint hash function which is inefficient. Furthermore, our scheme is significantly more efficient than all known CLS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest certificateless signatures so far. So it can be used widely, especially in low-bandwidth communication environments.     

密码服务系统研究综述

密码服务系统是将基本密码算法运算功能、密码资源管理功能以及密钥管理机制综合起来,面向上层安全应用提供密码安全服务的计算机系统。其中,安全服务是在已有密码设备功能或密码软件包功能的基础上面向上层安全应用进行了高度抽象、概括和集成的结果。从工程应用的角度对密码服务系统实现过程中的体系结构、密码算法、密钥管理及其相关硬件的研究进展进行了综述,分析了使用密码设备组建密码服务系统的方法、需求,基于安全应用的需求,结合对前人工作和市场现有产品的分析,指出了现有密码服务系统的设计与工程化实现中需要进一步研究的方面和问题。     

基于Hash函数的报文鉴别方法

基于当前网络通信中对报文鉴别码(MAC)的需求,介绍了Hash函数在密码学上的安全性质,分析了Hash函数在报文鉴别中的应用和针对Hash函数的主要攻击。在此基础之上,提出一种基于Hash函数的报文鉴别码——伪报文鉴别码(PMAC)。利用当前现有的Hash函数来构造MAC,而不改变原有的Hash函数的内部结构。在没有利用任何现有加密算法的基础上,仅应用一个密钥不仅对报文提供了鉴别,而且也提供了机密性。对该伪报文鉴别算法的安全性进行了初步分析。     

Cryptographic hash standards: where do we go from here?

Successful attacks against the two most commonly used cryptographic hash functions, MD5 and SHA-1, have triggered a kind of feeding frenzy in the cryptographic community. Many researchers are now working on hash function attacks, and we can expect new results in this area for the next several years. This article discusses the SHA-1 attack and the US National Institute of Standards and Technology's (NIST's) plans for SHA-1 and hash functions in general.     

Implementation of the SHA-2 Hash Family Standard Using FPGAs

The continued growth of both wired and wireless communications has triggered the revolution for the generation of new cryptographic algorithms. SHA-2 hash family is a new standard in the widely used hash functions category. An architecture and the VLSI implementation of this standard are proposed in this work. The proposed architecture supports a multi-mode operation in the sense that it performs all the three hash functions (256, 384 and 512) of the SHA-2 standard. The proposed system is compared with the implementation of each hash function in a separate FPGA device. Comparing with previous designs, the introduced system can work in higher operation frequency and needs less silicon area resources. The achieved performance in the term of throughput of the proposed system/architecture is much higher (in a range from 277 to 417%) than the other hardware implementations. The introduced architecture also performs much better than the implementations of the existing standard SHA-1, and also offers a higher security level strength. The proposed system could be used for the implementation of integrity units, and in many other sensitive cryptographic applications, such as, digital signatures, message authentication codes and random number generators.     

密码杂凑函数及其安全性分析

文章提出了针对密码杂凑函数及其安全性进行研究的重要意义,列举了单向杂凑函数、MD5、SHA-1等技术原理进行了技术分析,并从攻击手段入手,分析了密码杂凑函数的安全性,提出对SHA-1与MD-5的＂破解＂应客观看待的观点。     

Tokenization and Other Methods of Security for Cardholder Data

ABSTRACT

This paper compares the relative security strengths and practical use of tokenization with other cardholder data protection methods including truncation, masking, encryption, hash, and keyed hash. The usefulness of each method is described, and the subtle security weaknesses of combining methods are explored. Further, the inherent complexities of using cryptographic methods with sound key management practices are also presented.     

A survey of encryption standards

The author reviews encryption algorithms and standards, how they compare, how they differ, and where they are headed. Attention is given to secret-key cryptosystems, public-key cryptosystems, digital signature schemes, key-agreement algorithms, cryptographic hash functions, and authentication codes. Applications considered are secure electronic mail, secure communications, directory authentication and network management, banking, and escrowed encryption     

A survey of recent developments in cryptographic algorithms for smart cards

This article presents an update on recent developments in the area of cryptographic algorithms that are relevant for smart cards. It includes a review of the status of hash functions, block ciphers and stream ciphers and presents an update on authenticated or unforgeable encryption. Finally the issue of secure padding for the RSA algorithm is discussed and the status of Elliptic Curve Cryptography is briefly reviewed.     

Regular and almost universal hashing: an efficient implementation

Random hashing can provide guarantees regarding the performance of data structures such as hash tables – even in an adversarial setting. Many existing families of hash functions are universal: given two data objects, the probability that they have the same hash value is low given that we pick hash functions at random. However, universality fails to ensure that all hash functions are well behaved. We might further require regularity: when picking data objects at random they should have a low probability of having the same hash value, for any fixed hash function. We present the efficient implementation of a family of non‐cryptographic hash functions (PM+) offering good running times, good memory usage, and distinguishing theoretical guarantees: almost universality and component‐wise regularity. On a variety of platforms, our implementations are comparable with the state of the art in performance. On recent Intel processors, PM+ achieves a speed of 4.7 bytes per cycle for 32‐bit outputs and 3.3 bytes per cycle for 64‐bit outputs. We review vectorization through Single Instruction on Multiple Data instructions (e.g., AVX2) and optimizations for superscalar execution. Copyright © 2016 John Wiley & Sons, Ltd.     

一种改进的关系数据数字水印算法

介绍了Agrawal算法,针对其容易破坏数据的使用价值和具有属性顺序敏感性等不足之处,提出了引入百分比约束和按属性名的散列值对属性进行排序的改进策略,并给出了改进算法。仿真试验证明,改进后的算法能够更有效地保护数据的使用价值,摆脱了属性顺序攻击的威胁,实现了完全的盲检测,并且更加实用。     

Design and implementation of totally-self checking SHA-1 and SHA-256 hash functions’ architectures

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec and VPN's utilize hash functions - a special family of cryptographic algorithms. Hardware implementations of cryptographic hash functions provide high performance and increased security. However, potential faults during their normal operation cause significant problems in the authentication procedure. Hence, the on-time detection of errors is of great importance, especially when they are used in security-critical applications, such as military or space. In this paper, two Totally Self-Checking (TSC) designs are introduced for the two most-widely used hash functions: SHA-1 and SHA-256. To the best of authors’ knowledge, there is no previously published work presenting TSC hashing cores. The achieved fault coverage is 100% in the case of odd erroneous bits. The same coverage is achieved for even erroneous bits, if they are appropriately spread. Additionally, experimental results in terms of frequency, area, throughput, and power consumption are provided. Compared to the corresponding Duplicated with Checking (DWC) architectures, the proposed TSC-based designs are more efficient in terms of area, throughput/area, and power consumption. Specifically, the introduced TSC SHA-1 and SHA-256 cores are more efficient by 16.1% and 20.8% in terms of area and by 17.7% and 23.3% in terms of throughput/area, respectively. Also, compared to the corresponding DWC architectures, the proposed TSC-based designs are on average almost 20% more efficient in terms of power consumption.