Attacks on Fast Double Block Length Hash Functions

The security of hash functions based on a block cipher with a block length of m bits and a key length of k bits, where , is considered. New attacks are presented on a large class of iterated hash functions with a 2m -bit hash result which processes in each iteration two message blocks using two encryptions. In particular, the attacks break three proposed schemes: Parallel-DM, the PBGV hash function, and the LOKI DBH mode. Received 1 March 1996 and revised 16 December 1996     

A Simple Variant of the Merkle–Damg?rd Scheme with?a?Permutation

We propose a new composition scheme for hash functions. It is a variant of the Merkle–Damg?rd construction with a permutation applied right before the processing of the last message block. We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions. We also study the security of simple MAC constructions out of this scheme. Finally, we discuss the random oracle indifferentiability of this scheme with a double-block-length compression function or the Davies–Meyer compression function composed of a block cipher.     

Quark: A Lightweight Hash

The need for lightweight (that is, compact, low-power, low-energy) cryptographic hash functions has been repeatedly expressed by professionals, notably to implement cryptographic protocols in RFID technology. At the time of writing, however, no algorithm exists that provides satisfactory security and performance. The ongoing SHA-3 Competition will not help, as it concerns general-purpose designs and focuses on software performance. This paper thus proposes a novel design philosophy for lightweight hash functions, based on the sponge construction in order to minimize memory requirements. Inspired by the stream cipher Grain and by the block cipher KATAN (amongst the lightest secure ciphers), we present the hash function family Quark, composed of three instances: u-Quark, d-Quark, and s-Quark. As a sponge construction, Quark can be used for message authentication, stream encryption, or authenticated encryption. Our hardware evaluation shows that Quark compares well to previous tentative lightweight hash functions. For example, our lightest instance u-Quark conjecturally provides at least 64-bit security against all attacks (collisions, multicollisions, distinguishers, etc.), fits in 1379 gate-equivalents, and consumes on average 2.44 μW at 100 kHz in 0.18 μm ASIC. For 112-bit security, we propose s-Quark, which can be implemented with 2296 gate-equivalents with a power consumption of 4.35 μW.     

杂凑算法的对偶问题

杂凑算法往往具有很高的杂凑速率,如MD_x(x版本的杂凑算法),SHA(数据杂凑标准)等。一个自然的问题是能否利用快速安全的杂凑算法构造相应的分组加密算法呢?本文把这个问题称为杂凑算法的对偶问题,本文试图用现有的结果证明给定一个安全快速的杂凑算法可以构造一个安全快速的分组加密算法。     

支持国产密码算法的高速PCIe密码卡的设计与实现

密码卡在信息安全领域发挥着重要作用,但当前密码卡存在性能不足的问题,难以满足高速网络安全服务的需要。该文提出一种基于MIPS64多核处理器的高速PCIe密码卡的设计与系统实现方法,支持SM2/3/4国产密码(GM)算法以及RSA, SHA, AES等国际密码算法,系统包括硬件模块,密码算法模块,主机驱动模块和接口调用模块;对SM3的实现提出一种优化方案,性能提升了19%;支持主机以Non-Blocking方式发送请求,单进程应用即可获得密码卡满载性能。该卡在10核CPU下SM2签名和验证速度分别为18000次/s和4200次/s, SM3杂凑速度2200 Mbps, SM4加/解密速度8/10 Gbps,多项指标达到较高水平;采用1300 MHz主频16核CPU时,SM2/3的性能指标提高1倍,采用48核CPU时SM2签名速度可达到105次/s。     

基于混沌映射的散列函数构造及应用

文中对一个分段线性混沌映射进行构造复合,构建一个基于混沌映射的带秘密密钥的散列算法。算法以迭代初始点作为秘密密钥,基于密码块链模式实现对任意长度的明文序列产生128位的Hash值,一次加密多个字节,减少了混沌迭代次数,提高了加密速度。理论分析和实验结果表明,提出的Hash函数可满足所要求的单向性,初值和密钥敏感性,抗碰撞性和实时性等要求,可以方便、高效、安全的应用于身份认证中。     

Rotational Rebound Attacks on Reduced Skein

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.     

Hash function based on chaotic tent maps

In cryptographic applications, hash functions are used within digital signature schemes to provide data integrity (e.g., to detect modification of an original message). In this brief, we propose a new 2/spl lscr/ -bit iterated hash function based on chaotic tent maps. This hash function can be expected to have at least the same computational security against target attack, free-start target attack, collision attack, semi-free-start collision attack, and free-start collision attack as DM scheme.     

Construction of secure and fast hash functions using nonbinary error-correcting codes

This paper considers iterated hash functions. It proposes new constructions of fast and secure compression functions with nl-bit outputs for integers n>1 based on error-correcting codes and secure compression functions with l-bit outputs. This leads to simple and practical hash function constructions based on block ciphers such as the Data Encryption Standard (DES), where the key size is slightly smaller than the block size; IDEA, where the key size is twice the block size; Advanced Encryption Standard (AES), with a variable key size; and to MD4-like hash functions. Under reasonable assumptions about the underlying compression function and/or block cipher, it is proved that the new hash functions are collision resistant. More precisely, a lower bound is shown on the number of operations to find a collision as a function of the strength of the underlying compression function. Moreover, some new attacks are presented that essentially match the presented lower bounds. The constructions allow for a large degree of internal parallelism. The limits of this approach are studied in relation to bounds derived in coding theory.     

A fast software one-way hash function

One way hash functions are an important cryptographic primitive, and can be used to solve a wide variety of problems involving authentication and integrity. It would be useful to adopt a standard one-way hash function for use in a wide variety of systems throughout the world. Such a standard one-way hash function should be easy to implement, use, and understand; resistant to cryptographic attack, and should be fast when implemented in software. We present a candidate one-way hash function which appears to have these desirable properties. Further analysis of its cryptographic security is required before it can be considered for widespread use.     

带消息填充的 29 步 SM3 算法原根和伪碰撞攻击简

基于中间相遇攻击技术,提出了一种针对密码杂凑函数SM算法的原根攻击和伪碰撞攻击方法,给出了从第1步开始的带消息填充的29步SM3算法的原根攻击和伪碰撞攻击。结果表明：对于29步SM3算法的原根攻击的时间复杂度为2254;对于29步SM3伪碰撞攻击的时间复杂度为2125。说明从第1步开始的带消息填充的29步SM3算法不能抵抗原根攻击和伪碰撞攻击。     

扩展整数帐篷映射与动态散列函数

在分析扩展整数帐篷映射均匀分布特性的基础上,提出一种输出长度为160bit的动态散列函数构造方案.另外,对MD结构进行了改进,在无需扩展中间状态的情况下,提高了散列函数抵抗部分消息碰撞攻击的能力.初步的安全性测试表明,这种散列函数具有很强的安全性,且实现简单、运行速度快,是传统散列函数的一种理想的替代算法.     

Robust Multi-Property Combiners for Hash Functions

A robust combiner for hash functions takes two candidate implementations and constructs a hash function which is secure as long as at least one of the candidates is secure. So far, hash function combiners only aim at preserving a single property such as collision-resistance or pseudorandomness. However, when hash functions are used in protocols like TLS they are often required to provide several properties simultaneously. We therefore put forward the notion of robust multi-property combiners and elaborate on different definitions for such combiners. We then propose a combiner that provably preserves (target) collision-resistance, pseudorandomness, and being a secure message authentication code. This combiner satisfies the strongest notion we propose, which requires that the combined function satisfies every security property which is satisfied by at least one of the underlying hash function. If the underlying hash functions have output length n, the combiner has output length 2n. This basically matches a known lower bound for black-box combiners for collision-resistance only, thus the other properties can be achieved without penalizing the length of the hash values. We then propose a combiner which also preserves the property of being indifferentiable from a random oracle, slightly increasing the output length to 2n+ω(logn). Moreover, we show how to augment our constructions in order to make them also robust for the one-wayness property, but in this case require an a priory upper bound on the input length.     

Design and Performance Analysis of a Unified, Reconfigurable HMAC-Hash Unit

Hash functions are important security primitives used for authentication and data integrity. Among the most popular hash functions are MD5, SHA-1, and RIPEMD-160, which are all based on the function MD4. This similarity can be exploited for designing a unified engine to perform all three hash functions. Hash message authentication code (HMAC) is a shared-key security algorithm that uses these hash functions alternatively for IPSec authentication. Since some other security applications, such as digital signature, also use these three hash functions, it is prudent to design a unified, reconfigurable engine that can perform any one of them alone or with HMAC. In this work, we design an HMAC-hash unit that can be reconfigured to perform one of six standard security algorithms; namely, MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. This paper applied pipelining and parallelism to the design of the HMAC-hash unit to improve throughput, especially for large message sizes. We achieved higher throughput than engines that integrated three hash functions or more and comparable throughput to those integrated only two hash functions.     

一种基于Hash函数的RFID安全认证方法

近年来,射频识别(RFID)技术得到越来越多的应用,随之而来的是各种RFID安全问题。对现有的基于Hash函数的RFID认证协议进行分析,针对现有技术存在的不足,提出了一种基于Hash函数的低成本的RFID双向安全认证方法,该方法只需要进行一次Hash函数计算,且加入了标签ID动态更新机制,通过在后台数据库中存储旧的标签ID解决同步问题,与现有技术相比具有一定的优越性。     

商密云存储系统应用研究

分析了云存储及其应用面临的安全需求,提出了以商用密码和云存储技术为基础的商密云存储业务系统。系统地介绍了商密云存储业务系统的系统架构及功能设计,并通过实施高强度安全认证、数据加密存储、统一密钥管理、数据传输加密以及安全隔离等安全机制,保障用户数据在网络传输、处理、存储等全流程的安全,最后从政企客户和公众客户两个层面提出商密云存储产品的服务形态设计思路。     

A note on leakage-resilient authenticated key exchange

Fathi et al. recently proposed a leakage-resilient authenticated key exchange protocol for a server-client model in mobility environment over wireless links. In the paper, we address flaws in a hash function used in the protocol. The direct use of the hash function cannot guarantee the security of the protocol. We also point out that a combination of the hash function and the RSA cryptosystem in the protocol may not work securely. To remedy these problems, we improve upon the protocol by modifying the hash function correctly.     

A Characterization of Chameleon Hash Functions and New,Efficient Designs

This paper shows that chameleon hash functions and Sigma protocols are equivalent. We provide a transform of any suitable Sigma protocol to a chameleon hash function, and also show that any chameleon hash function is the result of applying our transform to some suitable Sigma protocol. This enables us to unify previous designs of chameleon hash functions, seeing them all as emanating from a common paradigm, and also obtain new designs that are more efficient than previous ones. In particular, via a modified version of the Fiat–Shamir protocol, we obtain the fastest known chameleon hash function with a proof of security based on the standard factoring assumption. The increasing number of applications of chameleon hash functions, including on-line/off-line signing, chameleon signatures, designated-verifier signatures and conversion from weakly-secure to fully-secure signatures, make our work of contemporary interest.     

基于服务器-客户端的数据库系统的数据混合加密

数据库系统安全是构建信息管理系统的关键；在公钥密码系统的基础上，利用混沌映射产生的密码流对基于C／S结构的数据库数据进行加密，实现了每一个需要加密的记录对应一个密码的功能，极大地提高了数据库系统的可靠性；算法已实现，实践和理论分析表明，该算法具有很好的安全实用性。     

分组密码算法链接模式构造单向函数的可证安全性

为了促进可证安全性在密码学中的应用,我们对基于分组密码算法验证模式的单向函数进行了证明。认证模式是分组密码算法五种工作模式标准化新加入的一种,通过这一工作"教科书式密码"转化为现实的分组密码算法。通过安全性证明:分组密码算法的验证运算模式因为算法本身的强度而使得消息在保密和认证两方面都具备了可用的理论基础,是构造单向函数的一种合适的方法。