Keyed hash function based on a chaotic map

Secure hash functions play a fundamental role in cryptographic and Web applications. They are mainly used, within digital signature schemes, to verify the integrity and authenticity of information. In this paper, we propose a simple and efficient keyed hash function based on a single chaotic map. Theoretical and simulation results demonstrate that the suggested scheme satisfies all cryptographic requirements of secure keyed hash functions such as strong confusion and diffusion capability, good collision resistance, high sensitivity to message and secret key, etc. Furthermore, it is fast and can be easily implemented through software or hardware. Moreover, the length of the hash value is flexible without any impact on the algorithm. This function is shown to have better statistical performance than many existing hash functions. Thus, the suggested hash function seems to be a good candidate as a secure keyed hash function for use in cryptographic applications.     

Hardware implementation analysis of SHA-256 and SHA-512 algorithms on FPGAs

Hash functions are common and important cryptographic primitives, which are very critical for data integrity assurance and data origin authentication security services. Field programmable gate arrays (FPGAs) being reconfigurable, flexible and physically secure are a natural choice for implementation of hash functions in a broad range of applications with different area-performance requirements. In this paper, we explore alternative architectures for the implementation of hash algorithms of the secure hash standards SHA-256 and SHA-512 on FPGAs and study their area-performance trade-offs. As several 64-bit adders are needed in SHA-512 hash value computation, new architectures proposed in this paper implement modulo-64 addition as modulo-32, modulo-16 and modulo-8 additions with a view to reduce the chip area. Hash function SHA-512 is implemented in different FPGA families of ALTERA to compare their performance metrics such as area, memory, latency, clocking frequency and throughput to guide a designer to select the most suitable FPGA for an application. In addition, a common architecture is designed for implementing SHA-256 and SHA-512 algorithms.     

An improved preimage attack against HAVAL-3

Hash functions play an important role in constructing cryptographic schemes that provide security services, such as confidentiality in an encryption scheme, authenticity in an authentication protocol and integrity in a digital signature scheme and so on. Such hash function is needed to process a challenge, a message, an identifier or a private key. In this paper, we propose an attack against HAVAL-3 hash function, which is used in open source Tripwire and is included in GNU Crypto. Under the meet-in-the-middle (MITM) preimage attack framework proposed by Aoki and Sasaki in 2008, the one-wayness of several (reduced-)hash functions had been broken recently. However, most of the attacks are of complexity close to brute-force search. Focusing on reducing the time complexity of such MITM attacks, we improve the preimage attacks against HAVAL-3 hash function to within lower time complexity and memory requirement, compared with the best known attack proposed by Sasaki and Aoki in ASIACRYPT 2008. Besides the 256-bit variant of HAVAL-3, similar improvements can be applied to some truncated variants as well. Interestingly, due to the low complexity of our attack, the preimage attack applies to the 192-bit variant of HAVAL-3 for the first time.     

Regular and almost universal hashing: an efficient implementation

Random hashing can provide guarantees regarding the performance of data structures such as hash tables – even in an adversarial setting. Many existing families of hash functions are universal: given two data objects, the probability that they have the same hash value is low given that we pick hash functions at random. However, universality fails to ensure that all hash functions are well behaved. We might further require regularity: when picking data objects at random they should have a low probability of having the same hash value, for any fixed hash function. We present the efficient implementation of a family of non‐cryptographic hash functions (PM+) offering good running times, good memory usage, and distinguishing theoretical guarantees: almost universality and component‐wise regularity. On a variety of platforms, our implementations are comparable with the state of the art in performance. On recent Intel processors, PM+ achieves a speed of 4.7 bytes per cycle for 32‐bit outputs and 3.3 bytes per cycle for 64‐bit outputs. We review vectorization through Single Instruction on Multiple Data instructions (e.g., AVX2) and optimizations for superscalar execution. Copyright © 2016 John Wiley & Sons, Ltd.     

Cryptographic hash standards: where do we go from here?

Successful attacks against the two most commonly used cryptographic hash functions, MD5 and SHA-1, have triggered a kind of feeding frenzy in the cryptographic community. Many researchers are now working on hash function attacks, and we can expect new results in this area for the next several years. This article discusses the SHA-1 attack and the US National Institute of Standards and Technology's (NIST's) plans for SHA-1 and hash functions in general.     

Implementation of the SHA-2 Hash Family Standard Using FPGAs

The continued growth of both wired and wireless communications has triggered the revolution for the generation of new cryptographic algorithms. SHA-2 hash family is a new standard in the widely used hash functions category. An architecture and the VLSI implementation of this standard are proposed in this work. The proposed architecture supports a multi-mode operation in the sense that it performs all the three hash functions (256, 384 and 512) of the SHA-2 standard. The proposed system is compared with the implementation of each hash function in a separate FPGA device. Comparing with previous designs, the introduced system can work in higher operation frequency and needs less silicon area resources. The achieved performance in the term of throughput of the proposed system/architecture is much higher (in a range from 277 to 417%) than the other hardware implementations. The introduced architecture also performs much better than the implementations of the existing standard SHA-1, and also offers a higher security level strength. The proposed system could be used for the implementation of integrity units, and in many other sensitive cryptographic applications, such as, digital signatures, message authentication codes and random number generators.     

格上基于身份哈希证明系统的新型构造

隐私保护是当前大数据信息时代所亟待解决的重要安全问题。而密码学是实现对内容和身份等隐私信息进行有效保护的关键理论和技术基础之一。基于身份哈希证明系统（Identity-based hash proof system）是一个基本的密码学原型,能够用来构造多种对隐私信息进行保护的密码方案。本文通过分析得知,已有基于格的基于身份哈希证明系统的密文尺寸较大,会对所构造密码方案的效率产生较大的影响。如何降低基于格的基于身份哈希证明系统的密文尺寸,是一个有意义的研究问题。为此,本文首先基于标准带错误学习（Learning with errors,简记为LWE）困难假设,在标准模型下构造了一个新的哈希证明系统,并利用随机格上离散高斯分布与光滑参数的性质,证明其是光滑（Smooth）的;再在随机谕言机（Random oracle）的作用下,利用Gentry等人所提出的原像抽样函数提取身份私钥,从而得到一个光滑并且密文尺寸较小的基于身份哈希证明系统。作为对所构造新型哈希证明系统的扩展,本文也在标准模型下提出一个可更新的哈希证明系统。最后,详细分析本文所提出新型构造的效率,并与已有相关构造进行对比。     

A Top-Down Design Methodology for Ultrahigh-Performance Hashing Cores

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec, and VPNs utilize hash functions, which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used—and those expected to be used in the near future—hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, SHA-512, and so forth. In the proposed methodology, five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160 percent throughput increase.     

On security arguments of the second round SHA-3 candidates

In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round. An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks. We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.     

Design of a new efficient and secure multi-secret images sharing scheme

We propose a new (n,n) multi-secret images sharing scheme that provides high level of provable security with fast sharing and reconstruction procedures. It uses simple Boolean operations conjointly with a secure stream cipher and a cryptographic hash function in order to enable an efficient sharing of n secret images among a set of n different participants. This approach overcomes the security weakness detected in existing similar schemes, and provides additional advantages such as high sensitivity to alterations and ability to share heterogeneous images having diverse resolutions. Obtained experimental results show the effectiveness and robustness of the method compared to existing schemes, particularly its ability to ensure higher security level with competitive computational performances.     

Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA

A simple way of creating new and very efficient distinguishers for cryptographic primitives, such as block ciphers or hash functions, is introduced. This technique is then successfully applied over reduced round versions of the block cipher TEA, which is proven to be weak with less than five cycles.     

TRESC: Towards redesigning existing symmetric ciphers

Recently, the security of existing symmetric cryptographic algorithms and protocols has been threatened by new performance challenges and vulnerabilities. In this paper, we propose a dynamic key-dependent approach, ”TRESC”, to make existing symmetric ciphers more efficient and robust. This can be done by using dynamic substitution and permutation primitives to reduce the number of rounds while providing better resistance against cryptanalysis and implementation attacks. In this paper, the Key Setup Algorithm (KSA) of Rivest Cipher 4 (RC4) and its modified variants are applied for the construction of these dynamic key-dependent substitution and permutation primitives. The selection of the RC4-KSA is due to its lightweight implementation since it requires simple permutation operation with minimal overhead. The proposed dynamic cryptographic solution can be integrated in any existing symmetric cipher such as Advanced Encryption Standard (AES), SIMON and SPECK. The security and performance analysis show the robustness and effectiveness of the proposed solution, which strikes a good balance between the required security level and system performance.     

Access control in a hierarchy using one-way hash functions

This paper presents a cryptographic key management solution to solve the access control problem in a hierarchy. Based on one-way hash functions, an efficient key assignment and derivation method is proposed. This solution uses limited number of keys and hash functions. Also, the dynamic access control problems, such as adding/deleting nodes, or modifying relationships between nodes in the hierarchy are considered and can be resolved.     

密码杂凑函数及其安全性分析

文章提出了针对密码杂凑函数及其安全性进行研究的重要意义,列举了单向杂凑函数、MD5、SHA-1等技术原理进行了技术分析,并从攻击手段入手,分析了密码杂凑函数的安全性,提出对SHA-1与MD-5的＂破解＂应客观看待的观点。     

A New Hash Competition

Since the discovery of collision attacks against several well-known cryptographic hash functions in 2004, a rush of new cryptanalytic results cast doubt on the current hash function standards. The relatively new NIST SHA-2 standards aren't yet immediately threatened, but their long-term viability is now in question. The US National Institute of Standards and Technology (NIST) has therefore begun an international competition to select a new SHA-3 standard. This article outlines the competition, its rules, the requirements for the hash function candidates, and the process that NIST will use to select the final winning SHA-3 standard.     

Enhanced short signature scheme with hybrid problems

Short digital signatures are always desirable; for instance, when a human is asked to key in the signature manually or it is necessary to work effectively in low-bandwidth communication, low-storage and low-computation environments. We propose a short signature scheme based on knapsack and Gap Diffie-Hellman (GDH) groups whose security is closely related to the discrete logarithm assumption in the random oracle model. Our new scheme offers a better security guarantee than existing signature schemes. Furthermore, our scheme upholds all desirable properties of previous ID-based signature schemes, and requires general cryptographic hash functions instead of MapToPoint hash function that is inefficient and probabilistic.     

一种快速的键控散列算法

介绍了MD5算法及对它的安全性能分析，提出了一个基于MD5的键控散列算法。新算法具有一个可变长度密钥，输出256位的报文鉴别码(MAC)。分析了新算法的安全性和运行效率，结果表明，该算法安全，运行效率高。     

应用于后量子密码的高速高效SHA-3硬件单元设计

随着量子计算技术的高速发展,传统的公钥密码体制正在遭受破译的威胁,将现有加密技术过渡到具有量子安全的后量子密码方案上是现阶段密码学界的研究热点。在现有的后量子密码(Post-Quantum Cryptography,PQC)方案中,基于格问题的密码方案由于其安全性,易实施性和使用灵活的众多优点,成为了最具潜力的PQC方案。SHA-3作为格密码方案中用于生成伪随机序列以及对关键信息散列的核心算子之一,其实现性能对整体后量子密码方案性能具有重要影响。考虑到今后PQC在多种设备场景下部署的巨大需求,SHA-3的硬件实现面临着高性能与有限资源开销相互制约的瓶颈挑战。对此,本文提出了一种高效高速的SHA-3硬件结构,这种结构可以应用于所有的SHA-3家族函数中。首先,本设计将64 bit轮常数简化为7 bit,既减少了轮常数所需的存储空间,也降低了运算复杂度。其次,提出了一种新型的流水线结构,这种新型结构相比于通常的流水线结构对关键路径分割得更加均匀。最后,将新型流水线结构与展开的优化方法结合,使系统的吞吐量大幅提高。本设计基于XilinxVirtex-6现场可编程逻辑阵列(FPGA)完成了原型实现,结果显示,所设计的SHA-3硬件单元最高工作频率可达459 MHz,效率达到14.71 Mbps/Slice。相比于现有的相关设计,最大工作频率提高了10.9%,效率提升了28.2%。     

New results on the genetic cryptanalysis of TEA and reduced-round versions of XTEA

Recently, a quick and simple way of creating very efficient distinguishers for cryptographic primitives such as block ciphers or hash functions, was presented and proved useful by the authors. In this paper, this cryptanalytic attack (named genetic cryptanalysis after its use of genetic algorithms) is shown to be successful when applied over reduced-round versions of the block cipher XTEA. Efficient distinguishers for XTEA are proposed for up to 4 cycles (8 rounds). Additionally, a variant of this genetic attack is also introduced, and their results over the block cipher TEA presented, which are the most powerful published to date.     

High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications

Hash functions are special cryptographic algorithms, which are applied wherever message integrity and authentication are critical. Implementations of these functions are cryptographic primitives widely used in common cryptographic schemes and security protocols such as Internet Protocol Security (IPSec) and Virtual Private Network (VPN). In this paper, a novel FPGA implementation of the Secure Hash Algorithm 1 (SHA-1) is proposed. The proposed architecture exploits the benefits of pipeline and re-timing of execution through pre-computation of intermediate temporal values. Pipeline allows division of the calculation of the hash value in four discreet stages, corresponding to the four required rounds of the algorithm. Re-timing is based on the decomposition of the SHA-1 expression to separate information dependencies and independencies. This allows pre-computation of intermediate temporal values in parallel to the calculation of other independent values. Exploiting the information dependencies, the fundamental operational block of SHA-1 is modified so that maximum operation frequency is increased by 30% approximately with negligible area penalty compared to other academic and commercial implementations. The proposed SHA-1 hash function was prototyped and verified using a XILINX FPGA device. The implementation’s characteristics are compared to alternative implementations proposed by the academia and the industry, which are available in the international IP market. The proposed implementation achieved a throughput that exceeded 2,5 Gbps, which is the highest among all similar IP cores for the targeted XILINX technology.