Abstract
We provide a survey about generic attacks on cryptographic hash constructions including hash-based message authentication codes and hash combiners. We look into attacks involving iteratively evaluating identical mappings many times. The functional graph of a random mapping also involves iteratively evaluating the mapping. These attacks essentially exploit properties of the functional graph. We map the utilization space of those properties from numerous proposed known attacks, draw a comparison among classes of attacks about their advantages and limitations. We provide a systematic exposition of concepts of cycles, deep-iterate images, collisions and their roles in cryptanalysis of iterated hash constructions. We identify the inherent relationship between these concepts, such that case-by-case theories about them can be unified into one knowledge system, that is, theories on the functional graph of random mappings. We show that the properties of the cycle search algorithm, the chain evaluation algorithm and the collision search algorithm can be described based on statistic results on the functional graph. Thereby, we can provide different viewpoints to support previous beliefs on individual knowledge. In that, we invite more sophisticated analysis of the functional graph of random mappings and more future exploitations of its properties in cryptanalysis.
Highlights
Cryptographers build cryptographic functions using an iterated construction to simplify the security proof of the new designs when developing them in theory and to ease the implementation of the designs when using them in practice
We provide a systematic exposition of concepts — cycles, deep-iterate images, collisions and their roles in cryptanalysis on iterated hash constructions
It turns out that techniques and toolbox used in generic attacks against cascade combiners have large overlaps with that used in attacks on parallel combiners, particular for the applications of the functional graph
Summary
Cryptographers build cryptographic functions using an iterated construction (which is the de-facto standard) to simplify the security proof of the new designs when developing them in theory and to ease the implementation of the designs when using them in practice. They encourage more generic attacks on hash designs built on MD construction including hash-based MACs and hash combiners These generic attacks profoundly exploit the iterative property and are efficient by taking advantage of observations on the functional graph of the underlying mapping. We show how old knowledge from research on random graphs and trees [RS67, Pro[74], Mut[88], FO89, FS09] became the theoretical basis of recent generic attacks on hash constructions [PSW12, LPW13, PW14, GPSW14, DL14, DL17, Din[16], BWGG17]. In the former line, researchers usually use profound and solid mathematical methods including combinatorial mathematics, complex analysis, and probability and statistics. We call for more joint effort between the two research areas to build a complete knowledge system
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have