Hashing Modes Research Articles

Multilane Hashing Mode Suitable for Parallel Processing

Multilane Hashing Mode Suitable for Parallel Processing

MD5 및 HAS-160 해쉬 알고리즘을 통합한 면적 효율적인 설계에 관한 연구

This paper deals with hardware design which unifies MD5 and HAS-160 hash algorithms. Two algorithms get a message with arbitrary length and process message blocks divided into 512 bits each time and output a hash code with a fixed length. MD5 ouputs a hash code of 128 bits and HAS-160 a hash code of 160 bits. The unified hash core designed has 32% of slices overhead compared to HAS-160 core. However, there is only a fixed message buffer space used. The unified hash core which run a step in one clock cycle operates at 92MHz and has performance which digests a message in the speed of 724Mbps at MD5 and 581Mbps at HAS-160 hash mode. The unified hash core which is designed can be applicable to the areas such as E-commerce, data integrity and digital signature.

Meet-in-the-Middle Preimage Attacks on Hash Modes of Generalized Feistel and Misty Schemes with SP Round Function

We assume that the domain extender is the Merkle-Damgård (MD) scheme and he message is padded by a ‘1’, and minimum number of ‘0’s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-the-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

Known-Key Attacks on Generalized Feistel Schemes with SP Round Function

We present attacks on the generalized Feistel schemes, where each round function consists of a subkey XOR, S-boxes, and then a linear transformation (i.e. a Substitution-Permutation (SP) round function). Our techniques are based on rebound attacks. We assume that the S-boxes have a good differential property and the linear transformation has an optimal branch number. Under this assumption, we firstly describe known-key distinguishers on the type-1, -2, and -3 generalized Feistel schemes up to 21, 13 and 8 rounds, respectively. Then, we use the distinguishers to make several attacks on hash functions where Merkle-Damgård domain extender is used and the compression function is constructed with Matyas-Meyer-Oseas or Miyaguchi-Preneel hash modes from generalized Feistel schemes. Collision attacks are made for 11 rounds of type-1 Feistel scheme. Near collision attacks are made for 13 rounds of type-1 Feistel scheme and 9 rounds of type-2 Feistel scheme. Half collision attacks are made for 15 rounds of type-1 Feistel scheme, 9 rounds of type-2 Feistel scheme, and 5 rounds of type-3 Feistel scheme.

Preimage and Second-Preimage Attacks on PGV Hashing Modes of Round-Reduced ARIA, Camellia, and Serpent

Preimage and Second-Preimage Attacks on PGV Hashing Modes of Round-Reduced ARIA, Camellia, and Serpent

Secure hash function based on neural network

A hash function is constructed based on a three-layer neural network. The three neuron-layers are used to realize data confusion, diffusion and compression, respectively, and the multi-block hash mode is presented to support the plaintext with variable length. Theoretical analysis and experimental results show that this hash function is one-way, with high key sensitivity and plaintext sensitivity, and secure against birthday attacks or meet-in-the-middle attacks. Additionally, the neural network's property makes it practical to realize in a parallel way. These properties make it a suitable choice for data signature or authentication.

A Detailed Analysis of SAFER K

In this paper we analyze the block cipher SAFER K. First, we show a weakness in the key schedule, that has the effect that for almost every key there exists on the average three and a half other keys such that the encryptions of plaintexts different in one of eight bytes yield ciphertexts also different in only one byte. Moreover, the differences in the keys, plaintexts, and ciphertexts are in the same byte. This enables us to do a related-key chosen plaintext attack on SAFER K, which finds the secret key. Also, the security of SAFER K, when used in standard hashing modes, is greatly reduced, which is illustrated. Second, we propose a new key schedule for SAFER K avoiding these problems. Third, we do differential cryptanalysis of SAFER K. We consider truncated differentials and apply them in an attack on five-round SAFER K, which finds the secret key much faster than by an exhaustive search.

Cryptanalysis of LOKI

<p>In 1990 Brown, Pieprzyk and Seberry proposed a new encryption primitive, which encrypts and decrypts a 64-bit block of data using a 64-bit key. Furthermore they propose a way to build private versions of LOKI.</p><p>In this paper we show first that the keyspace of any LOKI-version is only 2^60, not 2^64 as claimed. Therefore there are 15 equivalent keys for every key, that encrypts/decrypts texts the same way. An immediate consequence is, that for the proposed Single Block Hash Mode it is very easy to find collisions. Secondly we do differential cryptanaiysis on LOKI and show that n-round LOKI, n<=14 is vulnerable to this kind of attack, at least in principle. We show that we cannot find a characteristic with a probability high enough to break LOKI with 16 rounds. However one might find a private LOKI-version, that is vulnerable to a differential attack for n=16. Finally we consider differentials versus characteristics for LOKI.</p>