SHA-1 Hash Function Research Articles

Efficient parallelizable hashing using small non-compressing primitives

A well-established method of constructing hash functions is to base them on non-compressing primitives, such as one-way functions or permutations. In this work, we present $$S^r$$Sr, an $$rn$$rn-to-$$n$$n-bit compression function (for $$r\ge 1$$r?1) making $$2r-1$$2r-1 calls to $$n$$n-to-$$n$$n-bit primitives (random functions or permutations). $$S^r$$Sr compresses its inputs at a rate (the amount of message blocks per primitive call) up to almost 1/2, and it outperforms all existing schemes with respect to rate and/or the size of underlying primitives. For instance, instantiated with the $$1600$$1600-bit permutation of NIST's SHA-3 hash function standard, it offers about $$800$$800-bit security at a rate of almost 1/2, while SHA-3-512 itself achieves only $$512$$512-bit security at a rate of about $$1/3$$1/3. We prove that $$S^r$$Sr achieves asymptotically optimal collision security against semi-adaptive adversaries up to almost $$2^{n/2}$$2n/2 queries and that it can be made preimage secure up to $$2^n$$2n queries using a simple tweak.

SHA-1 and MD5 Cryptographic Hash Functions: Security Overview

Despite their obsolescence and recommendations they are phased out from production environment, MD5 and SHA-1 cryptographic hash functions remain defaults frequently offered in many applications, e.g., database managers. In the article, we present a security overview of both algorithms and demonstrate the necessity to abandon them in favor of more resilient alternatives due to low computational requirements necessary to reverse engineer the message digests, or to future proof security due to advances in hardware performance and scalability. Suitability procedures and their methods of use are part of this article.

Improved indifferentiability security bound for the JH mode

Indifferentiability security of a hash mode of operation guarantees the mode’s resistance against all generic attacks. It is also useful to establish the security of protocols that use hash functions as random functions. The JH hash function was one of the five finalists in the National Institute of Standards and Technology SHA-3 hash function competition. Despite several years of analysis, the indifferentiability security of the JH mode has remained remarkably low, only at \(n/3\) bits, while the two finalist modes Keccak and Grøstl offer a security guarantee of \(n/2\) bits. Note all these three modes operate with \(n\)-bit digest and \(2n\)-bit permutations. In this paper, we improve the indifferentiability security bound for the JH mode to \(n/2\) bits (e.g. from approximately 171 to 256 bits when \(n=512\)). To put this into perspective, our result guarantees the absence of (non-trivial) attacks on both the JH-256 and JH-512 hash functions with time less than approximately \(2^{256}\) computations of the underlying 1024-bit permutation, under the assumption that the underlying permutations can be modeled as an ideal permutation. Our bounds are optimal for JH-256, and the best known for JH-512. We obtain this improved bound by establishing an isomorphism of certain query-response graphs through a careful design of the simulators and bad events. Our experimental data strongly supports the theoretically obtained results.

IMPLEMENTASI ALGORITMA RIJNDAEL 128 PADA APLIKASI CHATTING BERBASIS HTML5 WEBSOCKET

In the past, web-based chat application didn’t consider security as part of must-have requirement, thus many insecure examples were broken in short time after it was released. Data sniffing is one common attack that could be used to attack insecure applications because the data was transferred using an insecure medium, which is HTTP. We propose a new web-based chat application that is built based on HTML5 WebSocket technology using Socket.IO library to improve confidentiality of the messages sent between two or multiple parties. We combine it with NodeJS and Express to facilitate real-time discussion between client and server and vice versa. We also use Rijndael (known as AES - Advanced Encryption Standard) to make sure that the message stays confidential and only known by sender and receiver. To satisfy the integrity property, we apply SHA-3 hash function. By combining SSL/TLS, AES, and SHA-3 hash function, we have added multiple layer of security inside this application and no additional effort needed by the user. Based on conducted experiments, we can conclude that this application could satisfy security requirements (confidentiality and integrity), either on the client or server side.

Enhanced FPGA Implementation of the SHA-512 Hash Function

In modern cryptographic hash function plays an important role. Hash function algorithms are widely used to provide authentication, security and services of integrity. The main computation block in SHA-512 algorithm is governed by a loop with high data dependence for which one implementation strategy is explored in this work as well as design efficiently mapped to hardware architecture. We propose an improved implementation of the SHA-512 hash family, with minimal operator latency, reduced hardware requirements, high frequency, and high throughput. The proposed design were implemented and validated in the FPGA Virtex. The FPGAs targets are XC5VLX30-3ff324, XC6VLX75T-3ff784.

Enhancing an Embedded Processor Core for Efficient and Isolated Execution of Cryptographic Algorithms†

We propose enhancing a reconfigurable and extensible embedded RISC processor core with a protected zone for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory for storing sensitive data during cryptographic computations, and special-purpose and cryptographic registers to execute instructions securely. We outline the principles for secure software implementations of cryptographic algorithms in a processor equipped with the proposed protected zone. We demonstrate the efficiency and effectiveness of our proposed zone by implementing the most-commonly used cryptographic algorithms in the protected zone; namely RSA, elliptic curve cryptography, pairing-based cryptography, AES block cipher, and SHA-1 and SHA-256 cryptographic hash functions. In terms of time efficiency, our software implementations of cryptographic algorithms running on the enhanced core compare favorably with equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor. The proposed enhancements for the protected zone are realized on an FPGA device. The implementation results on the FPGA confirm that its area overhead is relatively moderate in the sense that it can be used in many embedded processors. Finally, the protected zone is useful against cold-boot and micro-architectural side-channel attacks such as cache-based and branch prediction attacks.

Algebraic Fault Attack on the SHA-256 Compression Function

The cryptographic hash function SHA-256 is one member of the SHA-2 hash family, which was proposed in 2000 and was standardized by NIST in 2002 as a successor of SHA-1. Although the differential fault attack on SHA-1compression function has been proposed, it seems hard to be directly adapted to SHA-256. In this paper, an efficient algebraic fault attack on SHA-256 compression function is proposed under the word-oriented random fault model. During the attack, an automatic tool STP is exploited, which constructs binary expressions for the word-based operations in SHA-256 compression function and then invokes a SAT solver to solve the equations. The simulation of the new attack needs about 65 fault injections to recover the chaining value and the input message block with about 200 seconds on average. Moreover, based on the attack on SHA-256 compression function, an almost universal forgery attack on HMAC-SHA-256 is presented. Our algebraic fault analysis is generic, automatic and can be applied to other ARX-based primitives..

Improved Cryptanalysis of AES-like Permutations

AES-based functions have attracted of a lot of analysis in the recent years, mainly due to the SHA-3 hash function competition. In particular, the rebound attack allowed to break several proposals and many improvements/variants of this method have been published. Yet, it remained an open question whether it was possible to reach one more round with this type of technique compared to the state-of-the-art. In this article, we close this open problem by providing a further improvement over the original rebound attack and its variants, that allows the attacker to control one more round in the middle of a differential path for an AES-like permutation. Our algorithm is based on lists merging as defined in (Naya-Plasencia in Advances in Cryptology: CRYPTO 2011, pp. 188---205, 2011) and we generalized the concept to non-full active truncated differential paths (Sasaki et al. in Lecture Notes in Computer Science, pp. 38---55, 2010). As an illustration, we applied our method to the internal permutations used in GrOstl, one of the five finalist hash functions of the SHA-3 competition. When entering this final phase, the designers tweaked the function so as to thwart attacks from Peyrin (Peyrin in Lecture Notes in Computer Science, pp. 370---392, 2010) that exploited relations between the internal permutations. Until our results, no analysis was published on GrOstl and the best results reached 8 and 7 rounds for the 256-bit and 512-bit versions, respectively. By applying our algorithm, we present new internal permutation distinguishers on 9 and 10 rounds, respectively.

Rotational Rebound Attacks on Reduced Skein

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core--the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.

Exploiting Vulnerabilities in Cryptographic Hash Functions Based on Reconfigurable Hardware

Cryptanalysis, i.e., the study of methods for breaking cryptographic algorithms, can greatly benefit from hardware acceleration as a key aspect enabling high-performance attacks. This work investigates the new opportunities inherently provided by a particular class of hardware technologies, i.e., reconfigurable hardware devices, addressing the cryptanalysis of the SHA-1 hash function as a case study. We show how hardware reconfiguration enables some unexplored approaches such as algorithm and architecture exploration, as well as on-the-fly system specialization relying on hardware programmability. We also identify some new cryptanalysis methods, including two novel techniques for SHA-1 cryptanalysis called interbit constraints and constraint relaxation. Relying on the proposed approaches, we designed an FPGA-based platform targeting 71- and 75-round versions of SHA-1. Under the same cost budget, the estimated times for a collision achieved by the platform are at least one order of magnitude lower than other solutions based on high-end supercomputing facilities, reaching the highest performance/cost ratio for SHA-1 collision search and providing a striking confirmation of the impact of hardware reconfigurability.

An Improved Hashing Function for Human Authentication System

Biometrics have the great advantage of recognition based on an intrinsic aspect of a human being and thus requiring the person to be authenticated for physical presentation. Unfortunately, biometrics suffer from some inherent limitation such as high false rejection when the system works at a low false acceptation rate. In this paper, near set are implemented to improve the Standard Secure Hash Function SHA-1 (ISHA-1) for strict multi-modal biometric image authentication system. The proposed system is composed of five phases, starting from feature extraction and selection phase, hashing computing that uses the ISHA-1 phase, embedding watermark phase, extraction and decryption watermark phase, and finally the authentication phase. Experimental results showed that the proposed algorithm guarantees the security assurance and reduces the time of implementation.

An Improved Fast and Secure Hash Algorithm

Abstract —Recently, a fast and secure hash function SFHA – 256 has been proposed and claimed as more secure and as having a better performance than the SHA – 256. In this paper an improved version of SFHA – 256 is proposed and analyzed using two parameters, namely the avalanche effect and uniform deviation. The experimental results and further analysis ensures the performance of the newly proposed and improved SFHA-256. From the analysis it can be concluded that the newly proposed algorithm is more secure, efficient, and practical. Keywords —SHA-256, SFHA-256, Improved SFHA-256 1. I NTRODUCTION The hash function H accepts the variable-sized message M as input and outputs a fixed-size representation H(M) of M, which is sometimes called a message digest [1]. I.B. Damgard et.el., discussed the construction of hash functions and presented an efficient and much more secure scheme with the combination of RSA system with the collision free hash function based on fac-toring [2]. Hash functions for message authentications are proposed in [3]. A universal one-way hash function family is discussed in [4]. SHA-1 is a cryptographic hash function published by the National Institute of Standards and Technology (NIST). The three SHA algorithms are SHA-0, SHA-1, and SHA-2. The SHA-0 algorithm was not used in many applications. On the other hand, SHA-2 differs from the SHA-1 hash function. SHA-1 is the most widely used hash function. Several widely-used security ap-plications and protocols are based on SHA-1. In 2005, security flaws were identified in SHA-1 [5]. A prime motivation for the publication of the Secure Hash Algorithm was the Digital Signa-ture Standard. The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS). The ElGamal signature scheme is a digital signature scheme that is based on the difficulty of com-puting discrete logarithms. It was described by Taher ElGamal in 1984 [6]. The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) that uses Elliptic curve cryptography [7, 8]. Recently, Hassan. M. Elkamchouchi et el., proposed a fast and secure hash function (SFHA -

On the exploitation of a high-throughput SHA-256 FPGA design for HMAC

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board).

On security arguments of the second round SHA-3 candidates

In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round. An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks. We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.

Gossip-Based Indexing Ring Topology for 2-Dimension Spatial Data in Overlay Networks

Overlay networks are used widely in the Internet, such as retrieval and share of files, multimedia games and so on. However, in distributed system, the retrieval and share of 2-dimension spatial data still have some difficult problems and can not solve the complex retrieval of 2-dimension spatial data efficiently. This article presents a new indexing overlay networks, named 2D-Ring, which is the ring topology based on gossip for 2-dimension spatial data. The peers in our overlay networks exchange the information periodically and update each local view by constructing algorithm. 2-dimension spatial data is divided by quad-tree and mapped into control points, which are hashed into 2D-Ring by SHA-1 hash function. In such way, the problem of 2-dimension spatial data indexing is converted to the problem of searching peers in the 2D-Ring. A large of extensive experiments show that the time complexity of constructing algorithm of 2D-Ring can reach convergence logarithmically as a function of the network size and hold higher hit rate and lower query delay.

Throughput Optimum Architecture of KECCAK Hash Function

Because of the weakening of the widely-used SHA-1 hash algorithm and concerns over the similarly-structured algorithms of the SHA-2 family; the US NIST has initiated the SHA-3 contest in order to select a suitable drop-in replacement. In this paper we use the unrolling method to describe the high-speed hardware implementation of the SHA-3 hash function candidate KECCAK on FPGA devices.

Reversible Anonymization of DICOM Images using Cryptography and Digital Watermarking

Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical images. The DICOM file contains the image data and a number of attributes such as identified patient data (name, age, insurance ID card,…), and non-identified patient data (doctor’s interpretation, image type,…). Medical images serve not only for examination, but can also be used for research and education purposes. For research they are used to prevent illegal use of information; before authorizing researchers to use these images, the medical staff deletes all the data which would reveal the patient identity to prevent patient privacy. This manipulation is called anonymization. In this paper, we propose a reversible anonymization of DICOM images. Identifying patient data with image digest, computed by the well-known SHA-256 hash function, are encrypted using the proposed probabilistic public key crypto-system. After compressing the Least Significant Bit (LSB) bitplan of the image using Hofmann coding algorithm, the encrypted data is inserted into a liberated zone of the LSB bitplan of the image. The proposed method allows researchers to use anonymous DICOM images and keep to authorized staff -if necessary- the possibility to return to the original image with all related patient data.

Alternate Approach for Implementation of SHA2 Algorithm using Feed forward Neural Network

In this paper an algorithm for one-way hash function construction based on a two layer feed forward neural network along with the piece-wise linear (pwl) chaotic map is proposed. Where SHA-2 is cryptographic hash function designed by NSA(National Security Agency). Based on chaotic neural networks, a SHA-2 Hash function is constructed, which makes use of neural networks' diffusion property and chaos' confusion property. This function encodes the plaintext of arbitrary length into the hash value of fixed length (typically, 128-bit, 256-bit or 512-bit). Theoretical analysis and experimental results show that this hash function is one-way, with high key sensitivity and plaintext sensitivity, and secure against birthday attacks or meet-in-the-middle attacks. These properties make it a suitable choice for data signature or authentication.

SHA-3 해쉬함수 소비전력 특성 분석 및 저전력 구조 기법

해쉬함수는 데이터와 명령에 대한 위변조를 방지와 같은 무결성 제공하거나 서명이나 키 분배 등 다양한 보안 프로토콜에서 서명 및 인증, 키 분배 목적으로 많이 사용되는 일방향성 함수(one-way function)다. 2005년 Wang에 의해 암호학적 취약성이 발견되기까지 해쉬함수로는 SHA-1이 많이 사용 되었다. SHA-1의 안전성에 문제가 생기게 되자 NIST(National Institute of Standards and Technology)에서는 암호학적으로 안전한 새로운 해쉬함수 개발 필요성을 느껴 2007년 11월에 공개적으로 새로운 해쉬함수에 대한 공모를 시작했으며, SHA-3로 명명된 새로운 해쉬함수는 2012년 최종 선정될 예정이다. 현재 제안된 SHA-3 함수들에 대한 암호학적인 특성과 하드웨어로 구현했을 때의 하드웨어 복잡도, 소프트웨어로 구현했을 때의 성능 등에 대한 평가가 이뤄지고 있다. 하지만 하드웨어로 구현된 해쉬함수의 중요한 특성 평가 척도(metrics)인 소비 전력 특성에 대한 연구는 활발히 이뤄지지 않고 있다. 본 논문에서는 제안된 SHA-3 해쉬함수를 하드웨어로 구현했을 경우의 소비 전력 특성을 분석하고 소비전력 특성 분석 결과를 토대로 SHA-3 해쉬함수 중에서 새로운 SHA-3 해쉬함수로 선정될 확률이 높은 Luffa 함수에 대한 저전력 구조를 제안한다. 제안된 저전력 구조는 기존의 Luffa 하드웨어보다 약 10% 정도 적은 전력을 소비함을 보인다. Cryptographic hash functions are also called one-way functions and they ensure the integrity of communication data and command by detecting or blocking forgery. Also hash functions can be used with other security protocols for signature, authentication, and key distribution. The SHA-1 was widely used until it was found to be cryptographically broken by Wang, et. al, 2005. For this reason, NIST launched the SHA-3 competition in November 2007 to develop new secure hash function by 2012. Many SHA-3 hash functions were proposed and currently in review process. To choose new SHA-3 hash function among the proposed hash functions, there have been many efforts to analyze the cryptographic secureness, hardware/software characteristics on each proposed one. However there are few research efforts on the SHA-3 from the point of power consumption, which is a crucial metric on hardware module. In this paper, we analyze the power consumption characteristics of the SHA-3 hash functions when they are made in the form of ASIC hardware module. Also we propose power efficient hardware architecture on Luffa, which is strong candidate as a new SHA-3 hash function. Our proposed low power architecture for Luffa achieves 10% less power consumption than previous Luffa hardware architecture.

High-Speed FPGA Implementation of the SHA-1 Hash Function

This paper presents a high-speed SHA-1 implementation. Unlike the conventional unfolding transformation, the proposed unfolding transformation technique makes the combined hash operation blocks to have almost the same delay overhead regardless of the unfolding factor. It can achieve high throughput of SHA-1 implementation by avoiding the performance degradation caused by the first hash computation. We demonstrate the proposed SHA-1 architecture on a FPGA chip. From the experimental results, the SHA-1 architecture with unfolding factor 5 shows 1.17Gbps. The proposed SHA-1 architecture can achieve about 31% performance improvements compared to its counterparts. Thus, the proposed SHA-1 can be applicable for the security of the high-speed but compact mobile appliances.