57 pages
English

Découvre YouScribe en t'inscrivant gratuitement

# Cryptanalysis of a Hash Function Based on Quasi Cyclic Codes

-

Découvre YouScribe en t'inscrivant gratuitement

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus
57 pages
English
Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

Description

Cryptanalysis of a Hash Function Based on Quasi-Cyclic Codes Pierre-Alain Fouque, Gaëtan Leurent École Normale Supérieure Paris, France

• security should

• problem means

• should behave

• ideal security

• ifsb hash

• cyclic attack

• quasi-cyclic codes

• hash function

Sujets

##### Hash function

Informations

 Publié par pefav Nombre de lectures 18 Langue English

Exrait

CryptanalysisofaHashFunctionBasedon
Quasi-CyclicCodes
Pierre-Alain Fouque, Gaëtan Leurent
École Normale Supérieure
Paris, FranceIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctions
nF :f0, 1g !f0, 1g
Should behave “like a random oracle”...
Collisionattack
GivenF, ﬁndM = M s.t. F(M )= F(M ).1 2 1 2
n/2Ideal security: 2 .
Second-preimageattack
GivenF andM , ﬁndM = M s.t. F(M )= F(M ).1 2 1 1 2
nIdeal security: 2 .
Preimageattack
GivenF andH, ﬁndM s.t. F(M)= H.
nIdeal security: 2 .
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodes766Introduction TheIFSBHashFunction TheCyclicattack
HashFunctions
nF :f0, 1g !f0, 1g
Should behave “like a random oracle”...
Collisionattack
GivenF, ﬁndM = M s.t. F(M )= F(M ).1 2 1 2
n/2Ideal security: 2 .
Second-preimageattack
GivenF andM , ﬁndM = M s.t. F(M )= F(M ).1 2 1 1 2
nIdeal security: 2 .
Preimageattack
GivenF andH, ﬁndM s.t. F(M)= H.
nIdeal security: 2 .
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodes766Introduction TheIFSBHashFunction TheCyclicattack
HashFunctionDesign
Most hash functions are dedicated designs based on
symmetriccrypto concepts:
e.g. MDx, SHA-x, Whirlpool, RadioGatún, Grindahl, ...
Some designs are based on a provable security approach:
the security relies on a given hard problem
(likepublickeycrypto):
e.g. FSB, LASH, SWIFFT, SQUASH, ...
Proofofsecurityshouldbetakenwithcaution
I Many of them are asymptotic proofs but the
concrete function has a ﬁxed size.
I Reduction to an NP-complete problem means thatsome
instance are hard, but the ﬁxed instance could be easy.
I Sometimes the attack model is too weak.
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctionDesign
Most hash functions are dedicated designs based on
symmetriccrypto concepts:
e.g. MDx, SHA-x, Whirlpool, RadioGatún, Grindahl, ...
Some designs are based on a provable security approach:
the security relies on a given hard problem
(likepublickeycrypto):
e.g. FSB, LASH, SWIFFT, SQUASH, ...
Proofofsecurityshouldbetakenwithcaution
I Many of them are asymptotic proofs but the
concrete function has a ﬁxed size.
I Reduction to an NP-complete problem means thatsome
instance are hard, but the ﬁxed instance could be easy.
I Sometimes the attack model is too weak.
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctionDesign
Most hash functions are dedicated designs based on
symmetriccrypto concepts:
e.g. MDx, SHA-x, Whirlpool, RadioGatún, Grindahl, ...
Some designs are based on a provable security approach:
the security relies on a given hard problem
(likepublickeycrypto):
e.g. FSB, LASH, SWIFFT, SQUASH, ...
Proofofsecurityshouldbetakenwithcaution
I Many of them are asymptotic proofs but the
concrete function has a ﬁxed size.
I Reduction to an NP-complete problem means thatsome
instance are hard, but the ﬁxed instance could be easy.
I Sometimes the attack model is too weak.
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctionCryptanalysis
Many hash functions in use today are broken:
1990 MD4 design (Rivest)
1992 MD5
1995 SHA-1 design (NIST)
1996 MD4 collisions (Dobbertin)
2001 SHA-2 family design (NIST)
2004 MD5 collisions (Wangetal.)
2005 SHA-1 collision attack (Wangetal.)
Bestcollisionattacks
1MD4 Complexity 2 (Wangetal. – Sasakietal.)
22MD5 Cy 2 (Wangetal. – Klima)
60.xSHA-1 Complexity 2 (Wangetal. – Rechbergeretal.)
Real impact is unclear, but new designs are welcome (cf. SHA-3).
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctionCryptanalysis
Many hash functions in use today are broken:
1990 MD4 design (Rivest)
1992 MD5
1995 SHA-1 design (NIST)
1996 MD4 collisions (Dobbertin)
2001 SHA-2 family design (NIST)
2004 MD5 collisions (Wangetal.)
2005 SHA-1 collision attack (Wangetal.)
Bestcollisionattacks
1MD4 Complexity 2 (Wangetal. – Sasakietal.)
22MD5 Cy 2 (Wangetal. – Klima)
60.xSHA-1 Complexity 2 (Wangetal. – Rechbergeretal.)
Real impact is unclear, but new designs are welcome (cf. SHA-3).
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
HashFunctionCryptanalysis
Many hash functions in use today are broken:
1990 MD4 design (Rivest)
1992 MD5
1995 SHA-1 design (NIST)
1996 MD4 collisions (Dobbertin)
2001 SHA-2 family design (NIST)
2004 MD5 collisions (Wangetal.)
2005 SHA-1 collision attack (Wangetal.)
Bestcollisionattacks
1MD4 Complexity 2 (Wangetal. – Sasakietal.)
22MD5 Cy 2 (Wangetal. – Klima)
60.xSHA-1 Complexity 2 (Wangetal. – Rechbergeretal.)
Real impact is unclear, but new designs are welcome (cf. SHA-3).
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodesIntroduction TheIFSBHashFunction TheCyclicattack
Outline
TheIFSBHashFunction
Description
Previous cryptanalysis
Wagner’s Generalized Birthday
Linearization Attack
TheCyclicattack
Using Periodic Messages
Description of the attack
Solving the cyclic equations
Scope of the attack
G.Leurent (ENS) CryptanalysisofaHashFunctionBasedonQuasi-CyclicCodes

• Accueil
• Ebooks
• Livres audio
• Presse
• BD
• Documents