Harshvardhan Tiwari,Dr. Krishna Asawa

DOI: https://doi.org/10.48550/arXiv.1003.1492

2010-03-08

Abstract:Cryptographic hash functions play a central role in cryptography. Hash functions were introduced in cryptology to provide message integrity and authentication. MD5, SHA1 and RIPEMD are among the most commonly used message digest algorithm. Recently proposed attacks on well known and widely used hash functions motivate a design of new stronger hash function. In this paper a new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure. This hash function is collision resistant and assures a good compression and preimage resistance.

Cryptography and Security

Rui-Xin Zhan,K. Y. Chau,Zhe-Ming Lu,Bei-Bei Liu,W. H. Ip

DOI: https://doi.org/10.1109/isda.2008.66

2008-01-01

Abstract:Image hashing function maps an image into a bit string which can be used to authenticate the originality of the image. In this paper, we propose a perceptual image hashing scheme that is secure and robust to visually insignificant changes but fragile enough to detect and precisely locate malicious attacks. The proposed image hashing method is based on the outlines of one-dimensional signals re-arranged from the 8times8 DCT blocks. The final image hash is obtained by applying binary quantization to the DWT coefficients of the obtained 1-D signals. Experimental results are presented to show the effectiveness of the proposed scheme.

Chen Hai-peng,Shen Xuan-jing,Wei Wei

DOI: https://doi.org/10.1109/ETCS.2009.399

2009-01-01

Abstract:Aiming directly at the frequently used digital signature technologies, which are weak to Substitution Attack and Homeostasis Attack, this article performs the hash transformation on messages before signature. Using the method proposed by J.Seberry, a hash round function is constructed, which simultaneously satisfies the characters of balance, high nonlinearity, strict avalanche criterion and realization of software. Moreover, making use of the hash round function, a new hash algorithm named HRFA (Hash Round Function Algorithm) is contrived. On this basis, aiming at the defect that the existing digital signature algorithms are weak to active attack and impersonation attack, using the hash algorithm named HRFA and the self-certified public key method proposed by Girault, a new kind of digital signature algorithm named H-S DSA (Hash Round Function and Self-certified Public Key System Digital Signature Algorithm) is raised and realized. Finally, this article analyzes the H-S DSA from two aspects of security and time-complexity.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Kamel Ammour,Lei Wang

DOI: https://doi.org/10.1007/978-3-030-14234-6_11

2018-01-01

Abstract:The indifferentiability framework has been tailored to evaluate the security of cryptographic hash functions such that an iterative hash function must be indifferentiable from a random oracle in order to behave as a random oracle in cryptosystems. It was found that popular (strengthened) Merkle-Damgård transformation cannot satisfy the notion of indifferentiability from a random oracle due to a length-extension attack. Thus, a series of Merkle-Damgård variants have been proposed. This paper mainly revisits one of them, Prefix-Free Merkle-Damgård (PF-MDHF), which is to use a prefix-free message padding. Our main contribution is to provide a tighter security bound for prefix-free Merkle-Damgård with respect to the indifferentiability from a random oracle. More precisely, our bound is \(O( (\ell ^2q+\ell q^2)/{2^n})\), while in previous papers the bound is \(O(\ell ^2q^2/2^n)\), where \(\ell \) is the maximum block length of queries, and q is the maximum number of queries.

Subhabrata Mukherjee,Bimal Roy,Anirban Laha

DOI: https://doi.org/10.48550/arXiv.1204.2798

2012-09-18

Abstract:Recent cryptanalytic attacks have exposed the vulnerabilities of some widely used cryptographic hash functions like MD5 and SHA-1. Attacks in the line of differential attacks have been used to expose the weaknesses of several other hash functions like RIPEMD, HAVAL. In this paper we propose a new efficient hash algorithm that provides a near random hash output and overcomes some of the earlier weaknesses. Extensive simulations and comparisons with some existing hash functions have been done to prove the effectiveness of the BSA, which is an acronym for the name of the 3 authors.

Cryptography and Security

Shenghui Su,Tao Xie,Shuwang Lu

DOI: https://doi.org/10.48550/arXiv.1408.5999

2017-04-30

Abstract:To examine the integrity and authenticity of an IP address efficiently and economically, this paper proposes a new non-Merkle-Damgard structural (non-MDS) hash function called JUNA that is based on a multivariate permutation problem and an anomalous subset product problem to which no subexponential time solutions are found so far. JUNA includes an initialization algorithm and a compression algorithm, and converts a short message of n bits which is regarded as only one block into a digest of m bits, where 80 <= m <= 232 and 80 <= m <= n <= 4096. The analysis and proof show that the new hash is one-way, weakly collision-free, and strongly collision-free, and its security against existent attacks such as birthday attack and meet-in-the- middle attack is to O(2 ^ m). Moreover, a detailed proof that the new hash function is resistant to the birthday attack is given. Compared with the Chaum-Heijst-Pfitzmann hash based on a discrete logarithm problem, the new hash is lightweight, and thus it opens a door to convenience for utilization of lightweight digital signing schemes.

Cryptography and Security

Xiaoyang Dong,Jian Guo,Shun Li,Phuong Pham

DOI: https://doi.org/10.1007/978-3-031-15802-5_4

2022-01-01

Abstract:The rebound attack was introduced by Mendel et al. at FSE 2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rounds by the Super-Sbox technique invented by Lamberger et al. at ASIACRYPT 2009 and Gilbert and Peyrin at FSE 2010. In ASIACRYPT 2010, Sasaki et al. further reduced the requirement of memory by introducing the non-full-active Super-Sbox. In this paper, we further develop this line of research by introducing Super-Inbound, which is able to connect multiple 1-round or 2-round (non-full-active) Super-Sbox inbound phases by utilizing fully the degrees of freedom from both states and key, yet without the use of large memory. This essentially extends the inbound phase by up to 3 rounds. We applied this technique to find classic or quantum collisions on several AES-like hash functions, and improved the attacked round number by 1 to 5 in targets including AES-128 and SKINNY hashing modes, Saturnin-Hash, and Gr Ost 1-512. To demonstrate the correctness of our attacks, the semi-free-start collision on 6-round AES-128-MMO/MP with estimated time complexity 2(24) in classical setting was implemented and an example pair was found instantly on a standard PC.

Haipeng Chen,Xuanjing Shen,Yingda Lv

DOI: https://doi.org/10.4304/jsw.5.3.320-327

2010-01-01

Abstract:Application of digital signature technology becomes more extensive, but many exposed digital signature algorithms have increasingly revealed some shortcomings and deficiencies. Aiming directly at the frequently used digital signature technologies, which are weak to Substitution Attack and Homeostasis Attack, the authors perform the hash transformation on messages before signature. Then, a hash round function is constructed, which simultaneously satisfies the characters of balance, high nonlinearity, strict avalanche criterion and realization of software. Moreover, making use of the hash round function, a new hash algorithm named HRFA (Hash Round Function Algorithm) is contrived. On this basis, aiming at the defect that the existing digital signature algorithms are weak to active attack and impersonation attack, using the hash algorithm named HRFA and the self-certified public key system, a new kind of digital signature algorithm, which is similar to ELGamal, named H-S DSA (Hash Round Function and Self-certified Public Key System Digital Signature Algorithm) is raised and realized. Finally, the authors analyze the H-S DSA from two aspects of security and time-complexity. And, the results show that the new designed digital signature algorithm named H-S DSA not only has better security strength, but also has lower time- complexity.

Zongyang Zhang,Yu Chen,Sherman S. M. Chow,Goichiro Hanaoka,Zhenfu Cao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-319-26059-4_24

2015-01-01

Abstract:A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle RO model. The work of Fischlin and Fleischhacker Eurocrypt﾿'13 investigated the case of Schnorr signature and generally, Fiat-Shamir signatures and showed the reliance of RO model is inherent. We generalize their results to a large class of \"malleable\" hash-and-sign signatures, where one can efficiently \"maul\"any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys. We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a one-more cryptographic problem depending on the signature instantiation. Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers $$\\Gamma $$-signature Yao and Zhao, IEEE Transactions on Information Forensics and Security﾿'13, and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

Junteng Wang,Wenjian Luo,Yamin Hu,Hao Jiang

DOI: https://doi.org/10.1109/icaci49185.2020.9177796

2020-01-01

Abstract:Cryptographic hash functions play significant roles in information security applications, including data integrity. Facing hash collision attacks, several prevalent cryptographic hash functions have been proved not safe enough. In this paper, we propose a simple scheme for data integrity check called PN-HASH (Positive hash and Negative hash). PN-HASH is inspired by the negative representation of information, which is a research branch in the field of immune computation. This scheme computes two hash values of the input message and its negative representation. The resulting hashes are called the positive hash and the negative hash, respectively. The proposed scheme is simple but can improve the resistance to hash collision attacks. Furthermore, for more flexibility and higher security, we propose three extensions of PN-HASH. Security and complexity analyses show that PN-HASH could improve the security of underlying cryptographic hash functions, with approximately twice cost of them. To give exact examples, we present PN-MD5, an implementation of PN-HASH based on MD5.

Dexi Wang,Yu Jiang,Houbing Song,Fei He,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/access.2017.2697918

IF: 3.9

2017-01-01

IEEE Access

Abstract:Cryptographic hash functions have become the basis of modern network computing for identity authorization and secure computing; protocol consistency of cryptographic hash functions is one of the most important properties that affect the security and correctness of cryptographic implementations, and protocol consistency should be well proven before being applied in practice. Software verification has seen substantial application in safety-critical areas and has shown the ability to deliver better quality assurance for modern software; thus, applying software verification to a protocol consistency proof for cryptographic hash functions is a reasonable approach to prove their correctness. Verification of protocol consistency of cryptographic hash functions includes modeling of the cryptographic protocol and program analysis of the cryptographic implementation; these require a dedicated cryptographic implementation model that preserves the semantics of the code, efficient analysis of cryptographic operations on arrays and bits, and the ability to verify large-scale implementations. In this paper, we propose a fully automatic software verification framework, VeriHash, that brings software verification to protocol consistency proofs for cryptographic hash function implementations. It solves the above challenges by introducing a novel cryptographic model design for modeling the semantics of cryptographic hash function implementations, extended array theories for analysis of operations, and compositional verification for scalability. We evaluated our verification framework on two SHA-3 cryptographic hash function implementations: the winner of the NIST SHA-3 competition, Keccack; and an open-source hash program, RHash. We successfully verified the core parts of the two implementations and reproduced a bug in the published edition of RHash.

Jie Liu,Jianhua Li

DOI: https://doi.org/10.1109/isa.2008.37

2008-01-01

Abstract:Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al.’s scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al.’s scheme and makes it more efficient in computation and communication.

Mao YE,Xue-xian HU,Wen-fen LIU

DOI: https://doi.org/10.3969/j.issn.1671-0673.2013.01.003

2013-01-01

Abstract:An approximate smooth projective hash(ASPH) function is an important primitive of the lattice-based cryptography,and it is used to construct password-based authenticated key exchange(PAKE) protocol which is resistant to quantum attacks by Katz et al.The available ASPH function based on the hardness of the standard lattice problem has a large key size and impractical implementations.Based on learning with error problem from ideal lattices(R-LWE),this paper designs a new public-key encryption scheme and an associated ASPH function that can apply to PAKE protocol,and gives a proof of its security.Compared with the existing system,the new system has a small key size,fast computing speed and high efficiency.

Rakesh Mohanty,Niharjyoti Sarangi,Sukant kumar Bishi

DOI: https://doi.org/10.48550/arXiv.1003.5787

2010-03-30

Abstract:Cryptographic hash functions for calculating the message digest of a message has been in practical use as an effective measure to maintain message integrity since a few decades. This message digest is unique, irreversible and avoids all types of collisions for any given input string. The message digest calculated from this algorithm is propagated in the communication medium along with the original message from the sender side and on the receiver side integrity of the message can be verified by recalculating the message digest of the received message and comparing the two digest values. In this paper we have designed and developed a new algorithm for calculating the message digest of any message and implemented t using a high level programming language. An experimental analysis and comparison with the existing MD5 hashing algorithm, which is predominantly being used as a cryptographic hashing tool, shows this algorithm to provide more randomness and greater strength from intrusion attacks. In this algorithm the plaintext message string is converted into binary string and fragmented into blocks of 128 bits after being padded with user defined padding bits. Then using a pseudo random number generator a key is generated for each block and operated with the respective block by a bitwise operator. This process is terated for the whole message and finally a fixed length message digest is obtained.

Cryptography and Security

Gaoli Wang

DOI: https://doi.org/10.1007/978-3-642-25243-3_19

2011-01-01

Abstract:Extended MD4 is a hash function proposed by Rivest in 1990 with a 256-bit hash value. The compression function consists of two different and independent parallel lines called Left Line and Right Line, and each line has 48 steps. The initial values of Left Line and Right Line are denoted by IV0 and IV1 respectively. Dobbertin proposed a collision attack for the compression function of Extended MD4 with a complexity of about 2(40) under the condition that the value for IV0 = IV1 is prescribed. In this paper, we gave a collision attack on the full Extended MD4 with a complexity of about 2(37). Firstly, we propose a collision differential path for both lines by choosing a proper message difference, and deduce a set of sufficient conditions that ensure the differential path hold. Then by using some precise message modification techniques to improve the success probability of the attack, we find two-block collisions of Extended MD4 with less than 2(37) computations. This work provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Andrew C. Yao,Yunlei Zhao

2012-01-01

Abstract:Digital signature is one of the basic primitives in cryptography. A common paradigm of obtaining signatures, known as the Fiat-Shamir (FS) paradigm, is to collapse any Σ-protocol (which is 3-round public-coin honest-verifier zero-knowledge) into a non-interactive scheme with hash functions that are modeled to be random oracles (RO). The Digital Signature Standard (DSS) and Schnorr’s signature schemes are two salient examples following the FS-paradigm. In this work, we present a modified Fiat-Shamir paradigm, named challenge-divided Fiat-Shamir paradigm, which is applicable to a variant of Σ-protocol with divided random challenges. This new paradigm yields a new family of (online/offline efficient) digital signatures from challenge-divided Σ-protocols, including in particular a variant of Schnorr’s signature scheme called challenge-divided Schnorr signature. We then present a formal analysis of the challenge-divided Schnorr signature in the random oracle model. Finally, we give comparisons between the challenge-divided Schnorr signature and DSS and Schnorr’s signature, showing that the newly developed challenge-divided Schnorr signature can enjoy better (online/offline) efficiency (besides provable security in the random oracle model). Of independent interest is a new forking lemma, referred to as divided forking lemma, for dealing with multiple ordered rewinding points in the RO model, which is of independent interest and can be applied to analyzing other cryptographic schemes in the RO model.

P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Yaobin Shen,Lei Wang,Dawu Gu,Jian Weng

DOI: https://doi.org/10.1007/978-3-030-84252-9_11

2021-01-01

Abstract:Double-block Hash-then-Sum (DbHtS) MACs are a class of MACs that aim for achieving beyond-birthday-bound security, including SUM-ECBC, PMAC Plus, 3kf9 and LightMAC Plus. Recently Datta et al. (FSE'19), and then Kim et al. (Eurocrypt'20) prove that DbHtS constructions are secure beyond the birthday bound in the single-user setting. However, by a generic reduction, their results degrade to (or even worse than) the birthday bound in the multi-user setting.In this work, we revisit the security of DbHtS MACs in the multi-user setting. We propose a generic framework to prove beyond-birthday-bound security for DbHtS constructions. We demonstrate the usability of this framework with applications to key-reduced variants of DbHtS MACs, including 2k-SUM-ECBC, 2k-PMAC_Plus and 2k-LightMAC_Plus. Our results show that the security of these constructions will not degrade as the number of users grows. On the other hand, our results also indicate that these constructions are secure beyond the birthday bound in both single-user and multi-user setting without additional domain separation, which is used in the prior work to simplify the analysis.Moreover, we find a critical flaw in 2kf9, which is proved to be secure beyond the birthday bound by Datta et al. (FSE'19). We can successfully forge a tag with probability 1 without making any queries. We go further to show attacks with birthday-bound complexity on several variants of 2kf9.