Liang Han,Bai Guoqiang

DOI: https://doi.org/10.1109/ICSICT.2010.5667763

2010-01-01

Abstract:In order to select a new Standard Hash Algorithm (SHA-3) which supplies more security, a public competition was organized by NIST in 2007. Up to now, 14 candidates have passed the 2nd round. In this paper, we focus on two of these candidate algorithms, namely BLAKE and Shabal. We present the common structure for all the SHA3 candidates. We also design the VLSI circuit and give the hardware evaluations on FPGA and ASIC. Compared with SHA-256 algorithms in the same technology, we found that the SHA3 candidates provide higher throughput but cost more area. Because of raising the complexity of circuit, the efficiency (TP/area) of SHA3 is lower than SHA-256.

Xin Zhou,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/asid52932.2021.9651693

2021-01-01

Abstract:As the computing power of quantum computers continues to improve, the security of the mathematical problems on current-used cryptographic algorithm are facing more and more serious challenge. It is necessary to formulate the standard of post-quantum cryptographic algorithm. Classic McEliece is one of the 7 candidates entering the Round 3 of NIST PQC contest. In the decryption module of Classic McEliece, H module uses the SHA-3 algorithm. As a new generation of hash algorithm, SHA-3 algorithm uses the Keccak sponge function, which has the advantages of higher speed, higher throughput and stronger security. Keccak truly realizes the processing of input information of any length, and can also generate hash values of any length. In the future, SHA-3 will be applied to more fields, so the high-performance and flexible implementation of the SHA-3 is especially important. This paper analyzed the four SHA-3 algorithms, and integrated the four algorithm standards into one implementation for Classic McEliece. The Xilinx Zynq-7000 series FPGA is chosen as the implementation and verification platform, and the performance are compared with the algorithm implementation of Keccak official team.

William J Buchanan,Leandros Maglaras

DOI: https://doi.org/10.48550/arXiv.2303.14785

2023-03-28

Abstract:Since 2016, NIST has been assessing lightweight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that the article was written, NISC announced ASCOn as the chosen method that will be published as NIST'S lightweight cryptography standard later in 2023. In this article, we provide a comparison between these methods in terms of energy efficiency, time for encryption, and time for hashing.

Cryptography and Security

Marut Pandya

2024-07-11

Abstract:Hashing functions, which are created to provide brief and erratic digests for the message entered, are the primary cryptographic primitives used in blockchain networks. Hashing is employed in blockchain networks to create linked block lists, which offer safe and secure distributed repository storage for critical information. Due to the unique nature of the hash search problem in blockchain networks, the most parallelization of calculations is possible. This technical report presents a performance evaluation of three popular hashing algorithms Blake3, SHA-256, and SHA-512. These hashing algorithms are widely used in various applications, such as digital signatures, message authentication, and password storage. It then discusses the performance metrics used to evaluate the algorithms, such as hash rate/throughput and memory usage. The evaluation is conducted on a range of hardware platforms, including desktop and VMs. The evaluation includes synthetic benchmarks. The results of the evaluation show that Blake3 generally outperforms both SHA-256 and SHA-512 in terms of throughput and latency. However, the performance advantage of Blake3 varies depending on the specific hardware platform and the size of the input data. The report concludes with recommendations for selecting the most suitable hashing algorithm for a given application, based on its performance requirements and security needs. The evaluation results can also inform future research and development efforts to improve the performance and security of hashing algorithms.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Marcin Rogawski

DOI: https://doi.org/10.48550/arXiv.cs/0312035

2003-12-17

Cryptography and Security

Abstract:Alghoritms: HIEROCRYPT-3, CAMELLIA and ANUBIS, GRAND CRU, NOEKEON, NUSH, Q, RC6, SAFER++128, SC2000, SHACAL were requested for the submission of block ciphers (high level block cipher) to NESSIE (New European Schemes for Signatures, Integrity, and Encryption) project. The main purpose of this project was to put forward a portfolio of strong cryptographic primitives of various types. The NESSIE project was a three year long project and has been divided into two phases. The first was finished in June 2001r. CAMELLIA, RC6, SAFER++128 and SHACAL were accepted for the second phase of the evaluation process. HIEROCRYPT-3 had key schedule problems, and there were attacks for up to 3,5 rounds out of 6, at least hardware implementations of this cipher were extremely slow [12]. HIEROCRYPT-3 was not selected to Phase II. CAMELLIA was selected as an algorithm suggested for future standard. In the paper we present the hardware implementations these two algorithms with 128-bit blocks and 128-bit keys, using ALTERA devices and their comparisons.

Hongbo Yu,Jiazhe Chen,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-662-43933-3_14

2013-01-01

Abstract:The hash function Skein is one of 5 finalists of the NIST SHA-3 competition. It is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper proposes a free-start partial-collision attack on round-reduced Skein-256 by combing the rebound attack with the modular differential techniques. The main idea of our attack is to connect two short differential paths into a long one with another differential characteristic that is complicated. Following our path, we give a free-start partial-collision attack on Skein-256 reduced to 32 rounds with Hamming distance 50 and complexity about 2(85) hash computations. In particular, we provide practical near-collision examples for Skein-256 reduced to 24 rounds and 28 rounds in the fixed tweaks and choosing tweaks setting separately. As far as we know, this is the first construction of a non-linear differential path for Skein which can lead to significantly improvement over previous analysis.

Matthias J. Kannwischer,Aymeric Genêt,Denis Butin,Juliane Krämer,Johannes Buchmann

DOI: https://doi.org/10.1007/978-3-319-89641-0_10

2018-01-01

Abstract:Quantum computing threatens conventional public-key cryptography. In response, standards bodies such as NIST increasingly focus on post-quantum cryptography. In particular, hash-based signature schemes are notable candidates for deployment. No rigorous side-channel analysis of hash-based signature schemes has been conducted so far. This work bridges this gap. We analyse the stateful hash-based signature schemes XMSS and XMSSMT$$\text {XMSS}^{MT}$$, which are currently undergoing standardisation at IETF, as well as SPHINCS—the only practical stateless hash-based scheme. While timing and simple power analysis attacks are unpromising, we show that the differential power analysis resistance of XMSS can be reduced to the differential power analysis resistance of the underlying pseudorandom number generator. This first systematic analysis helps to further increase confidence in XMSS, supporting current standardisation efforts. Furthermore, we show that at least a 32-bit chunk of the SPHINCS secret key can be recovered using a differential power analysis attack due to its stateless construction. We present novel differential power analyses on a SHA-2-based pseudorandom number generator for XMSS and a BLAKE-256-based pseudorandom function for SPHINCS-256 in the Hamming weight model. The first attack is not threatening current versions of XMSS, unless a customised pseudorandom number generator is used. The second one compromises the security of a hardware implementation of SPHINCS-256. Our analysis is supported by a power simulator implementation of SHA-2 for XMSS and a hardware implementation of BLAKE for SPHINCS. We also provide recommendations for XMSS implementers.

Guang-Hui WU,Hong-Bo YU,Yong-Lin HAO

DOI: https://doi.org/10.13868/j.cnki.jcr.000146

2016-01-01

Abstract:The hash function Skein is one of the finalists of the NIST SHA-3 competition. At present, many scholars have analyzed the security of this algorithm. Although Skein did not become the final SHA-3 standard, the implementation efficiency and the security of Skein family are nevertheless very good, especially on the aspect of software implementation which is more efficient than the SHA-3 winner Keccak. So there will be some potential application value in some areas for Skein and it is still important to analyze the security of Skein. In this paper, we study the resistance of Skein-1024 against Boomerang attacks. We can attack 33-round, 34-round and 36-round Skein-1024, with a complexity of 2258.34, 2345.52 and 2890 , respectively. The correctness of our attack is verified by a practical 28-round Boomerang quartet. Based on the Boomerang distinguisher, we also propose a related-key key-recovery attack on 39-round simplified (or 32-round normal) Threesh-1024. This attack can recover the 1024 master keys with time, data and memory complexities of 2593.30, 2411 and 245respectively. This is the best Boomerang attack forSkein-1024 known so far.

Cankun Zhao,Hang Zhao,Jiangxue Liu,Bohan Yang,Wenping Zhu,Shuying Yin,Min Zhu,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2024.i4.231-257

2024-01-01

Abstract:SHA-3, the latest hash standard from NIST, is utilized by numerous cryptographic algorithms to handle sensitive information. Consequently, SHA-3 has become a prime target for side-channel attacks, with numerous studies demonstrating successful breaches in unprotected implementations. Masking, a countermeasure capable of providing theoretical security, has been explored in various studies to protect SHA-3. However, masking for hardware implementations may significantly increase area costs and introduce additional delays, substantially impacting the speed and area of higher-level algorithms. In particular, current low-latency first-order masked SHA-3 hardware implementations require more than four times the area of unprotected implementations. To date, the specific structure of SHA-3 has not been thoroughly analyzed for exploitation in the context of masking design, leading to difficulties in minimizing the associated area costs using existing methods. We bridge this gap by conducting detailed leakage path and data dependency analyses on two-share masked SHA-3 implementations. Based on these analyses, we propose a compact and low-latency first-order SHA-3 masked hardware implementation, requiring only three times the area of unprotected implementations and almost no fresh random number demand. We also present a complete theoretical security proof for the proposed implementation in the glitch+register-transition-robust probing model. Additionally, we conduct leakage detection experiments using PROLEAD, TVLA and VerMI to complement the theoretical evidence. Compared to state-of-theart designs, our implementation achieves a 28% reduction in area consumption. Our design can be integrated into first-order implementations of higher-level cryptographic algorithms, contributing to a reduction in overall area costs.

Asmae Zniti,Nabih El Ouazzani

DOI: https://doi.org/10.11591/beei.v12i4.4982

2023-08-01

Bulletin of Electrical Engineering and Informatics

Abstract:This paper presents a comparative study involving SHA-3 final round candidates along with recent versions of hash algorithms. The proposed comparison between hash functions is performed with respect to cycles per byte and memory space. Tests are also carried out on a PIC32-based application taking into account several input cases, thus resulting in a set of ranked algorithms in terms of their specified metrics. The outcome of this work represents a considerable contribution in data protection and information security in relation to various communication and transmission systems, serving as a handy reference for developers to select an appropriate hash algorithm for their particular use condition.

Hongbo Yu,Jiazhe Chen,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-642-35999-6_19

2013-01-01

Abstract:The hash function Skein is one of the five finalists of the NIST SHA-3 competition. It is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper studies the boomerang attacks on Skein-512. Boomerang distinguishers on the compression function reduced to 32 and 36 rounds are proposed, with time complexities 2104.5 and 2454 hash computations respectively. Examples of the distinguishers on 28 and 31 rounds are also given. In addition, the boomerang distinguishers are applicable to the key-recovery attacks on reduced Threefish-512. The time complexities for key-recovery attacks reduced to 32-/33-/34-round are about 2181, 2305 and 2424 encryptions. Because the previous boomerang distinguishers for Threefish-512 are in fact not compatible [14], our attacks are the first valid boomerang attacks for the reduced-round Skein-512.

Jianwei Yang,Weizhen Wang,Zhicheng Xie,Jun Han,Zhiyi Yu,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2017.8252635

2017-01-01

Abstract:In August 2015, SHA-3 Standard was published as the next generation of Secure Hashing Algorithm. Several optimized implementations of SHA-3 on a 24-core processor with software and hardware co-design are proposed in this paper. For software designs, a 4-core mapping scheme with shared-memory reduces the delay time by exploring the internal parallelism of the algorithm; the scheme of 5 cores with packet router improves flexibility; and 24-core mapping with circuit router fully explores the parallelism with higher energy efficiency. Hardware approaches: specific instructions and novel latch-based accelerators, are proposed to improve performance and energy efficiency. The three software mappings provide a speedup of 3.1, 3.6 and 19.6, respectively. Almost 2 times better performance and energy efficiency are obtained with three specific instructions. The implementation of 4 latch-based accelerators achieves a throughput of 81.9 Gbps at 850MHz with 3.7 pJ/bit energy consumption per bit.

Abel C. H. Chen

2024-08-08

Abstract:The blockchain system has emerged as one of the focal points of research in recent years, particularly in applications and services such as cryptocurrencies and smart contracts. In this context, the hash value serves as a crucial element in linking blocks within the blockchain, ensuring the integrity of block contents. Therefore, hash algorithms represent a vital security technology for ensuring the integrity and security of blockchain systems. This study primarily focuses on analyzing the security and execution efficiency of mainstream hash algorithms in the Proof of Work (PoW) calculations within blockchain systems. It proposes an evaluation factor and conducts comparative experiments to evaluate each hash algorithm. The experimental results indicate that there are no significant differences in the security aspects among SHA-2, SHA-3, and BLAKE2. However, SHA-2 and BLAKE2 demonstrate shorter computation times, indicating higher efficiency in execution.

Cryptography and Security,Performance

Argyrios Sideris,Theodora Sanida,Minas Dasygenis

DOI: https://doi.org/10.1007/s13389-023-00334-0

2023-09-01

Journal of Cryptographic Engineering

Abstract:In sensitive communications, the cryptographic hash function plays a crucial role, including in the military, healthcare, and banking, ensuring secure transmission by verifying data integrity and carrying out other vital tasks. Compared to other cryptographic hash algorithms, such as SHA-1 and SHA-2, the Keccak hash function (SHA-3) boasts superior hardware performance and is more resilient to modern cryptanalysis techniques. Nonetheless, hardware performance enhancements, such as boosting speed or reducing area usage, are constantly required. This research focuses on increasing the Keccak hash algorithm's throughput rate by introducing a novel architecture that reduces the total number of clock cycles required to obtain the result of a hash function. Additionally, the new simplified structure of the round constant (RC) generator design assures a reasonably low area and achieves the highest throughput and efficiency. Thus, when implemented, it achieved the highest throughput of 19.515 Gbps, 24.428 Gbps, 33.393 Gbps, and 36.358 Gbps on FPGA devices with the Virtex-5, Artix-7, Virtex-6, and Virtex-7, respectively. Finally, our approach is compared to recently published designs.

computer science, theory & methods

Dongxia Bai,Hongbo Yu,Gaoli Wang,Xiaoyun Wang

DOI: https://doi.org/10.1049/iet-ifs.2013.0380

2014-01-01

IET Information Security

Abstract:In this study, the authors study the security of hash functions SM3 and BLAKE-256 against boomerang attack. SM3 is designed by Wang et al. and published by Chinese Commercial Cryptography Administration Office for the use of electronic certification service system in China. BLAKE is one of the five finalists of the NIST SHA-3 competition submitted by Aumasson et al. For SM3, they present boomerang distinguishers for the compression function reduced to 34/35/36/37 steps out of 64 steps, with time complexities 231.4, 233.6, 273.4 and 2192, respectively. Then, they show some incompatible problems existed in the previous boomerang attacks on SM3. Meanwhile, they launch boomerang attacks on up to 7- and 8-round keyed permutation of BLAKE-256, which are the first valid 7-round and 8-round boomerangs for BLAKE-256. Especially, since the author's distinguishers on 34/35-steps compression function of SM3 and 7-round keyed permutation of BLAKE-256 are practical, they are able to obtain boomerang quartets of these attacks. As far as they know, these are the best results against round-reduced SM3 and BLAKE-256.

Senyang Huang,Xiaoyun Wang,Guangwu Xu,Meiqin Wang,Jingyuan Zhao

DOI: https://doi.org/10.1587/transfun.e102.a.242

2018-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The security analysis of Keccak, the winner of SHA-3, has attracted considerable interest. Recently, some attention has been paid to distinguishing Keccak sponge function from random permutation. In EUROCRYPT'17, Huang et al. proposed conditional cube tester to recover the key of Keccak-MAC and Keyak and to construct practical distinguishing attacks on Keccak sponge function up to 7 rounds. In this paper, we improve the conditional cube tester model by refining the formulation of cube variables. By classifying cube variables into three different types and working the candidates of these types of cube variable carefully, we are able to establish a new theoretical distinguisher on 8-round Keccak sponge function. Our result is more efficient and greatly improves the existing results. Finally we remark that our distinguishing attack on the the reduced-round Keccak will not threat the security margin of the Keccak sponge function.

M.V. Yesina,Ye.V. Ostrianska,I.D. Gorbenko

DOI: https://doi.org/10.30837/rt.2022.3.210.05

2022-09-28

Radiotekhnika

Abstract:In recent years, there has been steady progress in the creation of quantum computers. If large-scale quantum computers are implemented, they will threaten the security of many widely used public-key cryptosystems. Key-establishment schemes and digital signatures based on factorization, discrete logarithms, and elliptic curve cryptography will be most affected. Symmetric cryptographic primitives such as block ciphers and hash functions will be broken only slightly. As a result, there has been an intensification of research on finding public-key cryptosystems that would be secure against cryptanalysts with both quantum and classical computers. This area is often called post-quantum cryptography (PQC), or sometimes quantum-resistant cryptography. The goal is to design schemes that can be deployed in existing communication networks and protocols without significant changes. The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through an open competition. New public-key cryptography standards will define one or more additional digital signatures, public-key encryption, and key-establishment algorithms. It is assumed that these algorithms will be able to protect confidential information well in the near future, including after the advent of quantum computers. After three rounds of evaluation and analysis, NIST has selected the first algorithms that will be standardized as a result of the PQC standardization process. The purpose of this article is to review and analyze the state of NIST's post-quantum cryptography standardization evaluation and selection process. The article summarizes each of the 15 candidate algorithms from the third round and identifies the algorithms selected for standardization, as well as those that will continue to be evaluated in the fourth round of analysis. Although the third round is coming to an end and NIST will begin developing the first PQC standards, standardization efforts in this area will continue for some time. This should not be interpreted as meaning that users should wait to adopt post-quantum algorithms. NIST looks forward to the rapid implementation of these first standardized algorithms and will issue future guidance on the transition. The transition will undoubtedly have many complexities, and there will be challenges for some use cases such as IoT devices or certificate transparency.

Yilmaz Aydin,Ali Murat Garipcan,Fatih Özkaynak

DOI: https://doi.org/10.1007/s13369-024-09251-8

IF: 2.807

2024-06-26

Arabian Journal for Science and Engineering

Abstract:In this study, a novel robust design methodology that successfully meets the performance and security criteria for substitution-boxes (s-boxes), critical component in block cipher systems, is proposed. Unlike traditional methods providing low-level randomness, the proposed method utilizes physical true randomness as the entropy source, significantly improving the robustness and effectiveness of the s-box design. Phase noise (jitter) occurring on ring oscillators (ROs) is used for true randomness inputs with high security and unpredictability properties in the proposed method. The success of the proposed method is evaluated by considering key performance metrics of s-boxes such as bijectivity, strict avalanche criterion (SAC), bit independence criterion (BIC), nonlinearity (NL), and differential probability (DP). In the novel method, including the integration of the secure hashing algorithm (SHA)-256 hash function for cryptographic usage adequacy of the noise signal, 106.75 NL, 0.4995 SAC, and 105.7 average BIC-NL values can be obtained for s-boxes without any additional optimization process. Considering the low DP value, the analysis results confirm that the s-boxes produced by the proposed method can provide remarkable resistance against linear and differential cryptanalysis scenarios. Numerical findings also show that the proposed s-boxes are competitive and superior compared to other s-box designs in the literature. In conclusion, we believe that the methodology producing robust and reliable s-box solutions for block cipher systems contains important contributions inspiring future research regarding design principles.

multidisciplinary sciences

Abdullah Sevin,Ünal Çavuşoğlu

DOI: https://doi.org/10.3390/electronics13234767

IF: 2.9

2024-12-04

Electronics

Abstract:In recent years, hash algorithms have been used frequently in many areas, such as digital signature, blockchain, and IoT applications. Standard cryptographic hash functions, including traditional algorithms such as SHA-1 and MD5, are generally computationally intensive. A principal approach to improving the security and efficiency of hash algorithms is the integration of lightweight algorithms, which are designed to minimize computational overhead, into their architectural framework. This article proposes a new hash algorithm based on lightweight encryption. A new design for the lightweight hash function is proposed to improve its efficiency and meet security requirements. In particular, efficiency reduces computational load, energy consumption, and processing time for resource-constrained environments such as IoT devices. Security requirements focus on ensuring properties such as collision resistance, pre-image resistance, and distribution of modified bit numbers to ensure reliable performance while preserving the robustness of the algorithm. The proposed design incorporates the SPECK lightweight encryption algorithm to improve the structure of the algorithm, ensuring robust mixing and security through confusion and diffusion, while improving processing speed. Performance and efficiency tests were conducted to evaluate the proposed algorithm, and the results were compared with commonly used hash algorithms in the literature. The test results show that the new lightweight hash algorithm has successfully passed security tests, including collision resistance, pre-image resistance, sensitivity, and distribution of hash values, while outperforming other commonly used algorithms regarding execution time.

engineering, electrical & electronic,computer science, information systems,physics, applied

Subhabrata Mukherjee,Bimal Roy,Anirban Laha

DOI: https://doi.org/10.48550/arXiv.1204.2798

2012-09-18

Abstract:Recent cryptanalytic attacks have exposed the vulnerabilities of some widely used cryptographic hash functions like MD5 and SHA-1. Attacks in the line of differential attacks have been used to expose the weaknesses of several other hash functions like RIPEMD, HAVAL. In this paper we propose a new efficient hash algorithm that provides a near random hash output and overcomes some of the earlier weaknesses. Extensive simulations and comparisons with some existing hash functions have been done to prove the effectiveness of the BSA, which is an acronym for the name of the 3 authors.

Cryptography and Security