Nahiyan Alamgir,Saeed Nejati,Curtis Bright

2024-06-29

Abstract:Cryptographic hash functions play a crucial role in ensuring data security, generating fixed-length hashes from variable-length inputs. The hash function SHA-256 is trusted for data security due to its resilience after over twenty years of intense scrutiny. One of its critical properties is collision resistance, meaning that it is infeasible to find two different inputs with the same hash. Currently, the best SHA-256 collision attacks use differential cryptanalysis to find collisions in simplified versions of SHA-256 that are reduced to have fewer steps, making it feasible to find collisions. In this paper, we use a satisfiability (SAT) solver as a tool to search for step-reduced SHA-256 collisions, and dynamically guide the solver with the aid of a computer algebra system (CAS) used to detect inconsistencies and deduce information that the solver would otherwise not detect on its own. Our hybrid SAT + CAS solver significantly outperformed a pure SAT approach, enabling us to find collisions in step-reduced SHA-256 with significantly more steps. Using SAT + CAS, we find a 38-step collision of SHA-256 with a modified initialization vector -- something first found by a highly sophisticated search tool of Mendel, Nad, and Schläffer. Conversely, a pure SAT approach could find collisions for no more than 28 steps. However, our work only uses the SAT solver CaDiCaL and its programmatic interface IPASIR-UP.

Cryptography and Security,Discrete Mathematics,Logic in Computer Science,Symbolic Computation

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Xiali Hei,Binheng Song,Caijin Ling

DOI: https://doi.org/10.1109/icc.2017.7996731

2017-01-01

Abstract:In this paper, we describe a family of block ciphers named SHIPHER. We present a symmetric encryption framework based on a cryptographic hash function and dynamic operators controlled by small random numbers. This dynamic operator mixes operations from different algebraic groups like IDEA [1]. However, unlike IDEA and extended IDEA ([2], [3]), modular addition is the only calculation in this framework and this makes SHIPHER highly efficient. The round function was chosen to provide confusion and diffusion to facilitate hardware implementations. This framework can provide families of secure, flexible, and variable-key-length block ciphers. Anny block size can be achieved. We have extensively investigated our encryption framework. We can easily control the computational cost by selecting block size, implementation method, and a hash function. Also, this framework offers excellent performance and it is flexible and generic enough to admit a variety of implementations on different dynamic operators. In this paper, we provide one implementation, show its performance, and discuss possible extensions of similar dynamic operators.

Harshvardhan Tiwari,Dr. Krishna Asawa

DOI: https://doi.org/10.48550/arXiv.1003.1492

2010-03-08

Abstract:Cryptographic hash functions play a central role in cryptography. Hash functions were introduced in cryptology to provide message integrity and authentication. MD5, SHA1 and RIPEMD are among the most commonly used message digest algorithm. Recently proposed attacks on well known and widely used hash functions motivate a design of new stronger hash function. In this paper a new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure. This hash function is collision resistant and assures a good compression and preimage resistance.

Cryptography and Security

Hongbo Yu,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-642-22497-3_11

2011-01-01

Abstract:SIMD is one of the second round candidates of the SHA-3 competition hosted by NIST. In this paper, we present the first attack for the compression function of the reduced SIMD-256 and the full SIMD-512 (the tweaked version) using the modular difference method. For SIMD256, we give a free-start near collision attack on the compression function reduced to 20 steps with complexity 2(116). And for SIMD-512, we give a free-start near collision attack on the 24-step compression function with complexity 2(235). Furthermore, we give a distinguisher attack for the full compression function of SIMD-512 with complexity 2(475). Our attacks are also applicable for the final compression function of SIMD.

Yilmaz Aydin,Ali Murat Garipcan,Fatih Özkaynak

DOI: https://doi.org/10.1007/s13369-024-09251-8

IF: 2.807

2024-06-26

Arabian Journal for Science and Engineering

Abstract:In this study, a novel robust design methodology that successfully meets the performance and security criteria for substitution-boxes (s-boxes), critical component in block cipher systems, is proposed. Unlike traditional methods providing low-level randomness, the proposed method utilizes physical true randomness as the entropy source, significantly improving the robustness and effectiveness of the s-box design. Phase noise (jitter) occurring on ring oscillators (ROs) is used for true randomness inputs with high security and unpredictability properties in the proposed method. The success of the proposed method is evaluated by considering key performance metrics of s-boxes such as bijectivity, strict avalanche criterion (SAC), bit independence criterion (BIC), nonlinearity (NL), and differential probability (DP). In the novel method, including the integration of the secure hashing algorithm (SHA)-256 hash function for cryptographic usage adequacy of the noise signal, 106.75 NL, 0.4995 SAC, and 105.7 average BIC-NL values can be obtained for s-boxes without any additional optimization process. Considering the low DP value, the analysis results confirm that the s-boxes produced by the proposed method can provide remarkable resistance against linear and differential cryptanalysis scenarios. Numerical findings also show that the proposed s-boxes are competitive and superior compared to other s-box designs in the literature. In conclusion, we believe that the methodology producing robust and reliable s-box solutions for block cipher systems contains important contributions inspiring future research regarding design principles.

multidisciplinary sciences

Fan Zhang,Xiaofei Dong,Xinjie Zhao,Yidi Wang,Samiya Qureshi,Yiran Zhang,Xiaoxuan Lou,Yongkang Tang

DOI: https://doi.org/10.1109/MASS.2018.00056

2018-01-01

Abstract:This paper proposed an advanced round modification fault analysis (RMFA) at the theoretical level on AEGIS-128, which is one of seven finalists in CAESAR competition. First, we clarify our assumptions and simplifications on the attack model, focusing on the encryption security. Then, we emphasize the difficulty of applying vanilla RMFA to AEGIS-128 in the practical case. Finally we demonstrate our advanced fault analysis on AEGIS-128 using machine-solver based algebraic techniques. Our enhancement can be used to conquer the practical scenario which is difficult for vanilla RMFA. Simulation results show that when the fault is injected to the initialization phase and the number of rounds is reduced to one, two samples of injections can extract the whole 128 key bits within less than two hours. This work can also be extended to other versions such as AEGIS-256.

Hongbo Yu,Jiazhe Chen,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-662-43933-3_14

2013-01-01

Abstract:The hash function Skein is one of 5 finalists of the NIST SHA-3 competition. It is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper proposes a free-start partial-collision attack on round-reduced Skein-256 by combing the rebound attack with the modular differential techniques. The main idea of our attack is to connect two short differential paths into a long one with another differential characteristic that is complicated. Following our path, we give a free-start partial-collision attack on Skein-256 reduced to 32 rounds with Hamming distance 50 and complexity about 2(85) hash computations. In particular, we provide practical near-collision examples for Skein-256 reduced to 24 rounds and 28 rounds in the fixed tweaks and choosing tweaks setting separately. As far as we know, this is the first construction of a non-linear differential path for Skein which can lead to significantly improvement over previous analysis.

Shivam Bhasin,Jingyu Pan,Fan Zhang

2018-01-01

Abstract:This works gives an overview of persistent fault attacks on block ciphers, a recently introduced fault analysis technique based on persistent faults. The fault typically targets stored constant of cryptographic algorithms over several encryption calls with a single injection. The underlying analysis technique statistically recovers the secret key and is capable of defeating several popular countermeasures by design.

Xiaoyun Wang,Andrew C Yao,Frances Yao

2005-01-01

Abstract:Page 1. Cryptanalysis on SHA-1 Xiaoyun Wang, Andrew C Yao, and Frances Yao Xiaoyun Wang Tsinghua University & Shandong Unversity Andrew C Yao Tsinghua University Frances Yao City University of Hong Kong Page 2. Outline ∎ Obstacles for further improvement on SHA-1 attack ∎ New collision path for SHA-1 (First iteration path) ∎ Comparing new collision path with previous path ∎ Strategies for message modification ∎ Details of message modification ∎ The complexity of searching for collisions Page 3. Obstacles for Further Improvement on SHA-1 Attack ∎ Unlike SHA-0 and MD5, many message conditions and chaining variable conditions must co-exist in each step of differential path Page 4. Obstacles for Further Improvement on SHA-1 Attack (continued) ∎ Difficult, because message space available is tight: -- 50 message conditions in steps 17-80 -- hence 50 message conditions in steps 12-16 …

Ping Zhou,Tao Wang,Fan Zhang,Xinjie Zhao

DOI: https://doi.org/10.13245/j.hust.180305

2018-01-01

Abstract:Previous flush-reload cache attacks cannot be directly adopted to SM2 digital signature algorithm.In this paper,an improved method for selecting the monitored address in flush-reload cache attacks on SM2 was proposed.By taking advantage of multiple cache accesses caused by function callings, the cache lines which contain call instructions were selected to be the monitored addresses in order to increase the accuracy.The experimental results show that the proposed method makes the flush-reload attack on SM2 feasible and effective.The 256 bit scalark can be recovered with a bit errors rate as only 1.09％ by the side channel information of a single signing.The full private key can be recovered with a success rate as 59％ through 64 times exhaustive research.

Huafei Zhu,Haibin Qu,Lixin Ran,Yumin Wang

IF: 1.019

2000-01-01

Chinese Journal of Electronics

Abstract:Pseudo-randomness and differential aspect of the unbalanced Feistel block cipher BEAR are mainly concerned in this paper. We have shown that two facts of block cipher BEAR. The order of pseudo-randomness of BEAR is O(2(t/2) + 2(S/2)), which implies that BEAR can resist O(2(t/2)+ 2(s/2)) Order plain-text attack. And the other fact is that if hash function can resist differential attack then so does the block cipher BEAR.

Haijian Zhou,Ping Luo,Daoshun Wang,Yiqi Dai

DOI: https://doi.org/10.1007/978-3-540-79499-8_32

2008-01-01

Abstract:The Lu-Lee public key cryptosystem and Adiga-Shankar's modification are considered to be insecure with cryptanalysis by integer linear programing, since only 2 or 3 unknown message blocks are used in the modular linear equation for encryption procedure. Unfortunately integer linear programming algorithms falls in trouble with more unknowns. In this paper we present a probabilistic algorithm for cryptanalysis of general Lu-Lee type systems with nmessage blocks. The new algorithm is base on lattice reduction and succeeds to break Lu-Lee type systems with up to 68 message blocks.

Gaoli Wang,Hongbo Yu

DOI: https://doi.org/10.1049/iet-ifs.2014.0244

2015-01-01

IET Information Security

Abstract:RIPEMD-128 is an ISO/IEC standard cryptographic hash function proposed in 1996 by Dobbertin, Bosselaers and Preneel. The compression function of RIPEMD-128 consists of two different and almost independent parallel lines denoted by line1 operation and line2 operation. The initial values and the output values of the last step of the two operations are combined, resulting in the final value of one iteration. In this study, the authors present collision differential characteristics for both 40-step line1 operation and 40-step line2 operation by choosing a proper message difference. By using message modification technique, they improve the probabilities of the differential characteristics so that they can give a collision attack on 40-step RIPEMD-128 hash function with a complexity of 2(35) computations. Meanwhile, they improve the distinguishing attack proposed by Landelle and Peyrin at EUROCRYPT 2013, and give a distinguisher on the full RIPEMD-128 hash function with a complexity of 2(90.4) by doing message modification.

Xiaoyun Wang,Yiqun Lisa Yin,Hongbo Yu

DOI: https://doi.org/10.1007/11535218_2

2005-01-01

Abstract:In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.

Wang Xiaoyun,Feng Dengguo,Yu Xiuyuan

DOI: https://doi.org/10.1360/122004-107

2005-01-01

Abstract:In this paper, we give a fast attack against hash function—HAVAL-128. HAVAL was presented by Y. L. Zheng et al. at Auscrypto’92. It can be processed in 3, 4 or 5 passes, and produces 128, 160, 192, or 224-bit fingerprint. We break the HAVAL with 128-bit fingerprint. The conclusion is that, given any 1024-bit message m, we just make some modifications about m, and the modified message m can collide with another message m′ only with probability 1/27, where m′=m+Δm, in which Δm is a fixed difference selected in advance. In addition, two collision examples for HAVAL-128 are given in this paper.

Mehran Mozaffari Kermani,Reza Azarderakhsh,Siavash Bayat-Sarmadi

DOI: https://doi.org/10.48550/arXiv.1804.06497

2018-04-18

Abstract:In cryptographic engineering, extensive attention has been devoted to ameliorating the performance and security of the algorithms within. Nonetheless, in the state-of-the-art, the approaches for increasing the reliability of the efficient hash functions ECHO and Fugue have not been presented to date. We propose efficient fault detection schemes by presenting closed formulations for the predicted signatures of different transformations in these algorithms. These signatures are derived to achieve low overhead for the specific transformations and can be tailored to include byte/word-wide predicted signatures. Through simulations, we show that the proposed fault detection schemes are highly-capable of detecting natural hardware failures and are capable of deteriorating the effectiveness of malicious fault attacks. The proposed reliable hardware architectures are implemented on the application-specific integrated circuit (ASIC) platform using a 65-nm standard technology to benchmark their hardware and timing characteristics. The results of our simulations and implementations show very high error coverage with acceptable overhead for the proposed schemes.

Cryptography and Security

Somitra Kumar Sanadhya,Palash Sarkar

DOI: https://doi.org/10.48550/arXiv.0803.1220

2008-03-08

Abstract:In this note, we provide the first 22-step collisions for SHA-256 and SHA-512. Detailed technique of generating these collisions will be provided in the next revision of this note.

Cryptography and Security

Dan Cao,Jun Han,Xiao-Yang Zeng

DOI: https://doi.org/10.1109/ICASIC.2007.4415767

2007-01-01

Abstract:The hash functions are applied in the communication integrity and signature authentication. There are so many secure communication protocols which involve various hash algorithms of different security level. This paper presents a reconfigurable hardware design to support different protocols, which use SHA-1 or MD5 hash algorithm. Because it implements two algorithms with one set of hardware and only uses two 32-bits registers in the data-path, this design is also an ultra low cost solution for portable communication devices.

Dexi Wang,Yu Jiang,Houbing Song,Fei He,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/access.2017.2697918

IF: 3.9

2017-01-01

IEEE Access

Abstract:Cryptographic hash functions have become the basis of modern network computing for identity authorization and secure computing; protocol consistency of cryptographic hash functions is one of the most important properties that affect the security and correctness of cryptographic implementations, and protocol consistency should be well proven before being applied in practice. Software verification has seen substantial application in safety-critical areas and has shown the ability to deliver better quality assurance for modern software; thus, applying software verification to a protocol consistency proof for cryptographic hash functions is a reasonable approach to prove their correctness. Verification of protocol consistency of cryptographic hash functions includes modeling of the cryptographic protocol and program analysis of the cryptographic implementation; these require a dedicated cryptographic implementation model that preserves the semantics of the code, efficient analysis of cryptographic operations on arrays and bits, and the ability to verify large-scale implementations. In this paper, we propose a fully automatic software verification framework, VeriHash, that brings software verification to protocol consistency proofs for cryptographic hash function implementations. It solves the above challenges by introducing a novel cryptographic model design for modeling the semantics of cryptographic hash function implementations, extended array theories for analysis of operations, and compositional verification for scalability. We evaluated our verification framework on two SHA-3 cryptographic hash function implementations: the winner of the NIST SHA-3 competition, Keccack; and an open-source hash program, RHash. We successfully verified the core parts of the two implementations and reproduced a bug in the published edition of RHash.