About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Merkle Damgard Revisited: how to Construct a hash Function
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
The Hash Function “Fugue” Shai Halevi William E. Hall Charanjit S. Jutla IBM T. J. Watson Research Center.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Cryptographic Hash Functions Rocky K. C. Chang, February
Digital Signatures and Hash Functions. Digital Signatures.
Cryptography and Network Security Chapter 3
1 Some Current Thinking on Hash Functions Within NIST John Kelsey, NIST, June 2005.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography and Network Security Hash Algorithms.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
Cryptanalysis. The Speaker  Chuck Easttom  
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Bit Cipher 1. Example of bit Cipher 2 Practical Stream Cipher 3.
Cryptography Team Presentation 2
AVALANCHE EFFECT IN THE FAMILY OF BLOCK CIPHERS “SD-(n,k)” University “Ss Cyril and Methodius” – Skopje, RM S. Markovski, PhD A. Mileva, MSc D. Gligoroski,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Improving Encryption Algorithms Betty Huang Computer Systems Lab
Lecture 2: Introduction to Cryptography
Chapter 11 Message Authentication and Hash Functions.
1 Symmetric key cryptography: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plaintext input How secure.
The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.
Intro to Cryptography Lesson Introduction
Block Cipher- introduction
Cryptographic Hash Functions
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Message Authentication Codes CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
Lecture 4 Data Encryption Standard (DES) Dr. Nermin Hamza
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Chapter 12 – Hash Algorithms
Cryptographic Hash Functions
Cryptographic Hash Functions
Cryptography Lecture 19.
Cryptography Team Presentation 1
Outline Using cryptography in networks IPSec SSL and TLS.
DES (Data Encryption Standard)
Hashing Hash are the auxiliary values that are used in cryptography.
Cryptography Lecture 13.
Cryptographic Hash Functions
Cryptography Lecture 18.
Hash Function Requirements
Cryptographic Hash Functions
Presentation transcript:

About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant Prague, Czech Republic SPI 2007, Security and Protection of Information, May 2 – 4, 2007, Brno, Czech Republic,

Introduction This work arose from the study of hash functions for Czech NSA, presents some parts of the projects ST and ST for Czech NSA. This work arose from the study of hash functions for Czech NSA, presents some parts of the projects ST and ST for Czech NSA. contemporary hash functions contemporary hash functions several generic attacks several generic attacks practical collision attacks on hash functions families MD and SHA. practical collision attacks on hash functions families MD and SHA. Both generic attacks and practical attacks showed us that we underestimated the underlying problems Both generic attacks and practical attacks showed us that we underestimated the underlying problems Antoine Joux, who discovered in 2004 the hash functions generic problem (multi-collisions), said at the Second Cryptographic Hash Workshop, USA, August , 2006: Antoine Joux, who discovered in 2004 the hash functions generic problem (multi-collisions), said at the Second Cryptographic Hash Workshop, USA, August , 2006: "We do not understand what we are doing and we do not really know what we want".

Special block ciphers build a hash function from the classical block cipher is a vain effort like squaring the circle build a hash function from the classical block cipher is a vain effort like squaring the circle special block cipher special block cipher It is something strange – a symmetric block cipher, whose encryption key is under full control of the attacker. The attacker can know the key, select it and change it. This is a new cryptographic primitive. It is something strange – a symmetric block cipher, whose encryption key is under full control of the attacker. The attacker can know the key, select it and change it. This is a new cryptographic primitive. In 1975, a similar idea in another context triggered a revolution in cryptography and gave rise to a new branch: Public Key Cryptography. In this case an attacker could know the encryption key, which had until then seemed foolish. But now PKC is a reality. In 1975, a similar idea in another context triggered a revolution in cryptography and gave rise to a new branch: Public Key Cryptography. In this case an attacker could know the encryption key, which had until then seemed foolish. But now PKC is a reality. Special block ciphers have much stricter requirements: an attacker can select and discretionarily tamper with the key, which seems even more foolish. Special block ciphers have much stricter requirements: an attacker can select and discretionarily tamper with the key, which seems even more foolish. In February this year we proposed the first special block cipher family DN. Double Net DN(n, k)-r has n-bit block, k-bit key and r rounds. And, based on DN, we defined hash functions family HDN(n, k)-r with n-bit hash code. In February this year we proposed the first special block cipher family DN. Double Net DN(n, k)-r has n-bit block, k-bit key and r rounds. And, based on DN, we defined hash functions family HDN(n, k)-r with n-bit hash code.

classical Merkle-Damgard construction of a hash function Instead of compression function f classical block ciphers are used. But there are differences. Instead of compression function f classical block ciphers are used. But there are differences.

Main differences between classical block ciphers and compression functions The main difference is that the compression function has only one input (mi, hi- 1) and does not differentiate between its bits. The main difference is that the compression function has only one input (mi, hi- 1) and does not differentiate between its bits. Classical Block CipherCompression Function contains an element unknown to an attacker an attacker knows all inputs and is able to spool them is meant to hide the plaintext in the ciphertext, based on a secret element ( unknown to an attacker) is meant to hide all inputs in the output, based on a public function is a permutation for fixed-keyis a random transformation it is invertibleone-wayness is needed it is easy to create collisionscollision resistance is needed

We should draw... The main difference is that the compression function has only one input (mi, hi- 1) and does not differentiate between its bits. The main difference is that the compression function has only one input (mi, hi- 1) and does not differentiate between its bits.

We should draw... The main idea is to move both inputs of the classical block cipher into one input – to the key. And to set the plaintext to constant. The main idea is to move both inputs of the classical block cipher into one input – to the key. And to set the plaintext to constant.

Now the special block cipher has to process the key very strong, as the classical block cipher processes the plaintext. the special block cipher has to process the key very strong, as the classical block cipher processes the plaintext. Special Block CipherCompression Function an attacker knows all inputs and is able to spool them No differenceis meant to hide all inputs in the output, based on a public function is a random transformation one-wayness is needed collision resistance is needed

Resulting hash function

Family DN(n, k)- 

The function  is a product of  x r elementary transformations T1. is a product of  x r elementary transformations T1. Each transformation T1 consists of a substitution, a permutation, a linear transformation and round key addition. All these variables can be different for different transformations T1. Each transformation T1 consists of a substitution, a permutation, a linear transformation and round key addition. All these variables can be different for different transformations T1.

The function  The function  uses also SP networks for preparing round keys. The function  uses also SP networks for preparing round keys.

Characteristics Security proofs: Security proofs: Resistance  and  to DC and LC expressible in terms of resistence of used S-boxes. Resistance  and  to DC and LC expressible in terms of resistence of used S-boxes. Parameters: Parameters: Dimensions, all variables (MDS, S-boxes, permutations, constants,...). Dimensions, all variables (MDS, S-boxes, permutations, constants,...).

Special block cipher as a strengthened encryption primitive the technological progress will provide the attackers with new possibilities weakening both classical assumptions: the technological progress will provide the attackers with new possibilities weakening both classical assumptions: the attacker doesn´t know the key the attacker doesn´t know the key impossibility to manipulate with it, as well. impossibility to manipulate with it, as well. Side channel attacks are good example of these possibilities. Side channel attacks are good example of these possibilities. Special block cipher will be resistant against partial key knowledge attacks and manipulation key attacks and various kinds of side channel attacks. This is its main advantage as a cryptographic primitive, used for encryption. Special block cipher will be resistant against partial key knowledge attacks and manipulation key attacks and various kinds of side channel attacks. This is its main advantage as a cryptographic primitive, used for encryption.

Conclusion We have designed new cryptographic primitive - Special Block Cipher. It is a symmetric block cipher, whose encryption key can be revealed to an attacker. Moreover, an attacker can select and discretionarily tamper with the key. We have designed new cryptographic primitive - Special Block Cipher. It is a symmetric block cipher, whose encryption key can be revealed to an attacker. Moreover, an attacker can select and discretionarily tamper with the key. Using special block cipher we proposed a new family of hash functions. Using special block cipher we proposed a new family of hash functions. We present special block cipher family DN and the family of hash functions HDN. These are not just theoretical concepts, but practically employable functions. HDN(512, 8192)-10 is roughly 3 times slower than SHA-512 (and Whirlpool). We present special block cipher family DN and the family of hash functions HDN. These are not just theoretical concepts, but practically employable functions. HDN(512, 8192)-10 is roughly 3 times slower than SHA-512 (and Whirlpool). Basic idea behind the special block cipher DN is simple – contrary to classical block cipher approach, the same attention is paid to key and plaintext processing. Basic idea behind the special block cipher DN is simple – contrary to classical block cipher approach, the same attention is paid to key and plaintext processing. Once the special block cipher concept is examined and accepted in hash functions, it can be used in advance in its original purpose – data encryption. The employment of these stronger functions might not seem as a must in the present block ciphers, but it probably will be in the future. In the hash functions, it is a necessity today already. Once the special block cipher concept is examined and accepted in hash functions, it can be used in advance in its original purpose – data encryption. The employment of these stronger functions might not seem as a must in the present block ciphers, but it probably will be in the future. In the hash functions, it is a necessity today already.

Details of DN and HDN V. Klima, A New Concept of Hash Functions SNMAC Using a Special Block Cipher and NMAC/HMAC Constructions, IACR ePrint archive Report 2006/376, October, 2006, V. Klima, A New Concept of Hash Functions SNMAC Using a Special Block Cipher and NMAC/HMAC Constructions, IACR ePrint archive Report 2006/376, October, 2006, V. Klima, Special block cipher family DN and new generation SNMAC-type hash function family HDN, homepage IACR ePrint archive: Report 2007/050, February, 2007, V. Klima, Special block cipher family DN and new generation SNMAC-type hash function family HDN, homepage IACR ePrint archive: Report 2007/050, February, 2007, Source codes are available on the homepages Source codes are available on the homepages

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.