Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seyed Amir Hossain Naseredini

Published byΣοφοκλής Δασκαλόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Seyed Amir Hossain Naseredini"— Presentation transcript:

1 Seyed Amir Hossain Naseredini
Cryptographic Hash Functions Definition, History and Cryptanalysis Seyed Amir Hossain Naseredini Computer and Information Technology Engineering Department Spring, 2017

2 Outline About our laboratory Introduction History
2 Outline About our laboratory Introduction History Cryptographic hash function Application ARX-Design hash function An example Cryptanalysis Hash functions’ cryptanalysis Why cryptanalysis Conclusion

3 About our laboratory Data Security Research Laboratory
Under supervision of Professor B. Sadeghiyan Research Area Cryptography Cryptanalysis Security protocols Computer forensic Malware detection Vulnerability Detection

4 Introduction Cryptographic hash function
Introduced by Diffie and Hellman Security requirement Collision resistance Pre-image resistance Second pre-image resistance MD4 was the first cryptographic hash function SHS hash function By NIST Hash function cryptanalysis by Wang et al. SHA-3 competition Select a standard hash function Cryptanalysis To find a flaw

5 Early History Introduced by Diffie and Hellman
1976 The first collision resistant hash function Merkle and Damgard 1989 Cryptographic hash function received more attention 1990s MD4 Cryptanalysis Dobbertin 1995 A huge step in hash function cryptanalysis Wang et al. 2004

6 Cryptographic Hash Function
Introduction Input: m (variable length) Output: H (fixed length) ℎ 𝑚 =𝐻 Cryptographic hash function Collision resistance 𝑚 1 ≠ 𝑚 2 ↛h 𝑚 1 =ℎ( 𝑚 2 ) Pre-image resistance ℎ 𝑚 =𝐻 ,H↛𝑚 Second pre-image resistance ℎ 𝑚 1 =𝐻 , 𝑚 1 ≠ 𝑚 2 ↛ℎ 𝑚 2 =𝐻

7 Cryptographic Hash Function (cont’d)
Two different types Modification Detection Code (MDC) Message Authentication Code(MAC) Message Hash function MAC function Hash MAC Key

8 Cryptographic Hash Function (cont’d)
A Taxonomy MDC One Way Hash Functions (OWHF) Collision Resistant Hash Functions (CRHF) Universal One Way Hash Functions (UOWHF) MAC Application Based on speed/resistance Some usual applications Store passwords Digital Signature Zero-Knowledge proof Use as a PRNG etc.

9 Cryptographic Hash Function (cont’d)
ARX-Design hash functions Use only three operations modular Addition Rotation Xor Modular addition provides nonlinearity Rotation prevents the balance XOR complicates the function ARX operations are functionally complete Security is a common belief and has not been proven.

10 Cryptographic Hash Function (cont’d)
ShA-3 competition finalists BLAKE (Aumasson et al.) Grøstl (Knudsen et al.) JH (Hongjun Wu) Keccak (Keccak team, Daemen et al.) Skein (Schneier et al.) Let’s take a look at BLAKE hash function

11 Cryptographic Hash Function (cont’d)
BLAKE hash function Designed to compete in SHA-3 Did pass to final round ARX-Design ℎ, the compression function Inputs: ℎ= ℎ 0 ,…, ℎ 7 𝑚= 𝑚 0 ,…, 𝑚 15 𝑠= 𝑠 0 ,…, 𝑠 3 𝑡= 𝑡 0 , 𝑡 1 Output: ℎ′= ℎ′ 0 ,…, ℎ′ 7

12 Cryptographic Hash Function (cont’d)
BLAKE hash function Using 𝐺 in compression function (ℎ)

13 Cryptographic Hash Function (cont’d)
BLAKE hash function Column step and diagonal step

14 Cryptographic Hash Function (cont’d)
BLAKE hash function Final round Iterative algorithm

15 Hash Functions’ Cryptanalysis
Purpose Pre-image Second pre-image Collision Others Pseudo collision Length extension Birthday paradox Range: q The number of input data: k 1− 𝑒 −𝑘(𝑘−1)/2𝑞

16 Hash Functions’ Cryptanalysis (cont’d)
Cryptanalysis of hash functions Differential cryptanalysis Reflection cryptanalysis Boomerang attack Linear cryptanalysis Rotational cryptanalysis Cube attack Algebraic cryptanalysis Statistical Sophisticated High data complexity Algebraic Newer Low data complexity

17 Noteworthy cryptanalysis
MD5 differential cryptanalysis 2005, Wang et al. A huge step Cube attack on MD6 2009, Aumasson et al. Rotational cryptanalysis on ARX-Design 2010, Khovratovich and Nikolic Linear cryptanalysis of CubeHash 2011, Ashur and Dukelman Algebraic cryptanalysis on Keccak 2013, Morawiecki and Srebrny

18 Noteworthy cryptanalysis (cont’d)
Some results Algebraic cryptanalysis of Keccak

19 Conclusion Talked about cryptographic hash functions Cryptanalysis
History Application A taxonomy ARX-Design hash function An example Cryptanalysis Hash functions’ cryptanalysis Purpose of cryptanalysis Some results

20 Any Question?

Download ppt "Seyed Amir Hossain Naseredini"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.
Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.

Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?

Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
HASH Functions.

HASH Functions.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.

Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.

Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.

Similar presentations

Ads by Google