Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.

Published byNathan Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK."— Presentation transcript:

1 Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK 07/05/2009, SPI Brno

2 Your Security in the IT Market www.i.cz Hash functions in cryptology ►Key component of many protocols ●Electronic signature ●Integrity check ●One-way function ●… ►Fingerprints or message digests

3 Your Security in the IT Market www.i.cz Good hash ftion must be ►Collision resistant: it is hard to find two distinct inputs m 1 and m 2, s.t. H(m 1 ) = H(m 2 ). ►1 st preimage resistant: given h, it is hard to find any m s.t. h = H(m). ►2 nd preimage resistant: given m 1, it is hard to find m 2 ≠ m 1 s.t. H(m 1 ) = H(m 2 ) ►Efficient (speed matters)

4 Your Security in the IT Market www.i.cz Why to build them? ►Weaknesses in old wide spread h. f. ●MD2, MD4, MD5, SHA 1 ►Real collisions producing algorithms ●Wang et al. 04 ●Klíma 05 ●Rechberger et al. 06 ●Stevens 05 and 06 (new target collisions) ‘ former functions

5 Your Security in the IT Market www.i.cz Need for a new function new candidates for SHA-3 ►“only” SHA 2 functions are fine ►SHA3 competition organized by NIST ●deadline 31. oct. 2008 ●51 submissions

6 Your Security in the IT Market www.i.cz Areas for research and improvements 1.Mode of use for compression function 2.Compression function itself

7 Your Security in the IT Market www.i.cz Improvements of Merkle- Damgård construction

8 Your Security in the IT Market www.i.cz HAIFA, wide pipes, output transformation ►Examples: ARIRANG, BMW, Cheetah,Chi, Echo, Edon-R, Crunch, ECHO, ECOH, Grostl, JH, Keccak, Lux, Lane, Luffa, Lux, Skein, MD6, SIMD, Vortex…

9 Your Security in the IT Market www.i.cz Tree structure ►Example: MD6

10 Your Security in the IT Market www.i.cz Sponge structure ►Absorbing ●Initialize state ●XOR some of the message to the state ●Apply compression function ●XOR some more of the message into the state ●Apply compression function… ►Squeezing ●Apply compression function ●Extract some output ●Apply compression function ●Extract some output ●Apply compression function … ►Examples: Keccak, Luffa.

11 Your Security in the IT Market www.i.cz Improvements of Compression function

12 Your Security in the IT Market www.i.cz One step of compr. ftion ‘ MD5 ‘ SHA-1 ‘ SHA-2

13 Your Security in the IT Market www.i.cz Feedback Shift Register ►Pros: efficiency in HW, known theory from stream ciphers, easy to implement ►Cons: SW implementation, stream cipher weaknesses ►Examples: MD6, Shabal, Essence, NaSHA

14 Your Security in the IT Market www.i.cz Feistel Network ►Pros: block cipher theory, easy to implement ►Cons: can not be generalized ►Examples: ARIRANG, BLAKE, Chi, CRUNCH, DynamicSHA2, JH, Lesamnta, Sarmal, SIMD, Skein, TIB3

15 Your Security in the IT Market www.i.cz S-boxes ►Pros: theory from block ciphers, speed in HW ►Cons: often implemented as look-up tables - side channel attacks ►Examples: Cheetah, Chi, CRUNCH, ECHO, ECOH, Grostl, Hamsi, JH, Khichidy, LANE, Lesamnta, Luffa, Lux, SANDstorm, Sarmal, SHAvite-3, SWIFFTX, TIB3. (33 out of 51 candidates uses S-Boxes) 01 01101 11000

16 Your Security in the IT Market www.i.cz MDS Matrixes ►Pros: mathematical background and proven diffusion properties ►Cons: memory requirements ►Examples: ARIRANG, Cheetah, ECHO, Fugue, Grostl, JH, LANE, Lux, Sarmal, Vortex.

17 Your Security in the IT Market www.i.cz Where to look at candidates: ►NIST webpage: http://csrc.nist.gov/groups/ST/hash/sha- 3/index.html ►Hash ZOO http://ehash.iaik.tugraz.at/index.php?title= The_SHA-3_Zoo&oldid=3106 ►Ebash http://bench.cr.yp.to/results- hash.html ►Classification of the SHA-3 Candidates Cryptology ePrint Archive: Report 511/2008, http://eprint.iacr.org/

18 Your Security in the IT Market www.i.cz Conclusion ►Do not use MD5, MD4, MD2 ►SHA-1 is not recommended after 2009 ►Use SHA-2 instead (no weaknesses) or ►SHA-3 standard is coming in 2-3 years ►Cryptanalysis of current submissions is expected ►Second round candidates coming soon (june-august 2009, 15(?) algorithms)

19 Your Security in the IT Market www.i.cz Thank you for your attention. Daniel Joščák daniel.joscak@i.cz +420 724 429 248 S.ICZ a.s. www.i.cz MFF UK, Dept. of Algebra

Download ppt "Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK."

Similar presentations

Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno.

Your Security in the IT Market Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno.
About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant

About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant
1 EUNICE 2010, 28 - 30 June, 2010, Swiss army knife in cryptography and information security - cryptographic hash functions Swiss army knife in cryptography.

1 EUNICE 2010, June, 2010, Swiss army knife in cryptography and information security - cryptographic hash functions Swiss army knife in cryptography.
Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.
1 Some Current Thinking on Hash Functions Within NIST John Kelsey, NIST, June 2005.

1 Some Current Thinking on Hash Functions Within NIST John Kelsey, NIST, June 2005.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?

Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

Similar presentations

Ads by Google