TWISTERπ - a framework for secure and fast hash functions

2006

We introduce VSH, very smooth hash, a new S-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an S-bit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the S-bit composite per Ω(S) message-bits (as opposed to O(logS) message-bits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.

Vortex is a new family of one-way hash functions which has been submitted to the NIST SHA-3 competition. Its design is based on using the Rijndael block cipher round as a building block, and using a multiplication-based merging function to support fast mixing in a small number of steps. Vortex is designed to be a fast hash function, when running on a processor that has AES acceleration and has a proven collision resistance (2). Several attacks on Vortex have been recently published (3, 4, 5, 6) exploiting some structural properties of its design, as presented in the version submitted to the SHA-3 competition. These are mainly flrst and second preimage attacks with time complexity below the ideal, as well as attempts to distinguish the Vortex output from random. In this paper we study the root-cause of the attacks and propose few amendments to the Vortex structure, which eliminate the attacks without afiecting its collision resistance and performance.

World Wide Web - WWW, 2001

We present Whirlpool, a 512-bit hash function operating on messages less than 2256 bits in length. The function structure is de- signed according to the Wide Trail strategy and permits a wide variety of implementation tradeos.

The design of secure yet efficiently implementable cryptographic algorithms is a fundamental problem of cryptography. Lately, lightweight cryptography -optimizing the algorithms to fit the most constrained environments -has received a great deal of attention, the recent research being mainly focused on building block ciphers. As opposed to that, the design of lightweight hash functions is still far from being well-investigated with only few proposals in the public domain. In this article, we aim to address this gap by exploring the design space of lightweight hash functions based on the sponge construction instantiated with present-type permutations. The resulting family of hash functions is called spongent. We propose 13 spongent variants -for different levels of collision and (second) preimage resistance as well as for various implementation constraints. For each of them we provide several ASIC hardware implementations -ranging from the lowest area to the highest throughput. We make efforts to address the fairness of comparison with other designs in the field by providing an exhaustive hardware evaluation on various technologies, including an open core library. We also prove essential differential properties of spongent permutations, give a security analysis in terms of collision and preimage resistance, as well as study in detail dedicated linear distinguishers.

Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems, 2012

Paper presents a family of parameterized hash functions allowing for flexibility between security and performance. The family consists of three basic hash functions: HaF-256, HaF-512 and HaF-1024 with message digests equal to 256, 512 and 1024 bits, respectively. Details of functions' structure are presented. Method for obtaining function's S-box is described along with the rationale behind it. Security considerations are discussed.

2010

Recent years have witnessed an exceptional research interest in cryptographic hash functions, especially after the popular attacks against MD5 and SHA-1 in 2005. In 2007, the U.S. National Institute of Standards and Technology (NIST) has also significantly boosted this interest by announcing a public competition to select the next hash function standard, to be named SHA-3. Not surprisingly, the hash function literature has since been rapidly growing in an extremely fast pace. In this paper, we provide a comprehensive, up-to-date discussion of the current state of the art of cryptographic hash functions security and design. We first discuss the various hash functions security properties and notions, then proceed to give an overview of how (and why) hash functions evolved over the years giving raise to the current diverse hash functions design approaches. * A short version of this paper is in . This version has been thoroughly extended. An identical version has been uploaded to the Cryptology ePrint Archive: eprint.iacr.org/2011/565

2007

A function that compresses an arbitrarily large message into a fixed small size ‘message digest’ is known as a hash function. For the last two decades, many types of hash functions have been defined but, the most widely used in many of the cryptographic applications currently are hash functions based on block ciphers and the dedicated hash functions. Almost all the dedicated hash functions are generated using the Merkle-Damgard construction which is developed independently by Merkle and Damgard in 1989 [6, 7]. A hash function is said to be broken if an attacker is able to show that the design of the hash function violates at least one of its claimed security property. There are various types of attacking strategies found on hash functions, such as attacks based on the block ciphers, attacks depending on the algorithm, attacks independent of the algorithm, attacks based on signature schemes, and high level attacks. Besides this, in recent years, many structural weaknesses have been f...

2008

Hash functions are a very important cryptographic primitive. The collision resistance of provable hash functions relies on hard mathematical problems. This makes them very appealing for the cryptographic community since collision resistance is by far the most important property that a hash function should satisfy. However, provable hash functions tend to be slower than specially-designed hash functions like SHA, and their algebraic structure often implies homomorphic properties and weak behaviors on particular inputs. We introduce the ZesT hash function, a provable hash function that is based on the Zémor-Tillich hash function. ZesT is provably collision and preimage resistant if the balance problem corresponding to Zémor-Tillich is hard, a problem that has remained unbroken since CRYPTO'94. The function admits an ultra-lightweight implementation in ASIC and it is currently between 2 to 3 times less efficient than SHA on FPGA, and between 4 to 10 times slower than SHA in software. The function has structural parallelism, and its simplicity will certainly allow a much wider range of implementations and many code optimization techniques. A careful examination and pseudorandom tests performed with the Dieharder revealed no apparent malleability weakness, which suggests that the function can be used as a general-purpose hash function. Finally, ZesT can be slightly modified to reach all the requirements of the NIST competition. We stress that the hardness of the balance problem corresponding to Zémor-Tillich should be further studied and better established by the cryptography community. In that case, our function ZesT will definitely become a very appealing all-purpose hash function. Research Fellow of the Belgian Fund for Scientific Research (F.R.S.-FNRS) at Université catholique de Louvain (UCL). A member of BCRYPT network.

2016

In today’s information-based society, encryption along with the techniques for authentication and integrity are key to the security of information. Cryptographic hashing algorithms, such as the Secure Hashing Algorithms (SHA), are an integral part of the solution to the information security problem. This paper presents the state of art hashing algorithms including the security challenges for these hashing algorithms. It also covers the latest research on parallel implementations of these cryptographic algorithms. We present an analysis of serial and parallel implementations of these algorithms, both in hardware and in software, including an analysis of the performance and the level of protection offered against attacks on the algorithms.

IACR Cryptol. ePrint Arch., 2016

RFID technology is one of the major applications of lightweight cryptography where security and cost both are equally essential or we may say that cost friendly cryptographic tools have given more weightage. In this paper, we propose a lightweight hash, Neeva-hash satisfying the very basic idea of lightweight cryptography. Neeva-hash is based on sponge mode of iteration with software friendly permutation which provides great efficiency and required security in RFID technology. The proposed hash can be used for many application based purposes.

2008

This paper advocates a new hash function family based on the HAIFA framework, inheriting built-in randomized hashing and higher security guarantees than the Merkle-Damgård construction against generic attacks. The family has as its special design features: a nested feedforward mechanism and an internal wide-pipe construction within the compression function. As examples, we give two proposed instances that compute 256-and 512-bit digests, with a 8-and 10-round compression function respectively.

cerc.wvu.edu

Hash functions have numerous applications in cryptography, from public key to cryptographic protocols and cryptosystems. Evidently, substantial effort was invested on designing "secure" hash functions, unintentionally overlooking other engineering aspects that may affect their use in practice. However, we argue that in some applications, the efficiency of hash functions is as important as their security. Unlike most of the existing related works in the literature (which merely report on efficiency figures of some popular hash functions without discussing how and why these results were obtained), we not only discuss how to carry out efficiency evaluations, we also provide a set of optimization guidelines to assist implementers in optimizing their implementations. We demonstrate this by adopting an existing SHA-1/SHA-2 implementation and show how minor optimization can lead to significant efficiency improvements.

IACR Cryptol. ePrint Arch., 2012

A hash function maps a variable length input into a fixed length output. The hash functions that are used in the information security related applications are referred as cryptographic hash functions. Hash functions are being used as building blocks of many complex cryptographic mechanisms and protocols. Construction of a hash function consists of two components. First component is a compression function and the second component is a domain extender. The various hash function design philosophies try to design the compression function from different angles. Two major categories of hash functions are: dedicated hash functions, and block cipher-based hash functions. These two kinds of design philosophies have been revisited in this paper. Two dedicated has functions from MD4 family MD4, and SHA-256 constructions have been detailed in this paper. To limit the scope of this paper in this framework, discussions on attacks on hash functions, and SHA-3 finalists have been excluded here.

IJCSNS, 2007

There are various cryptographic protocols in which 160-bit message digest is required. SHA-1is the most well-known 160bit hash function which is still used in protocols despite of its vulnerabilities against collision attacks. Lack of 160-bit hash function structures and disadvantages of truncating outputs of other secure hash functions (security problems and inefficiency) motivated us to introduce a new 160-bit hash function. In this paper, we describe our new software-efficient hash function FORK-160. Hence the name, this function uses basic design principles from the recently proposed hash function FORK-256. However, FORK-160 aims at improving FORK-256 both on security and efficiency. Most notably, FORK-160 uses more secure step function, reasonable message ordering and additive constants which make it resistant against existing cryptanalysis especially local collision attacks.