Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3...
-
Upload
nathan-flynn -
Category
Documents
-
view
213 -
download
0
Transcript of Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3...
![Page 1: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/1.jpg)
www.i.cz
Your Security in the IT Market
Hash Function Design:
Overview of the basic components in SHA-3 competition
Daniel Joščák, S.ICZ a.s. & MFF UK07/05/2009, SPI Brno
![Page 2: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/2.jpg)
www.i.cz
Your Security in the IT Market
Hash functions in cryptology
►Key component of many protocols● Electronic signature● Integrity check● One-way function● …
►Fingerprints or message digests
![Page 3: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/3.jpg)
www.i.cz
Your Security in the IT Market
Good hash ftion must be
►Collision resistant: it is hard to find two distinct inputs m1 and m2, s.t. H(m1) = H(m2).
►1st preimage resistant: given h, it is hard to find any m s.t. h = H(m).
►2nd preimage resistant: given m1, it is hard to find m2≠ m1 s.t. H(m1) = H(m2)
►Efficient (speed matters)
![Page 4: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/4.jpg)
www.i.cz
Your Security in the IT Market
Why to build them?
►Weaknesses in old wide spread h. f.● MD2, MD4, MD5, SHA 1
►Real collisions producing algorithms● Wang et al. 04● Klíma 05 ● Rechberger et al. 06● Stevens 05 and 06 (new target collisions)‘former
functions
![Page 5: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/5.jpg)
www.i.cz
Your Security in the IT Market
Need for a new function
new candidates for SHA-3
►“only” SHA 2 functions are fine ►SHA3 competition organized by NIST
● deadline 31. oct. 2008● 51 submissions
![Page 6: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/6.jpg)
www.i.cz
Your Security in the IT Market
Areas for research and improvements
1. Mode of use for compression function
2. Compression function itself
![Page 7: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/7.jpg)
www.i.cz
Your Security in the IT Market
Improvements of Merkle-Damgård construction
M1 M2
IV f f
ML||pad
f
![Page 8: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/8.jpg)
www.i.cz
Your Security in the IT Market
HAIFA, wide pipes, output transformation
M1 M2
IV f
Ml||pad
ff
ctr, salt
outwide pipe
ctr, salt ctr, salt
►Examples: ARIRANG, BMW, Cheetah,Chi, Echo, Edon-R, Crunch, ECHO, ECOH, Grostl, JH, Keccak, Lux, Lane, Luffa, Lux, Skein, MD6, SIMD, Vortex…
![Page 9: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/9.jpg)
www.i.cz
Your Security in the IT Market
Tree structure
f
M1 M2 M3 M4 M5 M6 M7 Mn
f f
f f
f
►Example: MD6
![Page 10: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/10.jpg)
www.i.cz
Your Security in the IT Market
Sponge structure
►Absorbing● Initialize state● XOR some of the message to the state● Apply compression function● XOR some more of the message into the state● Apply compression function…
►Squeezing ● Apply compression function● Extract some output● Apply compression function● Extract some output● Apply compression function …
►Examples: Keccak, Luffa.
![Page 11: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/11.jpg)
www.i.cz
Your Security in the IT Market
Improvements of Compression function
M W
IV
R
Message expansion
Ri = F(Wi , Ri-1, Ri-2, Ri-3, Ri-4,)
![Page 12: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/12.jpg)
www.i.cz
Your Security in the IT Market
One step of compr. ftion
‘MD5 ‘SHA-1 ‘SHA-2
![Page 13: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/13.jpg)
www.i.cz
Your Security in the IT Market
Feedback Shift Register
►Pros: efficiency in HW, known theory from stream ciphers, easy to implement
►Cons: SW implementation, stream cipher weaknesses
►Examples: MD6, Shabal, Essence, NaSHA
f
![Page 14: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/14.jpg)
www.i.cz
Your Security in the IT Market
Feistel Network
►Pros: block cipher theory, easy to implement
►Cons: can not be generalized►Examples: ARIRANG, BLAKE, Chi,
CRUNCH, DynamicSHA2, JH, Lesamnta, Sarmal, SIMD, Skein, TIB3
L0 R0
F
L1 R1K
onst 1
F
L1 R1
Konst 2
...
![Page 15: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/15.jpg)
www.i.cz
Your Security in the IT Market
S-boxes
►Pros: theory from block ciphers, speed in HW ►Cons: often implemented as look-up tables -
side channel attacks ►Examples: Cheetah, Chi, CRUNCH, ECHO, ECOH,
Grostl, Hamsi, JH, Khichidy, LANE, Lesamnta, Luffa, Lux, SANDstorm, Sarmal, SHAvite-3, SWIFFTX, TIB3. (33 out of 51 candidates uses S-Boxes)
0 10 11 011 10 00
![Page 16: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/16.jpg)
www.i.cz
Your Security in the IT Market
MDS Matrixes
►Pros: mathematical background and proven diffusion properties
►Cons: memory requirements ►Examples: ARIRANG, Cheetah, ECHO,
Fugue, Grostl, JH, LANE, Lux, Sarmal, Vortex.
MDS matrix
x =
![Page 17: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/17.jpg)
www.i.cz
Your Security in the IT Market
Where to look at candidates:
►NIST webpage: http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
►Hash ZOO http://ehash.iaik.tugraz.at/index.php?title=The_SHA-3_Zoo&oldid=3106
►Ebash http://bench.cr.yp.to/results-hash.html
►Classification of the SHA-3 Candidates Cryptology ePrint Archive: Report 511/2008, http://eprint.iacr.org/
![Page 18: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/18.jpg)
www.i.cz
Your Security in the IT Market
Conclusion
►Do not use MD5, MD4, MD2 ►SHA-1 is not recommended after 2009►Use SHA-2 instead (no weaknesses) or►SHA-3 standard is coming in 2-3 years►Cryptanalysis of current submissions is
expected►Second round candidates coming soon
(june-august 2009, 15(?) algorithms)
![Page 19: Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.](https://reader030.fdocument.pub/reader030/viewer/2022032723/56649d025503460f949d5bef/html5/thumbnails/19.jpg)
www.i.cz
Your Security in the IT Market
Thank you for your attention.
Daniel Joščá[email protected]+420 724 429 248
S.ICZ a.s.www.i.cz
MFF UK, Dept. of Algebra