23 Hits in 2.9 sec

Improved indifferentiability security bound for the JH mode

Dustin Moody, Souradyuti Paul, Daniel Smith-Tone
2015 Designs, Codes and Cryptography  
In this paper, we improve the indifferentiability security bound for the JH mode to n/2 bits (e.g. from 171 to 256 bits when n = 512).  ...  Our bounds are optimal for JH-256, and the best, so far, for JH-512.  ...  improve the quality of the paper. 2 follows the uniform distribution U[0, 2 2n − 1] (Fig. 3(b) ).  ... 
doi:10.1007/s10623-015-0047-9 fatcat:wlonziky3rbkzmrrmshf4caci4

Security Analysis of the Mode of JH Hash Function [chapter]

Rishiraj Bhattacharyya, Avradip Mandal, Mridul Nandi
2010 Lecture Notes in Computer Science  
Indifferentiability is the appropriate notion of modeling a random oracle as well as a strong security criteria for a hash-design.  ...  -We show under the assumption that the underlying permutations is a 2nbit random permutation, JH mode of operation with output length 2n − s bits, is indifferentiable from a random oracle with distinguisher's  ...  Acknowledgements We sincerely thank Jean Sébastien Coron for his valuable comments on initial drafts of this paper. We also thank anonymous reviewers for their thoughtful suggestions.  ... 
doi:10.1007/978-3-642-13858-4_10 fatcat:ktyyyme5hrf7lj53aopxcbp2z4

Security Analysis and Comparison of the SHA-3 Finalists BLAKE, Grøstl, JH, Keccak, and Skein [chapter]

Elena Andreeva, Bart Mennink, Bart Preneel, Marjan Škrobot
2012 Lecture Notes in Computer Science  
We evaluate recent provable security results on the candidates, and resolve remaining open problems for Grøstl, JH, and Skein.  ...  An important criterion in the selection process is the SHA-3 hash function security and more concretely, the possible reductions of the hash function security to the security of its underlying building  ...  The second author is supported by a Ph.D. Fellowship from the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen).  ... 
doi:10.1007/978-3-642-31410-0_18 fatcat:suoxwu43hbcd7pnurcfw22ebky

Security Reductions of the Second Round SHA-3 Candidates [chapter]

Elena Andreeva, Bart Mennink, Bart Preneel
2011 Lecture Notes in Computer Science  
Surprisingly, we derive some security bounds from the literature, which the hash function designers seem to be unaware of.  ...  While some of the candidates are supported with firm security reductions, for most of the schemes these results are still incomplete.  ...  Fellowship from the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen).  ... 
doi:10.1007/978-3-642-18178-8_5 fatcat:cbyokf2r6ra7lnf77q7f3qzyw4

On security arguments of the second round SHA-3 candidates

Elena Andreeva, Andrey Bogdanov, Bart Mennink, Bart Preneel, Christian Rechberger
2012 International Journal of Information Security  
In this paper, we compare the state of the art provable security reductions for the second round candidates, and review arguments and bounds against classes of differential attacks.  ...  We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks, and (2) arguments  ...  Furthermore, the JH hash function is proven indifferentiable from a random oracle if the underlying permutation is ideal [20] . Bounds on DTP for JH.  ... 
doi:10.1007/s10207-012-0156-7 fatcat:s2dmf5danrewpptmrpj7qvbuui

Open problems in hash function security

Elena Andreeva, Bart Mennink, Bart Preneel
2015 Designs, Codes and Cryptography  
This modular design approach allows for a rigorous security analysis via means of both cryptanalysis and provable security.  ...  We present a survey on the state of the art in hash function security and modular design analysis.  ...  This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). Elena Andreeva and Bart Mennink are Postdoctoral Fellows of the Research Foundation -Flanders (FWO).  ... 
doi:10.1007/s10623-015-0096-0 fatcat:alir2p5gybgvrbup5jfvjf45te

Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier

Dustin Moody, Souradyuti Paul, Daniel Smith-Tone
2016 Journal of Mathematical Cryptology  
AbstractA hash function secure in the  ...  By security, we mean the proven indifferentiability security bound of the hash mode.  ...  bound for indifferentiability security of FWP.  ... 
doi:10.1515/jmc-2014-0044 fatcat:qnvcbliju5hi7efgitvh5j7pde

A Novel Permutation-Based Hash Mode of Operation FP and the Hash Function SAMOSA [chapter]

Souradyuti Paul, Ekawat Homsirikamol, Kris Gaj
2012 Lecture Notes in Computer Science  
We compare the FP mode with other permutation-based hash modes, and observe that it displays the so far best security/rate trade-off.  ...  The contribution of the paper is two-fold. First, we design a novel permutationbased hash mode of operation FP, and analyze its security.  ...  Acknowledgments The authors like to thank Dustin Moody and Daniel Smith-Tone for numerous helpful discussions.  ... 
doi:10.1007/978-3-642-34931-7_29 fatcat:vclksy6425g63cn32ujp4joc5y

On the Indifferentiability of Fugue and Luffa [chapter]

Rishiraj Bhattacharyya, Avradip Mandal
2011 Lecture Notes in Computer Science  
To the best of our knowledge, our result for Luffa is the first indifferentiability analysis of a mode of operation based on variable (more than two) number of small permutations.  ...  Indifferentiability is currently considered to be an important security notion for a cryptographic hash function to instantiate Random Oracles in different security proofs.  ...  proved the indifferentiability of sponge mode of operation. In [1, 5] , domain extension technique of Grøstl and JH was proven to be indifferentiable.  ... 
doi:10.1007/978-3-642-21554-4_28 fatcat:7seynuqscrghpoe6ppdmhwjvla

Generic Indifferentiability Proofs of Hash Designs

Marion Daubignard, Pierre-Alain Fouque, Yassine Lakhnech
2012 2012 IEEE 25th Computer Security Foundations Symposium  
We propose a formal analysis of domain extenders for hash functions in the indifferentiability framework.  ...  The theorem can help designers of hash functions justifying the security of their constructions: they only need to bound the probability of welldefined events.  ...  [8] propose to take into account the structure of the domain extender by showing a novel security criterion for them: indifferentiability from a random oracle.  ... 
doi:10.1109/csf.2012.13 dblp:conf/csfw/DaubignardFL12 fatcat:tdweptz4wvfzlcmbv3okl7asnm

Provable Security of BLAKE with Non-ideal Compression Function [chapter]

Elena Andreeva, Atul Luykx, Bart Mennink
2013 Lecture Notes in Computer Science  
We go on to show that BLAKE is still indifferentiable from a random oracle up to the old bound of 2 n/2 queries, albeit under a weaker assumption: the ideality of its block cipher.  ...  Our next contribution is the restoration of the security results for BLAKE in the ideal model by refining the level of modularity and assuming that BLAKE's underlying block cipher is an ideal cipher.  ...  The resulting security loss is reflected in the obtained indifferentiability bound derived in Sect. 6.3.  ... 
doi:10.1007/978-3-642-35999-6_21 fatcat:utn5dn5atvhdvdgbuq4ag6hbky

SPN-Hash: Improving the Provable Resistance against Differential Collision Attacks [chapter]

Jiali Choy, Huihui Yap, Khoongming Khoo, Jian Guo, Thomas Peyrin, Axel Poschmann, Chik How Tan
2012 Lecture Notes in Computer Science  
Due to its inherent Substitution-Permutation Network (SPN) structure and JH mode of operation, we are able to compute its differential collision probability using the concept of differentials.  ...  We also found a novel way to use parallel copies of a serial matrix over the finite field GF (2 4 ), so as to create lightweight and secure byte-based diffusion for our design.  ...  Then our JH-based operating mode allows us to apply directly our security reasoning and obtain a bound on the maximum probability of an attacker looking for collisions using a fixed input difference.  ... 
doi:10.1007/978-3-642-31410-0_17 fatcat:5cnw7mauyrhu7kqx4jk6hcnfye

On the Security of Sponge-type Authenticated Encryption Modes

Bishwajit Chakraborty, Ashwin Jha, Mridul Nandi
2020 IACR Transactions on Symmetric Cryptology  
We show a tight security bound for Transform-then-Permute based on b-bit permutation, which reduces to finding an exact estimation of the expected number of multi-chains (defined in this paper).  ...  The sponge duplex is a popular mode of operation for constructing authenticated encryption schemes.  ...  The authors are supported by the project "Study and Analysis of IoT Security" under Government of India at R. C. Bose Centre for Cryptology and Security, Indian Statistical Institute, Kolkata, India.  ... 
doi:10.13154/tosc.v2020.i2.93-119 dblp:journals/tosc/ChakrabortyJN20 fatcat:5bvtje6zzbgq5onea56emmjhci

Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes

Philipp Jovanovic, Atul Luykx, Bart Mennink, Yu Sasaki, Kan Yasuda
2018 Journal of Cryptology  
This bound was carried over to its keyed variants, such as SpongeWrap, to achieve a min{2 c/2 , 2 κ } security bound, with κ the key length.  ...  We show that Sponge-based constructions for authenticated encryption can achieve the significantly higher bound of min{2 b/2 , 2 c , 2 κ }, with b > c the permutation size, by proving that the CAESAR submission  ...  In particular, we thank Samuel Neves for his useful comments. The authors furthermore thank the reviewers for their insightful comments.  ... 
doi:10.1007/s00145-018-9299-7 fatcat:jqdqmvr2wnec3ip5qy5gmy3hl4

JHAE: A Novel Permutation-Based Authenticated Encryption Mode Based on the Hash Mode JH

Javad Alizadeh, Mohammad Aref, Nasour Bagheri, Alireza Rahimi
2015 Journal of Computing and Security   unpublished
For this, they considered the JH feathers an used a direct approach. Finally, Moody et al. in [16] improved the indifferentiability bound for JH.  ...  In addition, it is demonstrated that the integrity bound of JHAE is reduced to the indifferentiability of JH hash mode, which is at least O(2 n/2 ).  ... 
« Previous Showing results 1 — 15 out of 23 results