72 Hits in 5.3 sec

Provable Security of BLAKE with Non-ideal Compression Function [chapter]

Elena Andreeva, Atul Luykx, Bart Mennink
2013 Lecture Notes in Computer Science  
Our attack on the indifferentiability of the BLAKE compression function undermines the provable security strength of BLAKE not only with respect to its overall indifferentiability, but also its collision  ...  2 n/2 assuming the underlying compression function is ideal.  ...  This result confirms BLAKE's resistance against the second preimage attacks of Dean [10] and Kelsey and Schneier [13] , even when the non-ideal compression function of BLAKE is employed.  ... 
doi:10.1007/978-3-642-35999-6_21 fatcat:utn5dn5atvhdvdgbuq4ag6hbky

Security Analysis and Comparison of the SHA-3 Finalists BLAKE, Grøstl, JH, Keccak, and Skein [chapter]

Elena Andreeva, Bart Mennink, Bart Preneel, Marjan Škrobot
2012 Lecture Notes in Computer Science  
At NIST's second SHA-3 Candidate Conference 2010, Andreeva et al. provided a provable security classification of the second round SHA-3 candidates in the ideal model.  ...  An important criterion in the selection process is the SHA-3 hash function security and more concretely, the possible reductions of the hash function security to the security of its underlying building  ...  Fellowship from the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen).  ... 
doi:10.1007/978-3-642-31410-0_18 fatcat:suoxwu43hbcd7pnurcfw22ebky

On security arguments of the second round SHA-3 candidates

Elena Andreeva, Andrey Bogdanov, Bart Mennink, Bart Preneel, Christian Rechberger
2012 International Journal of Information Security  
We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks, and (2) arguments  ...  In this paper, we compare the state of the art provable security reductions for the second round candidates, and review arguments and bounds against classes of differential attacks.  ...  . , k Reductionist security of BLAKE. The compression function of BLAKE is proven optimally collision, second preimage and preimage resistant [5] .  ... 
doi:10.1007/s10207-012-0156-7 fatcat:s2dmf5danrewpptmrpj7qvbuui

Security Reductions of the Second Round SHA-3 Candidates [chapter]

Elena Andreeva, Bart Mennink, Bart Preneel
2011 Lecture Notes in Computer Science  
In this paper, we compare the state of the art provable security reductions of the second round candidates.  ...  An important criterion in the selection process is the SHA-3 hash function security and more concretely, the possible security reductions of the hash function to the security of its underlying building  ...  Fellowship from the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen).  ... 
doi:10.1007/978-3-642-18178-8_5 fatcat:cbyokf2r6ra7lnf77q7f3qzyw4

Verified Security of Merkle-Damgård

Michael Backes, Gilles Barthe, Matthias Berg, Benjamin Gregoire, Cesar Kunz, Malte Skoruppa, Santiago Zanella Beguelin
2012 2012 IEEE 25th Computer Security Foundations Symposium  
The search for a secure replacement is one of the most active topics in the field of cryptography.  ...  Since weaknesses in hash functions may imply vulnerabilities in the constructions that build upon them, ensuring their security is essential.  ...  This represents a deviation with respect to the compression functions of BLAKE and Skein.  ... 
doi:10.1109/csf.2012.14 dblp:conf/csfw/BackesBBGKSB12 fatcat:suvhtzrsl5fo7ca2k2rdnkbqcm

Practical Consequences of the Aberration of Narrow-Pipe Hash Designs from Ideal Random Functions [chapter]

Danilo Gligoroski, Vlastimil Klima
2011 Communications in Computer and Information Science  
Computing of P RF i will use five calls of the compression function CompressSHA256() in the following sequence:  ...  Namely, for an ideal random function with a big domain space {0, 1} N and a finite co-domain space Y = {0, 1} n , for every element y ∈ Y , the probability words -the probability that elements of Y are  ...  Acknowledgement We would like to thank Jean-Philippe Aumasson (from the team of BLAKE hash function), and Orr Dunkelman (from the team of SHAvite-3 hash function) for their great comments, and precise  ... 
doi:10.1007/978-3-642-19325-5_9 fatcat:wk2plgbnpff4vnemvx3i7m2pcq

Critical perspectives on provable security: Fifteen years of "another look" papers

Neal Koblitz, Alfred Menezes
2019 Advances in Mathematics of Communications  
We give an overview of our critiques of "proofs" of security and a guide to our papers on the subject that have appeared over the past decade and a half.  ...  Acknowledgments We wish to thank Ian Blake, Sanjit Chatterjee, Sam Jaques, Paul van Oorschot, Francisco Rodríguez Henríquez, and Palash Sarkar for helpful comments on an earlier draft; and Ann Hibner Koblitz  ...  That level of security is of little value in practice. There might well be much faster non-uniform attacks on the prf property for the compression function of a particular hash function.  ... 
doi:10.3934/amc.2019034 fatcat:gpftyd4hxjebfpzdqwdes345na

The First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition [chapter]

Bart Preneel
2010 Lecture Notes in Computer Science  
During the 1990s, the number of hash function designs grew very quickly, but for many of these proposals security flaws were identified.  ...  Rabin proposed a design with a 64-bit result based on the block cipher DES [37], Yuval showed how to find collisions for an n-bit hash function in time 2 n/2 with the birthday paradox, and Merkle's work  ...  The hash functions Blue Midnight Wish, CubeHash, Blake and Skein are of the ARX (Addition, Rotate, XOR) type; they derive their non-linearity from the carries in the modular addition.  ... 
doi:10.1007/978-3-642-11925-5_1 fatcat:pmaorvizrbghxi2wrtry6i3j7a

Efficient Hashing Using the AES Instruction Set [chapter]

Joppe W. Bos, Onur Özen, Martijn Stam
2011 Lecture Notes in Computer Science  
In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions.  ...  As far as we are aware, this is the first comprehensive performance comparison of multi-block-length hash functions in software.  ...  We gratefully acknowledge Çagdaş Çalık, for granting us access to the Intel i5 with AES-NI to benchmark our programs and Thorsten Kleinjung for useful discussions on how to optimize the SSE polynomial  ... 
doi:10.1007/978-3-642-23951-9_33 fatcat:4z66rhbbyjabfjurfzjzgf3d5y

SPN-Hash: Improving the Provable Resistance against Differential Collision Attacks [chapter]

Jiali Choy, Huihui Yap, Khoongming Khoo, Jian Guo, Thomas Peyrin, Axel Poschmann, Chik How Tan
2012 Lecture Notes in Computer Science  
We propose a new hash function design with variable hash output sizes of 128, 256, and 512 bits, that reduces this gap.  ...  to non-square byte arrays.  ...  Introduction For current hash function designs, there are mainly two approaches to obtain provable security.  ... 
doi:10.1007/978-3-642-31410-0_17 fatcat:5cnw7mauyrhu7kqx4jk6hcnfye

Another Look at Tightness II: Practical Issues in Cryptography [chapter]

Sanjit Chatterjee, Neal Koblitz, Alfred Menezes, Palash Sarkar
2017 Lecture Notes in Computer Science  
How to deal with large tightness gaps in security proofs is a vexing issue in cryptography.  ...  Even when analyzing protocols that are of practical importance, leading researchers often fail to treat this question with the seriousness that it deserves.  ...  Ramanna for providing helpful comments on an earlier draft of §7, Ann Hibner Koblitz for editorial suggestions, and Ian Blake, Eike Kiltz, and Chris Peikert for helpful feedback and suggestions.  ... 
doi:10.1007/978-3-319-61273-7_3 fatcat:auyw65hh2rfh3k3hphhrf6mcra

An AES Based 256-bit Hash Function for Lightweight Applications: Lesamnta-LW

2012 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
The security of Lesamnta-LW is reduced to that of the underlying AES-based block cipher and it is theoretically analyzed for an important application, namely the key-prefix mode.  ...  on a wider variety of environments ranging from inexpensive devices to high-end severs at the 2 120 security level.  ...  level achieved with a high security margin: The compression function is a new mode of a block cipher, called the LW1 mode, which enables us to provide proofs reducing the security of Lesamnta-LW to that  ... 
doi:10.1587/transfun.e95.a.89 fatcat:4yuariv2ybfzfhtmhs6hnxzxau

BLAKE-512-Based 128-Bit CCA2 Secure Timing Attack Resistant McEliece Cryptoprocessor

Santosh Ghosh, Ingrid Verbauwhede
2014 IEEE transactions on computers  
To the best of our knowledge, this is the first hardware design of McEliece with the above mentioned advanced security features which is also resistant against existing timing attacks.  ...  In order to achieve CCA2 security on original McEliece algorithm, we incorporate a SHA-3 finalist, BLAKE-512 module into the architecture.  ...  as compression function.  ... 
doi:10.1109/tc.2012.271 fatcat:rf6tfdqwy5hm7hzfitlpcdqqjm

Analysis of Cryptography Techniques

Ravi K Sheth
The protection of these confidential data from unauthorized access can be done with many encryption techniques.  ...  A cryptographic algorithm is a mathematical function that can be used in the process of encryption and decryption.  ...  III.PURPOSE OF CRYPTOGRAPHY Cryptography provides a number of security goals to ensure the privacy of data, non alteration of data and so on.  ... 
doi:10.26472/ijrae.v1i2.3 fatcat:rp47ns4wmbegne5w5x3qxl6atu

On the Impossibility of Efficiently Combining Collision Resistant Hash Functions [chapter]

Dan Boneh, Xavier Boyen
2006 Lecture Notes in Computer Science  
Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant.  ...  We take a step towards answering this question in the negative -we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given  ...  output of C is as large as its input, which is to say that C is non-compressing.  ... 
doi:10.1007/11818175_34 fatcat:lyfpq3izgbd5nlrb4taxwqoypi
« Previous Showing results 1 — 15 out of 72 results