Grøstl a SHA-3 candidate
|
|
- Lesley Griffith
- 8 years ago
- Views:
Transcription
1 Grøstl a SHA-3 candidate Krystian Matusiewicz Wroclaw University of Technology CECC 2010, June 12, 2010 Krystian Matusiewicz Grøstl a SHA-3 candidate 1/ 26
2 Talk outline Cryptographic hash functions NIST SHA-3 Competition Grøstl Krystian Matusiewicz Grøstl a SHA-3 candidate 2/ 26
3 Cryptographic hash functions Krystian Matusiewicz Grøstl a SHA-3 candidate 3/ 26
4 Cryptographic hash functions: why? We want to have a short, fixed length fingerprint of any piece of data Different fingerprints certainly different data Identical fingerprints most likely the same data No one can get any information about the data from the fingerprint Krystian Matusiewicz Grøstl a SHA-3 candidate 4/ 26
5 Random Oracle Construction: Box with memory On a new query: pick randomly and uniformly the answer, remember it and return the result On a repeating query, repeat the answer (function) Krystian Matusiewicz Grøstl a SHA-3 candidate 5/ 26
6 Random Oracle Construction: Box with memory On a new query: pick randomly and uniformly the answer, remember it and return the result On a repeating query, repeat the answer (function) Properties: No information about the data To find a preimage: 2 n queries for n-bit outputs To find collisions: 2 n/2 queries Random behaviour Krystian Matusiewicz Grøstl a SHA-3 candidate 5/ 26
7 Random Oracle Construction: Box with memory On a new query: pick randomly and uniformly the answer, remember it and return the result On a repeating query, repeat the answer (function) Properties: No information about the data To find a preimage: 2 n queries for n-bit outputs To find collisions: 2 n/2 queries Random behaviour We want to construct concrete algorithms which are as close to this behaviour as possible. Krystian Matusiewicz Grøstl a SHA-3 candidate 5/ 26
8 NIST SHA-3 Competition Krystian Matusiewicz Grøstl a SHA-3 candidate 6/ 26
9 Krystian Matusiewicz Grøstl a SHA-3 candidate 7/ 26
10 The world after Wang (after 2004) hash designed Wang-inspired attacks MD collisions by hand calculation MD collisions in ms on a computer SHA collisions in 1hr SHA attacked, 2 69 SHA no attack Many other hash functions similar to MD5/SHA-1 were subsequently broken using Wang s method. Krystian Matusiewicz Grøstl a SHA-3 candidate 8/ 26
11 NIST SHA-3 competition There is only one hash function standardized by NIST which is not broken (SHA-256/SHA-512) But design principles are somehow similar to the broken ones, is it secure enough? Would be good to have a backup plan Let s organize a competition like the one for Advanced Encryption Standard! Krystian Matusiewicz Grøstl a SHA-3 candidate 9/ 26
12 First-round SHA-3 candidates Abacus ARIRANG AURORA BLAKE Blender Blue Midnight Wish BOOLE Cheetah CHI CRUNCH CubeHash DCH Dynamic SHA Dynamic SHA2 ECHO ECOH EDON-R EnRUPT ESSENCE FSB Fugue Grøstl Hamsi JH Keccak Khichidi-1 LANE Lesamnta Luffa LUX MCSSHA-3 MD6 MeshHash NaSHA SANDstorm Sarmal Sgail Shabal SHAMATA SHAvite-3 SIMD Skein Spectral Hash StreamHash SWIFFTX Tangle TIB3 Twister Vortex WaMM Waterfall Krystian Matusiewicz Grøstl a SHA-3 candidate 10/ 26
13 Second-round SHA-3 candidates Abacus ARIRANG AURORA BLAKE Blender Blue Midnight Wish BOOLE Cheetah CHI CRUNCH CubeHash DCH Dynamic SHA Dynamic SHA2 ECHO ECOH EDON-R EnRUPT ESSENCE FSB Fugue Grøstl Hamsi JH Keccak Khichidi-1 LANE Lesamnta Luffa LUX MCSSHA-3 MD6 MeshHash NaSHA SANDstorm Sarmal Sgail Shabal SHAMATA SHAvite-3 SIMD Skein Spectral Hash StreamHash SWIFFTX Tangle TIB3 Twister Vortex WaMM Waterfall Krystian Matusiewicz Grøstl a SHA-3 candidate 11/ 26
14 What happens next? August 2010 second NIST workshop Around 5 finalists will be announced before the end of the year The winner selected in 2012 Krystian Matusiewicz Grøstl a SHA-3 candidate 12/ 26
15 The SHA-3 Zoo / Hash function Zoo Everything you ever wanted to know about SHA-3 candidates ehash.iaik.tugraz.at/wiki/the_sha-3_zoo ehash.iaik.tugraz.at/wiki/the_hash_function_zoo Krystian Matusiewicz Grøstl a SHA-3 candidate 13/ 26
16 Grøstl Krystian Matusiewicz Grøstl a SHA-3 candidate 14/ 26
17 The Grøstl team Søren S. Thomsen Martin Schläffer Christian Rechberger Florian Mendel Lars R. Knudsen Praveen Gauravaram & K.M. Krystian Matusiewicz Grøstl a SHA-3 candidate 15/ 26
18 Grøstl hash function m 1 m 2 m 3 m t iv f f f... f Ω H(m) Iterated wide-pipe Output transformation Krystian Matusiewicz Grøstl a SHA-3 candidate 16/ 26
19 Grøstl Compression Function h m f P Q P, Q large, fixed permutations Security reductions: collision, preimage resistance provided that permutations behave like ideal ones Krystian Matusiewicz Grøstl a SHA-3 candidate 17/ 26
20 Grøstl Output Transformation x P Provides protection against some attacks Random behaviour Krystian Matusiewicz Grøstl a SHA-3 candidate 18/ 26
21 Designing an ideal permutation How to design an ideal permutation? No way of telling it apart from randomly chosen permutation No visible structure No differential trail with significant probability Wide-trail strategy Krystian Matusiewicz Grøstl a SHA-3 candidate 19/ 26
22 Grøstl : One round of P, Q ( 10) AddRoundConstant SubBytes ShiftBytes MixBytes Krystian Matusiewicz Grøstl a SHA-3 candidate 20/ 26
23 Grøstl : AddRoundConstant i AddRoundConstant of P i ff AddRoundConstant of Q Permutations must be different (security) Different constants for P and Q Krystian Matusiewicz Grøstl a SHA-3 candidate 21/ 26
24 Grøstl : SubBytes S( ) Krystian Matusiewicz Grøstl a SHA-3 candidate 22/ 26
25 Grøstl : ShiftBytes shift by 0 shift by 1 shift by 2 shift by 3 shift by 4 shift by 5 shift by 6 shift by 7 Krystian Matusiewicz Grøstl a SHA-3 candidate 23/ 26
26 Grøstl : MixBytes B = circ(02,02,03,04,05,03,05,07) Krystian Matusiewicz Grøstl a SHA-3 candidate 24/ 26
27 Cryptanalytic Results Hash function collisions Grøstl-256 4/10 Grøstl-512 5/14 Compression function collisions Grøstl-256 7/10 Grøstl-512 7/14 Permutation non-randomness Grøstl-256 8/10 Krystian Matusiewicz Grøstl a SHA-3 candidate 25/ 26
28 Grøstl : Enjoy! Krystian Matusiewicz Grøstl a SHA-3 candidate 26/ 26
Introduction to SHA-3 and Keccak
Introduction to SHA-3 and Keccak Joan Daemen STMicroelectronics and Radboud University Crypto summer school 2015 Šibenik, Croatia, May 31 - June 5, 2015 1 / 45 Outline 1 The SHA-3 competition 2 The sponge
More informationSHA3 WHERE WE VE BEEN WHERE WE RE GOING
SHA3 WHERE WE VE BEEN WHERE WE RE GOING Bill Burr May 1, 2013 updated version of John Kelsey s RSA2013 presentation Overview of Talk Where We ve Been: Ancient history 2004 The Competition Where We re Going
More informationSHA-2 will soon retire
SHA-2 will soon retire The SHA-3 Song Michael Naehrig Christiane Peters Peter Schwabe Department of Mathematics and Computer Science Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB Eindhoven,
More information2 Classification of the SHA-3 Candidates
Classification of the SHA-3 Candidates Ewan Fleischmann 1, Christian Forler 1,2, and Michael Gorski 1 1 Bauhaus-University Weimar {Ewan.Fleischmann, Michael.Gorski}@uni-weimar.de 2 Sirrix AG security technologies
More informationAn Efficient Cryptographic Hash Algorithm (BSA)
An Efficient Cryptographic Hash Algorithm (BSA) Subhabrata Mukherjee 1, Bimal Roy 2, Anirban Laha 1 1 Dept of CSE, Jadavpur University, Calcutta 700 032, India 2 Indian Statistical Institute, Calcutta
More informationHash Function JH and the NIST SHA3 Hash Competition
Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design
More informationDifferential Cryptanalysis of Hash Functions: How to find Collisions?
Differential Cryptanalysis of Hash Functions: How to find Collisions? Martin Schläffer Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology, Austria martin.schlaeffer@iaik.tugraz.at
More informationComparison of seven SHA-3 candidates software implementations on smart cards.
Comparison of seven SHA-3 candidates software implementations on smart cards. Mourad Gouicem Oberthur Technologies Contact : {g.piret, e.prouff}@oberthur.com October 2010 Abstract In this work, we present
More informationLength extension attack on narrow-pipe SHA-3 candidates
Length extension attack on narrow-pipe SHA-3 candidates Danilo Gligoroski Department of Telematics, Norwegian University of Science and Technology, O.S.Bragstads plass 2B, N-7491 Trondheim, NORWAY danilo.gligoroski@item.ntnu.no
More informationHash Function of Finalist SHA-3: Analysis Study
International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 2, No. 2, April 2013, Page: 1-12, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com Hash Function
More informationRandomly Failed! The State of Randomness in Current Java Implementations
Randomly Failed! The State of Randomness in Current Java Implementations Kai Michaelis, Chris Meyer, Jörg Schwenk Horst Görtz Institute for IT-Security (HGI) Chair for Network and Data Security Ruhr-University
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationPerformance Analysis of the SHA-3 Candidates on Exotic Multi-Core Architectures
Performance Analysis of the SHA-3 Candidates on Exotic Multi-Core Architectures Joppe W. Bos 1 and Deian Stefan 2 1 Laboratory for Cryptologic Algorithms, EPFL, CH-1015 Lausanne, Switzerland 2 Dept. of
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationThe First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition
The First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition Bart Preneel Katholieke Universiteit Leuven and IBBT Dept. Electrical Engineering-ESAT/COSIC, Kasteelpark Arenberg 10 Bus
More informationPermutation-based encryption, authentication and authenticated encryption
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2, and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract.
More informationPre-silicon Characterization of NIST SHA-3 Final Round Candidates
2011 14th Euromicro Conference on Digital System Design Pre-silicon Characterization of NIST Final Round Candidates Xu Guo, Meeta Srivastav, Sinan Huang, Dinesh Ganta, Michael B. Henry, Leyla Nazhandali
More informationlundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal
Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationHow To Attack Preimage On Hash Function 2.2 With A Preimage Attack On A Pre Image
Preimage Attacks on 4-Step SHA-256 and 46-Step SHA-52 Yu Sasaki, Lei Wang 2, and Kazumaro Aoki NTT Information Sharing Platform Laboratories, NTT Corporation 3-9- Midori-cho, Musashino-shi, Tokyo, 8-8585
More informationCryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.
Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message
More informationEvaluation of Digital Signature Process
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
More informationTools in Cryptanalysis of Hash Functions
Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationOne-Way Encryption and Message Authentication
One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationOn the Impact of Known-Key Attacks on Hash Functions
On the Impact of Known-Key Attacs on Hash Functions Bart Mennin and Bart Preneel Dept Electrical Engineering, ESAT/COSIC, KU Leuven, and iminds, Belgium bartmennin@esatuleuvenbe, bartpreneel@esatuleuvenbe
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationA High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski and Kris Gaj ECE Department George Mason University Fairfax, Virginia 22030 email: {mrogawsk, kgaj}@gmu.edu
More informationHASH CODE BASED SECURITY IN CLOUD COMPUTING
ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security
More informationRecommendation for Applications Using Approved Hash Algorithms
NIST Special Publication 800-107 Recommendation for Applications Using Approved Hash Algorithms Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February
More informationIndifferentiability Security of the Fast Wide Pipe Hash: Breaking the Birthday Barrier
Indifferentiability Security of the Fast Wide Pipe Hash: Breaking the Birthday Barrier Dustin Moody Souradyuti Paul Daniel Smith-Tone Abstract A hash function secure in the indifferentiability framework
More informationA NEW HASH ALGORITHM: Khichidi-1
A NEW HASH ALGORITHM: Khichidi-1 Abstract This is a technical document describing a new hash algorithm called Khichidi-1 and has been written in response to a Hash competition (SHA-3) called by National
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationChapter 8: On the Use of Hash Functions in. Computer Forensics
Harald Baier Hash Functions in Forensics / WS 2011/2012 2/41 Chapter 8: On the Use of Hash Functions in Computer Forensics Harald Baier Hochschule Darmstadt, CASED WS 2011/2012 Harald Baier Hash Functions
More informationFinding SHA-2 Characteristics: Searching through a Minefield of Contradictions
Finding SHA-2 Characteristics: Searching through a Minefield of Contradictions Florian Mendel, Tomislav Nad, and Martin Schläffer IAIK, Graz University of Technology, Austria tomislav.nad@iaik.tugraz.at
More informationChapter 1 On the Secure Hash Algorithm family
Chapter 1 On the Secure Hash Algorithm family Written by Wouter Penard, Tim van Werkhoven. 1.1 Introduction This report is on the Secure Hash Algorithm family, better known as the SHA hash functions. We
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationMessage Authentication Codes. Lecture Outline
Message Authentication Codes Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Message Authentication Code Lecture Outline 1 Limitation of Using Hash Functions for Authentication Require an authentic
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationElliptic Curve Hash (and Sign)
Elliptic Curve Hash (and Sign) (and the 1-up problem for ECDSA) Daniel R. L. Brown Certicom Research ECC 2008, Utrecht, Sep 22-24 2008 Dan Brown (Certicom) Elliptic Curve Hash (and Sign) ECC 2008 1 / 43
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCryptography and Network Security Chapter 11. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Chapter 11 Message Authentication and Hash Functions At cats' green on the Sunday he took the message from the inside of
More informationActive Domain Expansion for Narrow-pipe Hash
Active Domain Expansion for Narrow-pipe Hash Xigen Yao Wuxi Hengqi Electromechanical Device Co.Ltd.China email : dihuo377@163.com November 30, 2012 Abstract. In this article, we give an approach to the
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationState of PKI for SSL/TLS
State of PKI for SSL/TLS NIST Workshop on Improving Trust in the Online Marketplace Russ Housley Vigil Security, LLC Introduction State of the PKI for SSL/TLS: Mostly working, but too fragile Facing motivated
More informationA PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR
A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition
More informationCryptography and Network Security Chapter 12
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he
More informationFIPS 202 on the CSRC FIPS publications page: http://csrc.nist.gov/publications/pubsfips.html#202
The attached DRAFT FIPS 202 document (provided here for historical purposes) has been superseded by the following publication: Publication Number: FIPS 202 Title: SHA-3 Standard: Permutation-Based Hash
More informationCryptanalysis of Dynamic SHA(2)
Cryptanalysis of Dynamic SHA(2) Jean-Philippe Aumasson 1,, Orr Dunkelman 2,, Sebastiaan Indesteege 3,4,, and Bart Preneel 3,4 1 FHNW, Windisch, Switzerland. 2 École Normale Supérieure, INRIA, CNRS, Paris,
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationCertificate Authorities and Public Keys. How they work and 10+ ways to hack them.
Certificate Authorities and Public Keys How they work and 10+ ways to hack them. -- FoxGuard Solutions Www.FoxGuardSolutions.com melkins@foxguardsolutions.com Version.05 9/2012 1 Certificate Use Overview
More informationThe Future of Digital Signatures. Johannes Buchmann
The Future of Digital Signatures Johannes Buchmann Digital Signatures Digital signatures document sign signature verify valid / invalid secret public No IT-Security without digital signatures Software
More informationOn the Influence of the Algebraic Degree of the Algebraic Degree of
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 1, JANUARY 2013 691 On the Influence of the Algebraic Degree of the Algebraic Degree of Christina Boura and Anne Canteaut on Abstract We present a
More informationAnnouncing Approval of Federal Information Processing Standard (FIPS) 197, Advanced. National Institute of Standards and Technology (NIST), Commerce.
Billing Code: 3510-CN DEPARTMENT OF COMMERCE National Institute of Standards and Technology (Docket No. 000929280-1201-02 RIN No. 0693-ZA42 Announcing Approval of Federal Information Processing Standard
More informationOverview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things:
SHA-1 Versus SHA-2 Overview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things: - Breaking SHA-1 is not yet practical but will
More informationM.S. Project Proposal. SAT Based Attacks on SipHash
M.S. Project Proposal SAT Based Attacks on SipHash Santhosh Kantharaju Siddappa Department of Computer Science Rochester Institute of Technology Chair Prof. Alan Kaminsky Reader Prof. Stanisław P. Radziszowski
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationHardware Implementation of the Compression Function for Selected SHA-3 Candidates
Hardware Implementation of the Compression Function for Selected SHA-3 Candidates A. H. Namin and M. A. Hasan Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario,
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationThe SHAvite-3 Hash Function
The SHAvite-3 Hash Function Tweaked Version 23.11.2009 Eli Biham 1, and Orr Dunkelman 2,3 1 Computer Science Department, Technion Haifa 32000, Israel biham@cs.technion.ac.il 2 École Normale Supérieure
More informationRecommendation for Applications Using Approved Hash Algorithms
NIST Special Publication 800-107 Revision 1 Recommendation for Applications Using Approved Hash Algorithms Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationThe Advanced Encryption Standard: Four Years On
The Advanced Encryption Standard: Four Years On Matt Robshaw Reader in Information Security Information Security Group Royal Holloway University of London September 21, 2004 The State of the AES 1 The
More informationThe Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) Conception - Why A New Cipher? Conception - Why A New Cipher? DES had outlived its usefulness Vulnerabilities were becoming known 56-bit key was too small Too slow
More informationU.S. Federal Information Processing Standard (FIPS) and Secure File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer www.ipswitchft.com FIPS 140-2 is a standard first published in 2001 by the U.S. National
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationImplementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms -Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationA block based storage model for remote online backups in a trust no one environment
A block based storage model for remote online backups in a trust no one environment http://www.duplicati.com/ Kenneth Skovhede (author, kenneth@duplicati.com) René Stach (editor, rene@duplicati.com) Abstract
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationRelated-Key Rectangle Attack of the Full HAS-160 in Encryption Mode
Related-Key Rectangle Attack of the Full HAS-160 in Encryption Mode Orr Dunkelman 1, Ewan Fleischmann 2, Michael Gorski 2, and Stefan Lucks 2 1 Ecole Normale Superieure, France OrrDunkelman@ensfr 2 Bauhaus-University
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More informationAnalysis and Design of Symmetric Cryptographic Algorithms. Jean-Philippe Aumasson
Analysis and Design of Symmetric Cryptographic Algorithms Jean-Philippe Aumasson October 23, 2009 Abstract This thesis is concerned with the analysis and design of symmetric cryptographic algorithms,
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationFixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006
Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object
More informationAsicBoost A Speedup for Bitcoin Mining
AsicBoost A Speedup for Bitcoin Mining Dr. Timo Hanke March 31, 2016 (rev. 5) Abstract. AsicBoost is a method to speed up Bitcoin mining by a factor of approximately 20%. The performance gain is achieved
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 800-90
Security Analysis of DRBG Using MAC in NIST SP 800-90 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@u-fukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationJohn Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011
John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationData Reduction: Deduplication and Compression. Danny Harnik IBM Haifa Research Labs
Data Reduction: Deduplication and Compression Danny Harnik IBM Haifa Research Labs Motivation Reducing the amount of data is a desirable goal Data reduction: an attempt to compress the huge amounts of
More informationEnhancing Advanced Encryption Standard S-Box Generation Based on Round Key
Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key Julia Juremi Ramlan Mahmod Salasiah Sulaiman Jazrin Ramli Faculty of Computer Science and Information Technology, Universiti Putra
More informationError oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm
Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers
More informationNetwork Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015
Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationContext (2) wireless 1900 data 1960 1980. Context. SecureComm Sept. 2009. Information processing
Upgrading Cryptographic Algorithms for Network Security Bart Preneel COSIC, K.U.Leuven, Belgium Bart.Preneel(at)esat.kuleuven.be http://homes.esat.kuleuven.be/~preneel September 2009 http://www.ecrypt.eu.org
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More information1 Data Encryption Algorithm
Date: Monday, September 23, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been
More informationRemotely Keyed Encryption Using Non-Encrypting Smart Cards
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Remotely Keyed Encryption
More information