Security Analysis of BLAKE2’s Modes of Operation

BLAKE2 is a hash function introduced at ACNS 2013, which has been adopted in many constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received a significant amount of security analysis. Nevertheless, BLAKE2 introduces sufficient changes so that not all results from BLAKE carry over, meaning new analysis is necessary. To date, all known cryptanalysis done on BLAKE2 has focused on its underlying building blocks, with little focus placed on understanding BLAKE2’s generic security. We prove that BLAKE2’s compression function is indifferentiable from a random function in a weakly ideal cipher model, which was not the case for BLAKE. This implies that there are no generic attacks against any of the modes that BLAKE2 uses.

Download Full-text

Building a 256-bit hash function on a stronger MD variant

Open Computer Science ◽

10.2478/s13537-014-0204-7 ◽

2014 ◽

Vol 4 (2) ◽

Cited By ~ 1

Author(s):

Harshvardhan Tiwari ◽

Krishna Asawa

Keyword(s):

Hash Function ◽

Design Principle ◽

Hash Functions ◽

High Sensitivity ◽

Differential Attack ◽

Compression Function ◽

Single Output ◽

Generic Attacks ◽

Cryptographic Techniques ◽

Cryptographic Hash Functions

AbstractCryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-1, RIPEMD-160 and FORK-256 are built on Merkle-Damgård iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions and their underlying Merkle-Damgård construction. In this paper we propose a hash function follows design principle of NewFORK-256 and based on HAIFA construction. Its compression function takes three inputs and generates a single output of 256-bit length. An extra input to a compression function is a 64-bit counter (number of bits hashed so far). HAIFA construction shows strong resistance against major generic and other cryptanalytic attacks. The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail. It is shown that the proposed hash function has high sensitivity to an input message and is secure against different cryptanalytic attacks.

Download Full-text

The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function

Fast Software Encryption - Lecture Notes in Computer Science ◽

10.1007/11799313_21 ◽

2006 ◽

pp. 328-340 ◽

Cited By ~ 27

Author(s):

John Black

Keyword(s):

Hash Function ◽

Ideal Cipher ◽

Ideal Cipher Model ◽

The Ideal

Download Full-text

Security of a New Cryptographic Hash Function - Titanium

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v10.i3.pp1244-1250 ◽

2018 ◽

Vol 10 (3) ◽

pp. 1244

Author(s):

Abdullah Nazeeh Saleh ◽

Mohammad A. Al-Ahmad

Keyword(s):

Hash Function ◽

Random Function ◽

Block Cipher ◽

Security Analysis ◽

Differential Cryptanalysis ◽

Brute Force ◽

Cryptographic Hash Function ◽

Design Choice ◽

Differential Attacks

This paper introduces the security analysis of Titanium hash function that uses SF block cipher and follows sponge construction. A brief description of the sponge function and the design choice of Titanium are introduced. Basic security criteria of random function have been presented and studied on Titanium and then, differential cryptanalysis on Titanium has been performed and showed the resistance of it on the most recent differential attacks. A table of security discussions finalizes the paper and describes the complexity of Titanium on brute force cryptanalysis.

Download Full-text

Merkle-Damgård Construction Method and Alternatives

Journal of information and organizational sciences ◽

10.31341/jios.41.2.9 ◽

2017 ◽

Vol 41 (2) ◽

pp. 283-304 ◽

Cited By ~ 2

Author(s):

Harshvardhan Tiwari

Keyword(s):

Information Security ◽

Hash Function ◽

Hash Functions ◽

Construction Method ◽

Security Requirements ◽

Security Design ◽

Compression Function ◽

Cryptographic Hash Function ◽

Initialization Vector ◽

Generic Attacks

Cryptographic hash function is an important cryptographic tool in the field of information security. Design of most widely used hash functions such as MD5 and SHA-1 is based on the iterations of compression function by Merkle-Damgård construction method with constant initialization vector. Merkle-Damgård construction showed that the security of hash function depends on the security of the compression function. Several attacks on Merkle-Damgård construction based hash functions motivated researchers to propose different cryptographic constructions to enhance the security of hash functions against the differential and generic attacks. Cryptographic community had been looking for replacements for these weak hash functions and they have proposed new hash functions based on different variants of Merkle-Damgård construction. As a result of an open competition NIST announced Keccak as a SHA-3 standard. This paper provides a review of cryptographic hash function, its security requirements and different design methods of compression function.

Download Full-text

Security of Practical Cryptosystems Using Merkle-Damgård Hash Function in the Ideal Cipher Model

Provable Security - Lecture Notes in Computer Science ◽

10.1007/978-3-642-24316-5_20 ◽

2011 ◽

pp. 281-296 ◽

Cited By ~ 1

Author(s):

Yusuke Naito ◽

Kazuki Yoneyama ◽

Lei Wang ◽

Kazuo Ohta

Keyword(s):

Hash Function ◽

Ideal Cipher ◽

Ideal Cipher Model ◽

The Ideal

Download Full-text

Quantum Security Analysis of AES

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2019.i2.55-93 ◽

2019 ◽

pp. 55-93 ◽

Cited By ~ 5

Author(s):

Xavier Bonnetain ◽

María Naya-Plasencia ◽

André Schrottenloher

Keyword(s):

Security Analysis ◽

Building Blocks ◽

Quantum Cost ◽

Secret Key ◽

Trade Offs ◽

Speed Up ◽

Generic Attacks ◽

Differential Attacks ◽

First Time ◽

New Framework

In this paper we analyze for the first time the post-quantum security of AES. AES is the most popular and widely used block cipher, established as the encryption standard by the NIST in 2001. We consider the secret key setting and, in particular, AES-256, the recommended primitive and one of the few existing ones that aims at providing a post-quantum security of 128 bits. In order to determine the new security margin, i.e., the lowest number of non-attacked rounds in time less than 2128 encryptions, we first provide generalized and quantized versions of the best known cryptanalysis on reduced-round AES, as well as a discussion on attacks that don’t seem to benefit from a significant quantum speed-up. We propose a new framework for structured search that encompasses both the classical and quantum attacks we present, and allows to efficiently compute their complexity. We believe this framework will be useful for future analysis.Our best attack is a quantum Demirci-Selçuk meet-in-the-middle attack. Unexpectedly, using the ideas underlying its design principle also enables us to obtain new, counter-intuitive classical TMD trade-offs. In particular, we can reduce the memory in some attacks against AES-256 and AES-128.One of the building blocks of our attacks is solving efficiently the AES S-Box differential equation, with respect to the quantum cost of a reversible S-Box. We believe that this generic quantum tool will be useful for future quantum differential attacks. Judging by the results obtained so far, AES seems a resistant primitive in the post-quantum world as well as in the classical one, with a bigger security margin with respect to quantum generic attacks.

Download Full-text