scholarly journals The Definition and Software Performance of Hashstream, a Fast Length-Flexible PRF

Cryptography ◽  
2018 ◽  
Vol 2 (4) ◽  
pp. 31 ◽  
Author(s):  
Ted Krovetz
Keyword(s):  
Hash Function ◽  
Provable Security ◽  
Stream Cipher ◽  
Software Performance ◽  
Authenticated Encryption ◽  
Random Generation ◽  
Process Data ◽  
Straightforward Manner ◽  
Caesar Competition ◽  
Universal Hash Function

Two of the fastest types of cryptographic algorithms are the stream cipher and the almost-universal hash function. There are secure examples of each that process data in software using less than one CPU cycle per byte. Hashstream combines the two types of algorithms in a straightforward manner yielding a PRF that can both consume inputs of and produce pseudorandom outputs of any desired length. The result is an object useful in many contexts: authentication, encryption, authenticated encryption, random generation, mask generation, etc. The HS1-SIV authenticated-encryption algorithm—a CAESAR competition second round selection—was based on Hashstream and showed the promise of such an approach by having provable security and topping the speed charts in several test configurations.

Analyzing the Linear Keystream Biases in AEGIS

2020 ◽  
pp. 348-368
Author(s):  
Maria Eichlseder ◽  
Marcel Nageler ◽  
Robert Primas
Keyword(s):  
Family Member ◽  
Upper Bounds ◽  
Software Performance ◽  
Authenticated Encryption ◽  
Boolean Operations ◽  
Large State ◽  
Round Function ◽  
Linear Characteristic ◽  
Caesar Competition ◽  
Generic Attacks

AEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered slight biases in the keystream based on linear characteristics. For family member AEGIS-256, these could be exploited to undermine the confidentiality faster than generic attacks, but this still requires very large amounts of data. For final portfolio member AEGIS-128, these attacks are currently less efficient than generic attacks. We propose improved keystream approximations for the AEGIS family, but also prove upper bounds below 2−128 for the squared correlation contribution of any single suitable linear characteristic.

scholarly journals Ascon v1.2: Lightweight Authenticated Encryption and Hashing

2021 ◽  
Vol 34 (3) ◽  
Author(s):  
Christoph Dobraunig ◽  
Maria Eichlseder ◽  
Florian Mendel ◽  
Martin Schläffer
Keyword(s):  
Hash Function ◽  
Information Infrastructure ◽  
Output Function ◽  
Authenticated Encryption ◽  
Resource Constrained ◽  
Caesar Competition ◽  
Encryption Algorithms ◽  
Basic Need ◽  
Resource Constrained Devices ◽  
Constrained Devices

AbstractAuthenticated encryption satisfies the basic need for authenticity and confidentiality in our information infrastructure. In this paper, we provide the specification of Ascon-128 and Ascon-128a. Both authenticated encryption algorithms provide efficient authenticated encryption on resource-constrained devices and on high-end CPUs. Furthermore, they have been selected as the “primary choice” for lightweight authenticated encryption in the final portfolio of the CAESAR competition. In addition, we specify the hash function Ascon-Hash, and the extendable output function Ascon-Xof. Moreover, we complement the specification by providing a detailed overview of existing cryptanalysis and implementation results.

scholarly journals State-Recovery Attacks on Modified Ketje Jr

2018 ◽  
pp. 29-56
Author(s):  
Thomas Fuhr ◽  
María Naya-Plasencia ◽  
Yann Rotella
Keyword(s):  
Hash Function ◽  
Internal State ◽  
Design Principles ◽  
Original Version ◽  
Divide And Conquer ◽  
Encryption Algorithm ◽  
Authenticated Encryption ◽  
State Recovery ◽  
Caesar Competition

In this article we study the security of the authenticated encryption algorithm Ketje against divide-and-conquer attacks. Ketje is a third-round candidate in the ongoing CAESAR competition, which shares most of its design principles with the SHA-3 hash function. Several versions of Ketje have been submitted, with different sizes for its internal state. We describe several state-recovery attacks on the smaller variant, called Ketje Jr. We show that if one increases the amount of keystream output after each round from 16 bits to 40 bits, Ketje Jr becomes vulnerable to divide-and-conquer attacks with time complexities 271.5 for the original version and 282.3 for the current tweaked version, both with a key of 96 bits. We also propose a similar attack when considering rates of 32 bits for the non-tweaked version. Our findings do not threaten the security of Ketje, but should be taken as a warning against potential future modifications that would aim at increasing the performance of the algorithm.

Data Integrity

2017 ◽  
Author(s):  
Keith M. Martin
Keyword(s):  
Hash Function ◽  
Hash Functions ◽  
Data Integrity ◽  
Message Authentication ◽  
Authenticated Encryption ◽  
Authentication Codes ◽  
Basic Model ◽  
Function Design ◽  
Security Properties ◽  
Different Levels

This chapter discusses cryptographic mechanisms for providing data integrity. We begin by identifying different levels of data integrity that can be provided. We then look in detail at hash functions, explaining the different security properties that they have, as well as presenting several different applications of a hash function. We then look at hash function design and illustrate this by discussing the hash function SHA-3. Next, we discuss message authentication codes (MACs), presenting a basic model and discussing basic properties. We compare two different MAC constructions, CBC-MAC and HMAC. Finally, we consider different ways of using MACs together with encryption. We focus on authenticated encryption modes, and illustrate these by describing Galois Counter mode.

scholarly journals Selected Aspects of the Security of the Process Data Transmission in the Distributed Control System

2016 ◽  
Vol 37 (1) ◽  
pp. 231-252
Author(s):  
Marcin Bednarek ◽  
Tadeusz Dąbrowski ◽  
Tomasz Wawer
Keyword(s):  
Control System ◽  
Distributed Control ◽  
Data Transmission ◽  
Hash Function ◽  
Communication Process ◽  
Distributed Control System ◽  
Process Data ◽  
Process Diagnosis ◽  
Transmission Process

Abstract Communication between the process stations of the distributed control system is carried out. By the supervision and therapeutic systems of the stations communication process diagnosis is performed. Supervision and therapeutic systems are responsible for the security of transmitted data. The security is considered in this article mainly in the aspect of resistance to external destructive factors on the data transmission process. It is assumed that the transmission security can be provided by mechanisms protecting the integrity of the transmitted data. Correctness of the data is controlled by using one-way hash function calculated on the basis of the transmitted value variable and also is attached to the transmitted data. This allows to maintain the integrity of the transmitted process data. A solutions using one-way hash function to protection of the transmission before changing message contents (caused by eg. intruder interference) are proposed in the article.

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Everlasting security of quantum key distribution with 1K-DWCDM and quadratic hash

2021 ◽  
Vol 21 (3&4) ◽  
pp. 0181-0202
Author(s):  
Khodakhast Bibak ◽  
Robert Ritchie ◽  
Behrouz Zolfaghari
Keyword(s):  
Hash Function ◽  
Quantum Key Distribution ◽  
Key Distribution ◽  
Privacy Amplification ◽  
Universal Hashing ◽  
Wide Range ◽  
Strong Property ◽  
Everlasting Security ◽  
Universal Hash Function ◽  
General Method

Quantum key distribution (QKD) offers a very strong property called everlasting security, which says if authentication is unbroken during the execution of QKD, the generated key remains information-theoretically secure indefinitely. For this purpose, we propose the use of certain universal hashing based MACs for use in QKD, which are fast, very efficient with key material, and are shown to be highly secure. Universal hash functions are ubiquitous in computer science with many applications ranging from quantum key distribution and information security to data structures and parallel computing. In QKD, they are used at least for authentication, error correction, and privacy amplification. Using results from Cohen [Duke Math. J., 1954], we also construct some new families of $\varepsilon$-almost-$\Delta$-universal hash function families which have much better collision bounds than the well-known Polynomial Hash. Then we propose a general method for converting any such family to an $\varepsilon$-almost-strongly universal hash function family, which makes them useful in a wide range of applications, including authentication in QKD.

Sign in / Sign up

Export Citation Format

Share Document