Handbook of Applied Cryptography
Handbook of Applied Cryptography
The Design of Rijndael
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
On building hash functions from multivariate quadratic equations
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Security analysis of the mode of JH hash function
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
The PHOTON family of lightweight Hash functions
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
VSH, an efficient and provable collision-resistant hash function
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
VLSI Characterization of the Cryptographic Hash Function BLAKE
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
| Hi-index | 0.00 |
Collision resistance is a fundamental property required for cryptographic hash functions. One way to ensure collision resistance is to use hash functions based on public key cryptography (PKC) which reduces collision resistance to a hard mathematical problem, but such primitives are usually slow. A more practical approach is to use symmetric-key design techniques which lead to faster schemes, but collision resistance can only be heuristically inferred from the best probability of a single differential characteristic path. We propose a new hash function design with variable hash output sizes of 128, 256, and 512 bits, that reduces this gap. Due to its inherent Substitution-Permutation Network (SPN) structure and JH mode of operation, we are able to compute its differential collision probability using the concept of differentials. Namely, for each possible input differences, we take into account all the differential paths leading to a collision and this enables us to prove that our hash function is secure against a differential collision attack using a single input difference. None of the SHA-3 finalists could prove such a resistance. At the same time, our hash function design is secure against pre-image, second pre-image and rebound attacks, and is faster than PKC-based hashes. Part of our design includes a generalization of the optimal diffusion used in the classical wide-trail SPN construction from Daemen and Rijmen, which leads to near-optimal differential bounds when applied to non-square byte arrays. We also found a novel way to use parallel copies of a serial matrix over the finite field GF(24), so as to create lightweight and secure byte-based diffusion for our design. Overall, we obtain hash functions that are fast in software, very lightweight in hardware (about 4625 GE for the 256-bit hash output) and that provide much stronger security proofs regarding collision resistance than any of the SHA-3 finalists.