DTTF/NB479: Dszquphsbqiz Day 27
|
|
- MargaretMargaret Bryan
- 5 years ago
- Views:
Transcription
1 DTTF/NB479: Dszquphsbqiz Day 27 Announceents: Questions? This week: Discrete Logs, Diffie-Hellan, ElGaal Hash Functions and SHA-1 Birthday attacks
2 Hash Functions Message (long) Cryptographic hash Function, h Message digest, y (Shorter fixed length) Shrinks data, so 2 essages can have the sae digest: 1!= 2, but H( 1 ) = h( 2 ) Goal: to provide a unique fingerprint of the essage. How? Must deonstrate 3 properties: 1. Fast to copute y fro. 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collision-free: Can t find any 1!= 2 such that h( 1 )=h( 2 ) easily 4. (Soeties we can settle for weakly collision-free: given, can t find!= with h() = h( ).
3 EHA: Easy Hash Algorith Break into n-bit blocks, append zeros to get a ultiple of n. There are L of the, where L = /n Fast! But not very secure. Doing a left shift on the rows helps a little: y Define as leftshifting by y bits Then i = y i 1 2 =... l = l l 2 1n 2n ln [ c c... ] ll c n 1n 21 l, l+ 1 l, l 1 =h()
4 EHA: Easy Hash Algorith 3 properties: 1. Fast to copute 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collisionfree: Can t find 1!= 2 such that h( 1 )=h( 2 ) 1 2 =... l = l [ c c... ] l 2 2 1n 2n ln c n =h() Exercise: 1. Show that the basic (unrotated) version doesn t satisfy properties 2 and Show that the rotated version doesn t satisfy properties 2 and 3 either. Conclusion: Need nonlinearity!
5 SHA-1: Secure Hash Algorith NSA NIST This standard specifies a Secure Hash Algorith (SHA), which is necessary to ensure the security of the Digital Signature Algorith (DSA). When a essage of any length < 2 64 bits is input, the SHA produces a 160- bit output called a essage digest. The essage digest is then input to the DSA, which coputes the signature for the essage. Signing the essage digest rather than the essage often iproves the efficiency of the process, because the essage digest is usually uch saller than the essage. The sae essage digest should be obtained by the verifier of the signature when the received version of the essage is used as input to SHA. The SHA is called secure because it is designed to be coputationally infeasible to recover a essage corresponding to the essage digest. Any change to the essage in transit will, with a very high probability, result in a different essage digest, and the signature will fail to verify. The SHA is based on principles siilar to those used by Professor Ronald L. Rivest of MIT when designing the MD4 essage digest algorith, and is closely odelled after that algorith. (Proposed Federal Inforation Processing Standard for Secure Hash Standard, Federal Register, v. 57, n. 177, 11 Sep 1992, p ) how?
6 1 SHA-1: Prepare the essage 1. Prepare the essage. Given, create xxxxx.x: Append a 1 and then enough zeros to ake the total congruent to 448 (od 512) bits (to leave roo for the length) Append the length of ( 2 64, so can be written in 64 bits) Break into L 512-bit chunks. Each will be used to copress into a 160- bit total essage digest. Exaple: Encode with length 5000 bits. What is L?
7 2 SHA-1: Notation + Bitwise AND Bitwise OR Bitwise XOR Bitwise NOT Left-shift, with wrap-around Addition, od 2 32
8 3 SHA-1: Iterative copression Idea: iterate over all of the L blocks, outputting a value that is a function of the previous output and the current block: L h h X 0 X 1 X 2 h X 3 h X L =h() (X 0 is constant) Now, the function h
9 4-5 SHA-1: Copression function: h Input: X 0 (160 bits), 1 (512 bits): Output: X 1 (160 bits) W t Expand 1 fro bits. 1 =(W 0..W 15 ) (32 bits each) ( W W W W ) 1 = t 3 t 8 t 14 t 16 Initialization X 4 rounds of 20 iterations each: Each round uses a different K and different nonlinear ixing function f 0 H H = H H H e d = c b a 1 W 0 W 1 W 15 e d c b a K =0x5A Round 1 W 16 W 19 K =6ED9EBA1 K =8F1BBCDC W 79 e d c + X 0 = X b a (20 iters) 1 Round 2 Round 3 Round 4 K =CA62C1D6
10 6 SHA-1: Iterative copression Repeat the algorith on the previous slide L ties until you ve copressed the whole essage into a single 160-bit vector L h h X 0 X 1 X 2 h X 3 h X L =h() Each can be ipleented in hardware.
11 7-9 Interesting trivia The NSA added the left shift in w after the fact. The change corrects a technical flaw that ade the standard less secure than have been thought. (Proposed Revision of Federal Inforation Processing Standard (FIPS) 180, for Secure Hash Standard, Federal Register, v. 59, n. 131, 11 Jul 1994, p )
12 Suary What s an attack on SHA-1 look like? In other words, how do we find collisions? Stay tuned Next tie we ll learn what birthdays have to do with collisions How long before SHA-1 will be broken?
DTTF/NB479: Dszquphsbqiz Day 26
DTTF/NB479: Dszquphsbqiz Day 26 Announceents:. HW6 due now 2. HW7 posted 3. Will pick pres dates Friday Questions? This week: Discrete Logs, Diffie-Hellan, ElGaal Hash Functions, SHA, Birthday attacks
More informationHash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.
Hash Functions 1 Hash Functions A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length. 0 1 1 0 1 0 0 1 Long Message Hash Function 1 1 1
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 11 Hash Functions ver. October 29, 2009 These slides were prepared by
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationMulticollision Attacks on Some Generalized Sequential Hash Functions
Multicollision Attacks on Soe Generalized Sequential Hash Functions M. Nandi David R. Cheriton School of Coputer Science University of Waterloo Waterloo, Ontario N2L 3G1, Canada 2nandi@uwaterloo.ca D.
More informationN-Point. DFTs of Two Length-N Real Sequences
Coputation of the DFT of In ost practical applications, sequences of interest are real In such cases, the syetry properties of the DFT given in Table 5. can be exploited to ake the DFT coputations ore
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationLecture 14: Cryptographic Hash Functions
CSE 599b: Cryptography (Winter 2006) Lecture 14: Cryptographic Hash Functions 17 February 2006 Lecturer: Paul Beame Scribe: Paul Beame 1 Hash Function Properties A hash function family H = {H K } K K is
More informationAn Improved Fast and Secure Hash Algorithm
Journal of Information Processing Systems, Vol.8, No.1, March 2012 http://dx.doi.org/10.3745/jips.2012.8.1.119 An Improved Fast and Secure Hash Algorithm Siddharth Agarwal*, Abhinav Rungta*, R.Padmavathy*,
More informations = (Y Q Y P)/(X Q - X P)
Elliptic Curves and their Applications in Cryptography Preeti Shara M.Tech Student Mody University of Science and Technology, Lakshangarh Abstract This paper gives an introduction to elliptic curves. The
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationThis model assumes that the probability of a gap has size i is proportional to 1/i. i.e., i log m e. j=1. E[gap size] = i P r(i) = N f t.
CS 493: Algoriths for Massive Data Sets Feb 2, 2002 Local Models, Bloo Filter Scribe: Qin Lv Local Models In global odels, every inverted file entry is copressed with the sae odel. This work wells when
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationFast Montgomery-like Square Root Computation over GF(2 m ) for All Trinomials
Fast Montgoery-like Square Root Coputation over GF( ) for All Trinoials Yin Li a, Yu Zhang a, a Departent of Coputer Science and Technology, Xinyang Noral University, Henan, P.R.China Abstract This letter
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationSecure Signatures and Chosen Ciphertext Security in a Quantum Computing World. Dan Boneh and Mark Zhandry Stanford University
Secure Signatures and Chosen Ciphertext Security in a Quantu Coputing World Dan Boneh and Mark Zhandry Stanford University Classical Chosen Message Attack (CMA) σ = S(sk, ) signing key sk Classical CMA
More informationAttacks on hash functions. Birthday attacks and Multicollisions
Attacks on hash functions Birthday attacks and Multicollisions Birthday Attack Basics In a group of 23 people, the probability that there are at least two persons on the same day in the same month is greater
More informationBeyond the MD5 Collisions
Beyond the MD5 Collisions Daniel Joščák Daniel.Joscak@i.cz S.ICZ a.s. Hvězdova 1689/2a, 140 00 Prague 4; Faculty of Mathematics and Physics, Charles University, Prague Abstract We summarize results and
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More information2: Iterated Cryptographic Hash Functions
2: Iterated ryptographic Hash Functions we want hash function H : ({0, 1} n ) {0, 1} n of potentially infinite input size instead we have compression function F : {0, 1} m {0, 1} n {0, 1} n and define
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationHASH FUNCTIONS. Mihir Bellare UCSD 1
HASH FUNCTIONS Mihir Bellare UCSD 1 Hashing Hash functions like MD5, SHA1, SHA256, SHA512, SHA3,... are amongst the most widely-used cryptographic primitives. Their primary purpose is collision-resistant
More informationBirthday Paradox Calculations and Approximation
Birthday Paradox Calculations and Approxiation Joshua E. Hill InfoGard Laboratories -March- v. Birthday Proble In the birthday proble, we have a group of n randoly selected people. If we assue that birthdays
More informationHash Functions. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 34
Hash Functions Ali El Kaafarani Mathematical Institute Oxford University 1 of 34 Outline 1 Definition and Notions of Security 2 The Merkle-damgård Transform 3 MAC using Hash Functions 4 Cryptanalysis:
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More information4. Hash Functions Contents. 4. Hash Functions Message Digest
Contents 1 / 34 Message Digest Application of Message Digest Message Digest 2 (MD2) Message Digest 4 (MD4) Message Digest 5 (MD5) Secure Hash Standard (SHS) purpose: should should prevent prevent from
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 16, 2013 CPSC 467, Lecture 14 1/45 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationAvoiding collisions Cryptographic hash functions. Table of contents
Avoiding collisions Cryptographic hash functions Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Davies-Meyer Hashes in Practice Hash
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationHenning Schulzrinne Columbia University, New York Columbia University, Fall 2000
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 Slide
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationCHAPTER 19: Single-Loop IMC Control
When I coplete this chapter, I want to be able to do the following. Recognize that other feedback algoriths are possible Understand the IMC structure and how it provides the essential control features
More information16 Independence Definitions Potential Pitfall Alternative Formulation. mcs-ftl 2010/9/8 0:40 page 431 #437
cs-ftl 010/9/8 0:40 page 431 #437 16 Independence 16.1 efinitions Suppose that we flip two fair coins siultaneously on opposite sides of a roo. Intuitively, the way one coin lands does not affect the way
More informationElliptic Curve Scalar Point Multiplication Algorithm Using Radix-4 Booth s Algorithm
Elliptic Curve Scalar Multiplication Algorith Using Radix-4 Booth s Algorith Elliptic Curve Scalar Multiplication Algorith Using Radix-4 Booth s Algorith Sangook Moon, Non-eber ABSTRACT The ain back-bone
More informationOn the Big Gap Between p and q in DSA
On the Big Gap Between p and in DSA Zhengjun Cao Department of Mathematics, Shanghai University, Shanghai, China, 200444. caozhj@shu.edu.cn Abstract We introduce a message attack against DSA and show that
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationLecture 10 - MAC s continued, hash & MAC
Lecture 10 - MAC s continued, hash & MAC Boaz Barak March 3, 2010 Reading: Boneh-Shoup chapters 7,8 The field GF(2 n ). A field F is a set with a multiplication ( ) and addition operations that satisfy
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationAlgebraic properties of SHA-3 and notable cryptanalysis results
Algebraic properties of SHA-3 and notable cryptanalysis results Christina Boura University of Versailles, France ICMC 2015, January 9, 2014 1 / 51 Cryptographic Hash Functions H : {0,1} {0,1} n m H h =
More informationCIS 6930/4930 Computer and Network Security. Topic 4. Cryptographic Hash Functions
CIS 6930/4930 Computer and Network Security Topic 4. Cryptographic Hash Functions 1 The SHA-1 Hash Function 2 Secure Hash Algorithm (SHA) Developed by NIST, specified in the Secure Hash Standard, 1993
More informationNetwork Security: Hashes
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 2
More informationFPGA Implementation of Point Multiplication on Koblitz Curves Using Kleinian Integers
FPGA Ipleentation of Point Multiplication on Koblitz Curves Using Kleinian Integers V.S. Diitrov 1 K.U. Järvinen 2 M.J. Jacobson, Jr. 3 W.F. Chan 3 Z. Huang 1 February 28, 2012 Diitrov et al. (Univ. Calgary)
More informationDigital Signature Algorithm
Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 11 DSA: The is a US standard, proposed in 1991 by the NIST Along with the DSA, the hash function SHA-1 was also specified
More informationPh 20.3 Numerical Solution of Ordinary Differential Equations
Ph 20.3 Nuerical Solution of Ordinary Differential Equations Due: Week 5 -v20170314- This Assignent So far, your assignents have tried to failiarize you with the hardware and software in the Physics Coputing
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationCryptographic Hash Functions Part II
Cryptographic Hash Functions Part II Cryptography 1 Andreas Hülsing, TU/e Some slides by Sebastiaan de Hoogh, TU/e Hash function design Create fixed input size building block Use building block to build
More informationFurther progress in hashing cryptanalysis
Further progress in hashing cryptanalysis Arjen K. Lenstra Lucent Technologies, Bell Laboratories February 26, 2005 Abstract Until further notice all new designs should use SHA-256. Existing systems using
More informationOne-way Hash Function Based on Neural Network
One-way Hash Function Based on Neural Network Shiguo Lian, Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science & echnology, Nanjing, 294, China, sg_lian@63.com Abstract A
More informationCryptanalysis of EnRUPT
Cryptanalysis of EnRUPT Dmitry Khovratovich and Ivica Nikolić University of Luxembourg Abstract. In this paper we present a preimage attack on EnRUPT- 512. We exploit the fact that the internal state is
More informationhas the solution where M = Since c = w 2 mod n we have c w 2 (mod p) and c w 2 (mod q);
CHAPTER 6: OTHER CRYPTOSYSTEMS and ASIC CRYPTOGRAPHY PRIMITIVES A large number of interesting and important cryptosystems have already been designed. In this chapter we present several other of them in
More informationCollision Attack on Boole
Collision Attack on Boole Florian Mendel, Tomislav Nad and Martin Schläffer Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology, Inffeldgasse 16a, A-8010
More informationIntroduction Description of MD5. Message Modification Generate Messages Summary
How to Break MD5 and other hash functions Xiaoyun Wang and Hongbo Yu (China) Presented by: Saar Benodiz May 2012 Outline Introduction Description of MD5 Differential Attack for Hash Functions Message Modification
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationChapter 5. Hash Functions. 5.1 The hash function SHA1
Chapter 5 Hash Functions A hash function usually means a function that compresses, meaning the output is shorter than the input. Often, such a function takes an input of arbitrary or almost arbitrary length
More informationFeature Extraction Techniques
Feature Extraction Techniques Unsupervised Learning II Feature Extraction Unsupervised ethods can also be used to find features which can be useful for categorization. There are unsupervised ethods that
More informationRandomized Recovery for Boolean Compressed Sensing
Randoized Recovery for Boolean Copressed Sensing Mitra Fatei and Martin Vetterli Laboratory of Audiovisual Counication École Polytechnique Fédéral de Lausanne (EPFL) Eail: {itra.fatei, artin.vetterli}@epfl.ch
More informationFinding good differential patterns for attacks on SHA-1
Finding good differential patterns for attacks on SHA-1 Krystian Matusiewicz and Josef Pieprzyk Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie University,
More informationCh 12: Variations on Backpropagation
Ch 2: Variations on Backpropagation The basic backpropagation algorith is too slow for ost practical applications. It ay take days or weeks of coputer tie. We deonstrate why the backpropagation algorith
More informationPhysically Based Modeling CS Notes Spring 1997 Particle Collision and Contact
Physically Based Modeling CS 15-863 Notes Spring 1997 Particle Collision and Contact 1 Collisions with Springs Suppose we wanted to ipleent a particle siulator with a floor : a solid horizontal plane which
More informationParallel Implementation of Proposed One Way Hash Function
UDC:004.421.032.24:003.26 Parallel Implementation of Proposed One Way Hash Function Berisha A 1 1 University of Prishtina, Faculty of Mathematics and Natural Sciences, Kosovo artan.berisha@uni-pr.edu Abstract:
More informationMULTIAGENT Resource Allocation (MARA) is the
EDIC RESEARCH PROPOSAL 1 Designing Negotiation Protocols for Utility Maxiization in Multiagent Resource Allocation Tri Kurniawan Wijaya LSIR, I&C, EPFL Abstract Resource allocation is one of the ain concerns
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationLinear and Differential Cryptanalysis of SHA-256
Journal of the Faculty of Environmental Science and Technology, Okayama University Vol.lO, No.!, pp.l 7, February 2005 Linear and Differential Cryptanalysis of SHA-256 WANG Xiao Dong l, Hirofumi ISHIKAWA
More informationRevisiting the security model for aggregate signature schemes
Revisiting the security odel for aggregate signature schees by Marie-Sarah Lacharité A thesis presented to the University of Waterloo in fulfillent of the thesis requireent for the degree of Master of
More informationWhy not SHA-3? A glimpse at the heart of hash functions.
Why not SHA-3? A glimpse at the heart of hash functions. Alexis Breust, François Etcheverry June 18, 2013 Abstract. October 2012, the NIST (National Institute of Standards and Technology) hash function
More informationQuantum public-key cryptosystems based on induced trapdoor one-way transformations
Quantu public-key cryptosystes based on induced trapdoor one-way transforations Li Yang a, Min Liang a, Bao Li a, Lei Hu a, Deng-Guo Feng b arxiv:1012.5249v2 [quant-ph] 12 Jul 2011 a State Key Laboratory
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationGoals of Cryptography. Definition of a Cryptosystem. Security Kerckhoff's Requirements
Goals of Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network Transport Layer Chapter 4: Security
More informationBloom Filters. filters: A survey, Internet Mathematics, vol. 1 no. 4, pp , 2004.
Bloo Filters References A. Broder and M. Mitzenacher, Network applications of Bloo filters: A survey, Internet Matheatics, vol. 1 no. 4, pp. 485-509, 2004. Li Fan, Pei Cao, Jussara Aleida, Andrei Broder,
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationFinite fields. and we ve used it in various examples and homework problems. In these notes I will introduce more finite fields
Finite fields I talked in class about the field with two eleents F 2 = {, } and we ve used it in various eaples and hoework probles. In these notes I will introduce ore finite fields F p = {,,...,p } for
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationPattern Recognition and Machine Learning. Artificial Neural networks
Pattern Recognition and Machine Learning Jaes L. Crowley ENSIMAG 3 - MMIS Fall Seester 2017 Lessons 7 20 Dec 2017 Outline Artificial Neural networks Notation...2 Introduction...3 Key Equations... 3 Artificial
More informationImproved Collision Attack on MD5
Improved Collision Attack on MD5 Yu Sasaki* Yusuke Naito* Noboru Kunihiro* Kazuo Ohta* *The University of Electro-Communications, Japan { yu339, tolucky } @ice.uec.ac.jp Abstract In EUROCRYPT2005, a collision
More informationNew Techniques for Cryptanalysis of Cryptographic Hash Functions. Rafael Chen
New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafael Chen New Techniques for Cryptanalysis of Cryptographic Hash Functions Research Thesis Submitted in partial fulfillment of the requirements
More informationLow-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512
Low-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512 Takanori Isobe and Taizo Shirai Sony Corporation 1-7-1 Konan, Minato-ku, Tokyo 108-0075, Japan {Takanori.Isobe,Taizo.Shirai}@jp.sony.com
More informationAnalysis of Message Injection in Stream Cipher-based Hash Functions
Analysis o Message Injection in Stream Cipher-based Hash Functions Yuto Nakano 1, Carlos Cid 2, Kazuhide Fukushima 1, and Shinsaku Kiyomoto 1 1 KDDI R&D Laboratories Inc. 2 Royal Holloway, University o
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationDistinguishers for the Compression Function and Output Transformation of Hamsi-256
Distinguishers for the Compression Function and Output Transformation of Hamsi-256 Jean-Philippe Aumasson Emilia Käsper Lars Ramkilde Knudsen Krystian Matusiewicz Rune Ødegård Thomas Peyrin Martin Schläffer
More informationSupport Vector Machines MIT Course Notes Cynthia Rudin
Support Vector Machines MIT 5.097 Course Notes Cynthia Rudin Credit: Ng, Hastie, Tibshirani, Friedan Thanks: Şeyda Ertekin Let s start with soe intuition about argins. The argin of an exaple x i = distance
More informationIdentity-Based Key Aggregate Cryptosystem from Multilinear Maps
Identity-Based Key Aggregate Cryptosyste fro Multilinear Maps Sikhar Patranabis and Debdeep Mukhopadhyay Departent of Coputer Science and Engineering Indian Institute of Technology Kharagpur {sikhar.patranabis,
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #4 Sep 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list Quiz #1 will be on Thursday, Sep 9 th
More informationNational 5 Summary Notes
North Berwick High School Departent of Physics National 5 Suary Notes Unit 3 Energy National 5 Physics: Electricity and Energy 1 Throughout the Course, appropriate attention should be given to units, prefixes
More informationChaotic Based Secure Hash Algorithm
Chaotic Based Secure Hash Algorithm Mazen Tawfik Mohammed 1, Alaa Eldin Rohiem 2, Ali El-moghazy 3 and A. Z. Ghalwash 4 1,2 Military technical College, Cairo, Egypt 3 Higher Technological Institute, Cairo,
More informationA Composition Theorem for Universal One-Way Hash Functions
A Composition Theorem for Universal One-Way Hash Functions Victor Shoup IBM Zurich Research Lab, Säumerstr. 4, 8803 Rüschlikon, Switzerland sho@zurich.ibm.com Abstract. In this paper we present a new scheme
More informationMitigating Multi-Target-Attacks in Hash-based Signatures. Andreas Hülsing joint work with Joost Rijneveld, Fang Song
Mitigating Multi-Target-Attacks in Hash-based Signatures Andreas Hülsing joint work with Joost Rijneveld, Fang Song A brief motivation Trapdoor- / Identification Scheme-based (PQ-)Signatures Lattice, MQ,
More informationCourse Notes for EE227C (Spring 2018): Convex Optimization and Approximation
Course Notes for EE227C (Spring 2018): Convex Optiization and Approxiation Instructor: Moritz Hardt Eail: hardt+ee227c@berkeley.edu Graduate Instructor: Max Sichowitz Eail: sichow+ee227c@berkeley.edu October
More informationDeterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family Somitra Kr. Sanadhya and Palash Sarkar Cryptology Research Group Applied Statistics Unit Indian Statistical Institute, Kolkata
More informationLecture 21. Interior Point Methods Setup and Algorithm
Lecture 21 Interior Point Methods In 1984, Kararkar introduced a new weakly polynoial tie algorith for solving LPs [Kar84a], [Kar84b]. His algorith was theoretically faster than the ellipsoid ethod and
More information