One-way Hash Function Based on Neural Network

Similar documents
Hashes and Message Digests Alex X. Liu & Haipeng Dai

Cryptanalysis of a Multistage Encryption System

On the Big Gap Between p and q in DSA

Lecture Notes. Advanced Discrete Structures COT S

Hash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.

Analysis of SHA-1 in Encryption Mode

CPSC 467: Cryptography and Computer Security

Pseudo-random Number Generation. Qiuliang Tang

Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages

Breaking an encryption scheme based on chaotic Baker map

Public-key Cryptography: Theory and Practice

All-Or-Nothing Transforms Using Quasigroups

arxiv: v1 [cs.cr] 5 Dec 2007

Chaotic Based Secure Hash Algorithm

A Chaotic Encryption System Using PCA Neural Networks

CRYPTOGRAPHY USING CHAOTIC NEURAL NETWORK

Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References

Blind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics

Weak key analysis for chaotic cipher based on randomness properties

arxiv: v1 [cs.cr] 18 Jul 2009

Blind Collective Signature Protocol

Security Implications of Quantum Technologies

Modified Hill Cipher with Interlacing and Iteration

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

Asymmetric Encryption

Simple Pseudorandom Number Generator with Strengthened Double Encryption (Cilia)

CPSC 467: Cryptography and Computer Security

Cryptanalysis of a computer cryptography scheme based on a filter bank

Design of S-Box using Combination of Chaotic Functions

CHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Network Security: Hashes

Week 12: Hash Functions and MAC

Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration

Symmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)

Symmetric Crypto Systems

A Novel Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos

Computers and Mathematics with Applications

Optimal XOR based (2,n)-Visual Cryptography Schemes

An Improved Fast and Secure Hash Algorithm

Henning Schulzrinne Columbia University, New York Columbia University, Fall 2000

arxiv: v2 [cs.cr] 13 Oct 2016

A Novel Image Encryption Scheme Using the Composite Discrete Chaotic System

Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan

Introduction to Information Security

CRYPTANALYSIS OF FRIDRICH S CHAOTIC IMAGE ENCRYPTION

SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography

Cryptanalyzing a nonlinear chaotic algorithm (NCA) for image encryption

The Hash Function JH 1

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

An efficient parallel pseudorandom bit generator based on an asymmetric coupled chaotic map lattice

Towards Provable Security of Substitution-Permutation Encryption Networks

ENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions

A Large Block Cipher Involving Key Dependent Permutation, Interlacing and Iteration

A Fast Provably Secure Cryptographic Hash Function

CHAPTER 12 CRYPTOGRAPHY OF A GRAY LEVEL IMAGE USING A MODIFIED HILL CIPHER

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.

Cryptographic Hashing

Cryptographic Hash Functions

A novel parallel hash function based on 3D chaotic map

The Parallel One-way Hash Function Based on Chebyshev-Halley Methods with Variable Parameter

ORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open

A Non-symmetric Digital Image Secure Communication Scheme Based on Generalized Chaos Synchronization System

5618 IEEE TRANSACTIONS ON IMAGE PROCESSING, VOL. 26, NO. 12, DECEMBER 2017

arxiv:nlin/ v1 [nlin.cd] 10 Aug 2006

Lecture 1: Introduction to Public key cryptography

CPSC 467b: Cryptography and Computer Security

Linear and Differential Cryptanalysis of SHA-256

Klein s and PTW Attacks on WEP

Practically Secure against Differential Cryptanalysis for Block Cipher SMS4

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Construction of Pseudorandom Binary Sequences Using Chaotic Maps

Stream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida

Lecture 10 - MAC s continued, hash & MAC

Improved Cascaded Stream Ciphers Using Feedback

Public Key Algorithms

A new simple technique for improving the random properties of chaos-based cryptosystems

Polynomial Interpolation in the Elliptic Curve Cryptosystem

Symmetric Crypto Systems

Secure Communication Using H Chaotic Synchronization and International Data Encryption Algorithm

Multi-Map Orbit Hopping Chaotic Stream Cipher

Lecture 12: Block ciphers

Introduction to Cryptography Lecture 4

Avoiding collisions Cryptographic hash functions. Table of contents

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Alternative Approaches: Bounded Storage Model

Robust Hashing Algorithm for Data Verification

Solution of Exercise Sheet 7

Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1

Distinguishing Stream Ciphers with Convolutional Filters

arxiv:cs/ v1 [cs.cr] 2 Feb 2004

CPSC 467: Cryptography and Computer Security

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

REU 2015: Complexity Across Disciplines. Introduction to Cryptography

Notes for Lecture 9. 1 Combining Encryption and Authentication

A NOVEL MULTIPLE PSEUDO RANDOM BITS GENERATOR BASED ON SPATIOTEMPORAL CHAOS. Ping Li,1 Zhong Li Wolfgang. A. Halang Guanrong Chen

4. Hash Functions Contents. 4. Hash Functions Message Digest

Design and Hardware Implementation of a Chaotic Encryption Scheme for Real-time Embedded Systems

Performance Analysis of a Keyed Hash Function based on Discrete and Chaotic Proven Iterations

Transcription:

One-way Hash Function Based on Neural Network Shiguo Lian, Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science & echnology, Nanjing, 294, China, sg_lian@63.com Abstract A hash function is constructed based on a three-layer neural network. he three neuron-layers are used to realize data confusion, diffusion and compression respectively, and the multi-block hash mode is presented to support the plaintext with variable length. heoretical analysis and experimental results show that this hash function is one-way, with high key sensitivity and plaintext sensitivity, and secure against birthday attacks or meet-in-the-middle attacks. Additionally, the neural network s property makes it practical to realize in a parallel way. hese properties make it a suitable choice for data signature or authentication. Keywords neural networks, chaotic neural networks, hash function, digital signature Introduction Neural networks confusion and diffusion properties have been used to design encryption algorithms, such as the stream ciphers [,2] or the block ciphers [3,4]. In fact, neural networks have also a one-way property. For example, if a neuron has multi-inputs and single-output, then it is easy to obtain the output from the inputs but difficult to recover the inputs from the output. hese properties make them suitable for hash function [5,6] design. A hash function encodes a plaintext with variable length into a hash value with fixed length, and it is often used in data signature or data authentication. As is known, a secure hash function should satisfy several requirements: one-way, secure against birthday attack and secure against meet-in-the-middle attack. he one-way property makes it impractical to find a plaintext with the required hash value. he hash function should be secure against birthday attack, which makes it difficult to find two plaintexts with the same hash value. It should also be secure against meet-in-the-middle attack, which makes it difficult to find a plaintext whose hash value is the same as one of the given plaintexts. Recently, it was reported that such widely used hash functions as MD5 or SHA- are no longer secure. hus, new hash functions should be studied in order to meet practical applications. Considering that neural networks have properties suitable for generating hash functions, we try to construct a secure hash function based on a neural network, which not only satisfies the security requirements but also can be efficient-implemented.

2 he Proposed Hash Function Based on Neural Network he Used Neural Network In the proposed hash function, the neural network shown in Fig. is used, which is composed of three layers: the input layer, the hidden layer and the output layer. hey realize data confusion, diffusion and compression respectively. Let the layer inputs and outputs be P[P P P 3 ], C[C C C ], D[D D D ] and H[H H H 3 ], and the neural network is defined as H f ( W D+ B ) f ( W f ( WC+ B) + B ) f ( W f ( W f ( W P+ B ) + B) + B ). () 2 2 2 2 2 2 2 2 2 where f i, W i and B i (,,2) are the transfer function, weight and bias of the i-th neuron layer respectively. Among them, f i is the piecewise linear chaotic map []. It is defined as p P C D H P C D P 2 P 3 P 4 P 5 P 6 C D H H P H 2 P 28 P 29 C D H 3 P 3 P 3 Input Layer Hidden Layer Output Layer Fig.. he hree-layer Neural Network Xk ( )/ Q, Xk ( ) < Q ( Xk ( ) Q)/(.5 Q), Q Xk ( ) <.5 Xk ( + ) f( Xk ( ), Q) ( Q X( k)) /(.5 Q),.5 X( k) < Q ( Xk ( ))/ Q, Q Xk ( ) (2) where Q is the control parameter and satisfies <Q<.5. Here, the map is piecewise linear, and it is in chaotic state when <Q<.5. his chaotic map has some properties suitable for constructing a cipher, such as initial-value sensitivity or parameter sensitivity []. If the chaotic map is iterated for ( is big enough) times, slight difference in the initial-value X(k) or the parameter Q causes large differences in the iterated value X(k+) [8]. Generally, the chaotic function is iterated for ( 5) times to keep the output s randomness. Based on the chaotic map, the input layer is defined as 2

3 3 w, ipi + b, f ( w, ipi + B,, Q ) C w, ipi b, f ( w, ipi B,, Q ) C + + 4 4 C f (, Q ) C 3 3 w, ipi + b, f ( w, ipi + B,, Q ) 28 28 (3) where W w, w, w,3, B is 8 -size, and is the iteration times ( 5). Considering that the input of the chaotic map ranges in [,], the additions are all module. Similarly, the hidden layer and output layer are formulated as follows. f( w C + B, Q ),, i i, D f( w,, ici B,, Q ) D + D f( WC + B) f( WC + B, Q). (4) D f( w,, ici + B,, Q ) f ( w2,, idi + B2,, Q2 ) H f ( w2,, idi B2,, Q2 ) H + H f2( W2D+ B2) f ( W2C+ B2, Q2). (5) H 3 f ( w2,3, idi + B2,3, Q2 ) Here, the weight W is of 8 8-size, B of 8 -size, W 2 of 4 8-size, and B 2 of 4 -size. he hidden layer aims to diffuse the changes in C to the changes in D. he chaotic map f() can be used as the transfer function. In order to keep low cost, the map f() is iterated for only once. he transfer function is f () in the output layer where ( 5) is the iteration time. he repeated iteration improves the randomness of the relation between H and D, and thus strengthens the cryptosystem. he Block Hash he hash function based on the proposed neural network is shown in Fig. 2, which supports the plain-block with fixed length. hat is, the plain-block P composed of 32 data-pixels is encoded into hash value H composed of 4 data-pixels under the control of the user key. Here, each data-pixel is composed of 32 bits, which is quantized (divided by 2 32 ) to a fractional one ranging in [,]. And the result hash bits are extracted from the fractional data-pixels (32-bit from each data-pixel). 3

User Key K Key Generator P W B Q W B Q W 2 B 2 Q 2 C D Input Layer Hidden Layer Output Layer H Fig. 2. he Proposed Hash Function hus, in this condition, the plaintext P consisting of 24 bits is encoded into the four component hash value H consisting of 28 bits. And the key generator is used to produce the sub-keys: W, B, Q, W, B, Q, W 2, B 2 and Q 2, which is composed of 5 data-pixels. Kk k k 2 is divided into four sub-keys: K k k k 3, K k 32 k 33 k 63, K 2 k 64 k 65 k 95 and K 3 k 96 k 9 k 2. And they are quantized and used to generate all the sub-keys as follows. + k X( k) f ( K, K) + k X( k) f ( K2, K3). (6) Ks ( k) ( X( k) + X( k))mod Here, K s (k) (k,, 5) is the k-th sub-key. he module operation is defined as a a, a< mod. a, a < 2 he Multi-block Hash he block hash encodes 24 bits into 28 bits, and the multi-block hash is proposed to encode the plaintext with binary length into 28 bits. First, the plaintext M is appended to the multiples of 24. hat is, one -bit and some -bits are appended to M. Secondly, it is partitioned into n blocks: M, M, and M n-. hen, these blocks are encoded with the multi-block hash mode shown in Fig. 3. hat is, M i s block hash value H Mi is modulated by its key K Mi-. hus, the final hash value is HM KM H ( ) n 2 M K n M H n 3 M H n 2 Mn () ( K H ) H H M M Mn where denotes bitwise XOR operation. M M M M n- K H M K M K M K Mn-2 Block Hash Block Hash Block Hash H M H Mn- H M Fig. 3. he Multi-block Hash Mode 4

3 Security Analysis One-way Property In the proposed hash function, H is easy to be computed from P and K according to Eq. (). However, it is difficult to compute P and K if only H is known. In the input neuron layer, the output is 4 j + 3 j, i i +, j j 4 j C f ( w P B, Q ) f ( Z, Q ) (8) where j varies from to and 4j+ 3 Z w P + B. j, i i, j 4 j At first, let s see how to compute P i from Z j especially under the condition that W,i and B,j are unknown. wo methods can be tried: brute-force attack and select-plaintext attack. For the brute-force attack, 8 data-pixels need at least 2 256 times, which is not practical according to today s computing ability. For the select-plaintext attack, 8 data-pixels need 32 plaintext-key-hash triples. As can be seen, the select-plaintext attack is practical if Z j is known. However, it is difficult to recover Z j from C j. According to the chaotic map, it needs 4 ( 2 ) to compute Z j from C j, which makes it difficult when ( 5) is big enough. For the hidden layer and the output layer, the piecewise linear chaotic map is always used, which keeps the two layers one-way. High Sensitivity For a hash function, it is required that different plaintexts or different keys produce different hash values. his property depends on the hash function s plaintext sensitivity and key sensitivity. Experiments are done to test the hash function s plaintext sensitivity and key sensitivity. As an example, M Cellular neural networks (CNN) chaotic secure communication is a new secure communication scheme based on chaotic synchronization. (ASCII string), and K 2345689abcdef (ASCII string). M (4-bit) is padded by appending a bit and followed by bits, and thus H M DF46FA6AC4D533DF9BD58FC96DAF (hexadecimal digits). hen, only the first bit of M is changed, and thus H M F6C49C826BA542FC965282ED9. Similarly, if only the first bit of K is changed, H M D86825EEB69AF2493C259FCAAC. he hamming distance ratio (Hdr) is defined to measure the difference between them, which is the ratio between the hamming distance and 28. Figure 4(a) shows the result of changing each M -bit, and Figure 4(b) shows the one of changing each K-bit. Seen from the results, all the Hdrs lie near 5%, which means that one bit s change causes a great difference. hus, the proposed hash function satisfies the sensitivity requirement. Hdr (%) 5 Hdr (%) 2 4 6 8 2 4 6 8 2 k (the changed plain-bit) k (the changed key-bit) (a) Plaintext sensitivity; (b) Key sensitivity Fig. 4. Sensitivity est 5 5

Birthday Attack Birthday attack [6] is a typical attack method used to break a hash function. hat is, to find a contradiction is similar to find two persons with the same birthday. hus, for 64-length hash value, the attack difficulty is not 2 64, but much smaller (2 32 ). Considering of the practical computing ability, the hash value s length should be at least 28-bit, which keeps the attack difficulty above 2 64. Here, the proposed hash is 28-length, and it is easy to be expanded to 256 or 52. For example, if the output neuron layer s neurons are increased to 8, then the hash value is of 256-bit; if the input plaintext is increased to 248 and the number of the neurons are doubled, then the hash value is of 52-bit. Meet-in-the-Middle Attack Meet-in-the-middle attack [6] means to find a contradiction through looking for a suitable substitution of the last plaintext block. If M[M M M n-2 M n- ], the expected contradicted one is M [M M M n-2 M n- ]. hat is, the attack process is just to replace M n- with M n- and keep H M unchanged, as is shown in Fig. 5. Because K Mn-2 is not known, the weight, bias and the chaotic map s parameter are all not known. he attackers may attempt to use many plaintext-key-hash triples, but they cannot obtain K Mn-2 because it is in close relation with the key and the previous plaintext blocks. If n, there is only one plain-block, which has been analyzed above. hus, it is difficult to break the hash function with meet-in-the-middle attacks. M n- /M n- ' K Mn-2 Block Hash H Mn- H M Fig. 5. Meet-in-the-Middle Attack 4 Computing Complexity In this hash function, all the three layers and the key generator are realized by multiplication/division and addition/subtraction operations. A neural network s structure makes it practical for parallel realization. Based on this property, the time-efficiency can be improved. he operation numbers of the general-realization and parallel-realization are compared with the ones of the traditional hash functions. Seen from able, the NN-Hash proposed here needs more operations than the traditional ones. However, in a parallel-realization, the operation number decreases greatly, and becomes much smaller than the traditional ones. his property makes it a probable choice for applications with large volumes. able. Comparison of Data Operations (he plaintext is of 24 bits, and 5) Hash Function Operation Parallel MD5 SHA- NN-Hash NN-Hash Multiplication/Division 296 3 88 23 Addition/Subtraction 392 33 9 29 6

5 Conclusions A secure hash function based on a neural network is presented and analyzed. his hash function adopts the neural network s one-way property, diffusion property and confusion property suitably. he analysis and experiments show that this hash function satisfies the security requirements, and is time-efficient by parallel-realization. hus, it is proved practical to construct a hash function based on neural networks. References [] C.-K. Chan and L.M. Cheng. he convergence properties of a clipped Hopfield network and its application in the design of keystream generator, IEEE ransactions on Neural Networks, Vol. 2, No. 2, pp. 34-348, March 2. [2] D.A. Karras and V. Zorkadis. On neural network techniques in the secure management of communication systems through improving and quality assessing pseudorandom stream generators. Neural Networks, Vol. 6, No. 5-6, June - July, 23: 899-95 [3] S.G. Lian, G.R. Chen, A. Cheung, Z.Q. Wang. A Chaotic-Neural-Network-Based Encryption Algorithm for JPEG2 Encoded Images. In: Processing of 24 IEEE Symposium on Neural Networks (ISNN24), Dalian, China, Springer LNCS, 34 (24) 62-632. [4] Liew Pol Yee and L.C. De Silva. Application of multilayer perception networks in symmetric block ciphers. Proceedings of the 22 International Joint Conference on Neural Networks, Honolulu, HI, USA, Vol. 2, 2- May 22: 455 458. [5] Secure Hash Standard. Federal Information Processing Standards Publications (FIPS PUBS) 8-2, 22. [6] S.A. Vanstone, A.J. Menezes, P. C. Oorschot. Handbook of Applied Cryptography. CRC Press, 996. [] S. Papadimitriou,. Bountis, S. Mavroudi, A. Bezerianos. A Probabilistic Symmetric Encryption Scheme for very fast Secure Communication based on Chaotic Systems of Difference Equations. International Journal on Bifurcation & Chaos, Vol., No. 2 (2) 3-35. [8] S.G. Lian, J.S. Sun, Z.Q. Wang. Security Analysis of A Chaos-based Image Encryption Algorithm. Physica A: Statistical and heoretical Physics, Vol. 35, No. 2-4, 5 June 25, Pages 645-66.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback