lux hash function
play

LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry - PowerPoint PPT Presentation

Mar 19, 2024 •245 likes •539 views

LUX Hash Function LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages LUX Hash Function Design Design LUX Hash

  1. LUX Hash Function LUX Hash Function Ivica Nikoli´ c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

  2. LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages

  3. LUX Hash Function Design Design

  4. LUX Hash Function Design General Design of LUX Stream based (RadioGatun like) hash function Big internal state - 3 × message digest Message is processed by small (32-bit or 64-bit) chunks Round function uses Rijndael-like transformation

  5. LUX Hash Function Design The internal state of LUX The state can be divided into two parts: Buffer - m × 16 matrix of bytes (light transforms) Core - m × 8 matrix of bytes (heavy transforms) Output m Core Buffer Total 256 4 4 × 8 4 × 16 96 512 8 8 × 8 8 × 16 192 Feedforwards between the core and the buffer in each round

  6. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  7. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  8. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  9. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  10. LUX Hash Function Design State update function (round transformation) Rijndael round Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  11. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  12. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  13. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  14. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  15. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  16. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  17. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  18. LUX Hash Function Design Hashing m 1 m 2 m 3 m k 0 0 0 0 0 0 ... ... ... h 1 h 2 h 3 Three phases of hashing: Input phase - absorb the whole message Blank rounds phase - increase diffusion of the last message blocks Output phase - produce the hash value from the state

  19. LUX Hash Function Security Analysis Security Security

  20. LUX Hash Function Security Analysis Multicollisions, length-extension, herding, 2-nd Multicollision, length-extension and herding attacks require internal collisions 2-nd preimage attack (Dean, Kelsey-Schneier) requires finding at least one preimage for some intermediate state value The big internal state of LUX-n has 3 n bits ⇒ internal collisions/preimages are expensive

  21. LUX Hash Function Security Analysis Collisions Truncated differentials (see Peyrin’s attack on Grindahl) Build a trail of truncated differentials Complexity of the attack depends on the number of active S-Boxes Fix some values of the S-Boxes with the message input The best truncated differential trail found for LUX-256 has 88 active S-Boxes where 38 can be fixed ⇒ complexity 2 300

  22. LUX Hash Function Security Analysis Preimages Whole execution of LUX is invertible ⇒ try MITM attack for preimages Big internal state ( 3 n ) stops this attack Try to fix some intermediate values in the buffer. Due to the xor of the core to the buffer, only n bits can be fixed ⇒ complexity of MITM on 2 n -bit state is 2 n

  23. LUX Hash Function Security Analysis Recent cryptanalysis Free-start collisions/preimages and distinguishers (Wu et al.) Free start attacks on invertible functions are trivial. Outputting the whole state at once stops the distinguisher based on the properties of the output transform Length extension slide attack (Peyrin) Needs salt size to be equal to 31 (mod 32) bits. Salt size is fixed to 128-bits in LUX.

  24. LUX Hash Function Implementation Implementation Implementation

  25. LUX Hash Function Implementation Implementation results Primitive comparation to AES (counting the number of XORs and table look-ups) gives a speed-up of 1.2 in favor of LUX 224/256 384/512 32-bit (C) 16.7 28.2 64-bit (asm) 10.2 9.5 Speed on 32-bit can be improved with an assembler implementation The new Intel instruction set can improve the speed of LUX-256

  26. LUX Hash Function Advantages Advantages Advantages

  27. LUX Hash Function Advantages Pros Rijndael-based - well analyzed transformation Cryptanalysis can be focused only on the construction Implementation tricks of Rijndael can be used in LUX Speed - one of the fastest on both 32 and 64-bit platforms Stable high speed on various processors (AMD, Intel) Overperforms all AES based functions

  28. LUX Hash Function Check LUX embourg on cryptolux.org/LUX

Recommend

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D { 0 , 1 } n that is compressing, meaning | D | > 2 n . E.g. D = { 0 , 1 } 2 64 is the set of all strings of length at most 2 64 . h n MD4

1.13k views • 78 slides
, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

R ADIO G ATN , R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni, Joan Daemen, Michal Peeters * and Gilles Van Assche STMicroelectronics * De Valck Consultants Second Cryptographic Hash Workshop

474 views • 16 slides
Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Dictionaries 1/19/2005 11:37 PM Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to Dictionaries and Hash Tables integers in a fixed interval [0, N 1] Example: h ( x ) = x mod N 0 is a hash function for

503 views • 4 slides
The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009 Niels Ferguson Stefan Lucks Bruce Schneier Doug Whiting Mihir Bellare Tadayoshi Kohno Jon Callas Jesse Walker Overview Fast 6.1 cycles/byte on

581 views • 16 slides
Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into arrays: hash tables Converting long strings into shorter strings in an irreversible way: one-way function Turn a 200 KB document into a 16

434 views • 5 slides
Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it")

Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it")

Hashing: basic plan Save items in a key-indexed table (index is a function of the key). Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it") = 3 Tyler Moore 3 "it" ?? 4 CS 2123, The

559 views • 6 slides
pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

Syndrome Based Collision Resistant Hashing Matthieu Finiasz pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks Proposed Improvements and Parameters pq 1 Description of the FSB Hash Function pq

286 views • 28 slides
Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U|

Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U|

Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U| (the set of keys). Tirgul 9 We use a hash function h() to determine the entry of each key. Hash Tables (continued) Reminder The crucial

151 views • 4 slides
Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash Functions June 2013 Bart Preneel Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis: basic topics Bart Preneel This is an input to

402 views • 14 slides
New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel

New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel

New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel Cryptographic Hash Functions A cryptographic hash function is hash function H:{0,1}*-> {0,1} n with strong requirements : Collision

461 views • 33 slides
ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long

ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long

Improved Cryptanalysis of Reduced RIPEMD-160 Florian Mendel, Thomas Peyrin, Martin Schlffer, Lei Wang, and Shuang Wu ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long messages Output: short random

840 views • 50 slides
Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016 HEBANT Chlo e Hash function based on the SIS problem Summer 2016 1 / 19 Introduction Hash function 1 One-way collision-resistant Ajtai function

458 views • 26 slides
Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 Yu Sasaki 1 and Lei Wang 2 1 NTT Secure Platform Laboratories 2 Nanyang Technological University, Singapore SAC 2013 (16/August/2013) 1 Hash Function Based

822 views • 25 slides
Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash

Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash

Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash function h maps key to numbers from 0 to B-1 Bucket array indexed from 0 to B-1 Each bucket contains exactly one value Strategy

460 views • 33 slides
Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity Cryptographic Hash Function: Provides assurance of data integrity Let h be a hash function and x some data. The hash creates a fingerprint of the data,

564 views • 31 slides
Advanced hash function design: inside Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2

Advanced hash function design: inside Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2

Advanced hash function design: inside Keccak Advanced hash function design: inside Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 Ecrypt II summer school, Albena June 2, 2011 1 / 46 1 STMicroelectronics 2 NXP

774 views • 52 slides
13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context Goal - Represent large/sensitive message by a smaller one - Numerous

1.14k views • 68 slides
x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

ECRYPT Bart Preneel Emerging Topics in Cryptographic Design and Cryptanalysis Generic Constructions 30 April- 4 May 2007, Samos Greece for Iterated Hash Functions Outline Generic Constructions Generic Constructions for Iterated Hash

759 views • 10 slides
Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga eten Leurent 2 , Florian Mendel 3 , Mar a Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl affer 3 , 1

822 views • 45 slides
The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function

The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function

The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function Jrmy Jean 1 joint work with: Jian Guo 1 Gatan Leurent 2 Thomas Peyrin 1 Lei Wang 1 1 Nanyang Technological University, Singapore 2 INRIA, France

847 views • 40 slides
Cryptographic Hash Function EDON-R Presented by Prof. Danilo Gligoroski Department of

Cryptographic Hash Function EDON-R Presented by Prof. Danilo Gligoroski Department of

1 Cryptographic Hash Function EDON-R Presented by Prof. Danilo Gligoroski Department of Telematics Faculty of Information Technology, Mathematics and Electrical Engineering Norwegian University of Science and TechnologyTechnology - NTNU,

719 views • 55 slides
Model-driven Design & Synthesis of the SHA-256 Cryptographic Hash Function in ReWire Bill

Model-driven Design & Synthesis of the SHA-256 Cryptographic Hash Function in ReWire Bill

Model-driven Design & Synthesis of the SHA-256 Cryptographic Hash Function in ReWire Bill Harrison University of Missouri Adam Procter Intel Corp. Gerard Allwein US Naval Research Laboratory October 7, 2016 Challenge: High Assurance Hardware

495 views • 14 slides
Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

I5020 Computer Security Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

740 views • 53 slides

More recommend