preimages for step reduced sha 2
play

Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 - PowerPoint PPT Presentation

Nov 24, 2023 •39 likes •249 views

Description of SHA-2 Description of Preimage Attack Application to SHA-2 Conclusions Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 Nanyang Technological University, Singapore Technical University of Denmark NTU, 25 Nov

  1. Description of SHA-2 Description of Preimage Attack Application to SHA-2 Conclusions Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 Nanyang Technological University, Singapore Technical University of Denmark NTU, 25 Nov 2009 A merged version with Aoki, Sasaki and Wang will appear in ASIACRYPT 2009 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  2. Description of SHA-2 Description of Preimage Attack Application to SHA-2 Conclusions Table of contents Description of SHA-2 1 General View Step Function Message Expansion Description of Preimage Attack 2 Application to SHA-2 3 Overview Message Stealing Message Compensation Extended Partial Matching Conclusions 4 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  3. Description of SHA-2 General View Description of Preimage Attack Step Function Application to SHA-2 Message Expansion Conclusions SHA-2 in General input state IV n M n input message message expansion algorithm iteration of the step transformation state feed-forward operation output state IV n +1 Step Function: update internal chaining Message Expansion: expand 16 message words to 64/80 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  4. Description of SHA-2 General View Description of Preimage Attack Step Function Application to SHA-2 Message Expansion Conclusions SHA-2 Step Function A i B i C i D i E i F i G i H i Σ 0 Σ 1 K i MAJ IF W i A i +1 B i +1 C i +1 D i +1 E i +1 F i +1 G i +1 H i +1 MAJ( A , B , C ) = ( A ∧ B ) ∨ ( A ∧ C ) ∨ ( B ∧ C ) , IF( E , F , G ) = ( E ∧ F ) ∨ ( ¬ E ∧ G ) , Σ 0 ( x ) = ( x ≫ 2) ⊕ ( x ≫ 13) ⊕ ( x ≫ 22) , Σ 1 ( x ) = ( x ≫ 6) ⊕ ( x ≫ 11) ⊕ ( x ≫ 25) . Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  5. Description of SHA-2 General View Description of Preimage Attack Step Function Application to SHA-2 Message Expansion Conclusions SHA-2 Message Expansion σ 0 σ 1 W 0 W 15 W 16 W 63 M 0 M 15 � M i for 0 ≤ i < 16 , W i = σ 1 ( W i − 2 ) + W i − 7 + σ 0 ( W i − 15 ) + W i − 16 for 16 ≤ i < 64 . Note: any consecutive 16 determine all message words. Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  6. Description of SHA-2 Description of Preimage Attack Application to SHA-2 Conclusions Preimage Attack - in general split match Target n + l Find pseudo-preimage in 2 l , then preimage in 2 2 +1 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  7. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Result on SHA-2 W 11 , . . . , W 26 as a basis to generate all message words. Neutral words: W 16 and W 19 splitting point matching point S 17 S 35 indirect partial matching first chunk second chunk 0 1 16 19 34 41 W: A Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  8. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Stealing Σ 0 Σ 1 Σ 0 Σ 1 K i K i MAJ IF MAJ IF W i +3 W i W i splitting point W i W i Σ 0 Σ 1 Σ 0 Σ 1 K i +1 K i +1 0 MAJ IF MAJ IF W i +1 W i +1 Σ 0 Σ 1 Σ 0 Σ 1 K i +2 K i +2 1 MAJ IF MAJ IF W i +2 W i +2 Σ 0 Σ 1 Σ 0 Σ 1 K i +3 K i +3 MAJ IF MAJ IF W i +3 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  9. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Result on SHA-2 W 11 , . . . , W 26 as a basis to generate all message words. Neutral words: W 16 and W 19 splitting point matching point S 17 S 35 indirect partial matching first chunk second chunk 0 1 16 19 34 41 W: A Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  10. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Compensation - First Chunk W 10 = W 26 − σ 1 ( W 24 ) − W 19 − σ 0 ( W 11 ) , W 9 = W 25 − σ 1 ( W 23 ) − W 18 − σ 0 ( W 10 ) , W 8 = W 24 − σ 1 ( W 22 ) − W 17 − σ 0 ( W 9 ) , W 7 = W 23 − σ 1 ( W 21 ) − W 16 − σ 0 ( W 8 ) , = W 22 − σ 1 ( W 20 ) − W 15 − σ 0 ( W 7 ) , W 6 W 5 = W 21 − σ 1 ( W 19 ) − W 14 − σ 0 ( W 6 ) , = W 20 − σ 1 ( W 18 ) − W 13 − σ 0 ( W 5 ) , W 4 W 3 = W 19 − σ 1 ( W 17 ) − W 12 − σ 0 ( W 4 ) , = W 18 − σ 1 ( W 16 ) − W 11 − σ 0 ( W 3 ) , W 2 W 1 = W 17 − σ 1 ( W 15 ) − W 10 − σ 0 ( W 2 ) , = W 16 − σ 1 ( W 14 ) − W 9 − σ 0 ( W 1 ) . W 0 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  11. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Compensation - First Chunk W 10 = W 26 − σ 1 ( W 24 ) − W 19 − σ 0 ( W 11 ) , W 9 = W 25 − σ 1 ( W 23 ) − W 18 − σ 0 ( W 10 ) , W 8 = W 24 − σ 1 ( W 22 ) − W 17 − σ 0 ( W 9 ) , W 7 = W 23 − σ 1 ( W 21 ) − W 16 − σ 0 ( W 8 ) , = W 22 − σ 1 ( W 20 ) − W 15 − σ 0 ( W 7 ) , W 6 W 5 = W 21 − σ 1 ( W 19 ) − W 14 − σ 0 ( W 6 ) , = W 20 − σ 1 ( W 18 ) − W 13 − σ 0 ( W 5 ) , W 4 W 3 = W 19 − σ 1 ( W 17 ) − W 12 − σ 0 ( W 4 ) , = W 18 − σ 1 ( W 16 ) − W 11 − σ 0 ( W 3 ) , W 2 W 1 = W 17 − σ 1 ( W 15 ) − W 10 − σ 0 ( W 2 ) , = W 16 − σ 1 ( W 14 ) − W 9 − σ 0 ( W 1 ) . W 0 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  12. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Compensation - First Chunk W 10 = W 26 − σ 1 ( W 24 ) − W 19 − σ 0 ( W 11 ) , W 9 = W 25 − σ 1 ( W 23 ) − W 18 − σ 0 ( W 10 ) , W 8 = W 24 − σ 1 ( W 22 ) − W 17 − σ 0 ( W 9 ) , W 7 = W 23 − σ 1 ( W 21 ) − W 16 − σ 0 ( W 8 ) , = W 22 − σ 1 ( W 20 ) − W 15 − σ 0 ( W 7 ) , W 6 W 5 = W 21 − σ 1 ( W 19 ) − W 14 − σ 0 ( W 6 ) , = W 20 − σ 1 ( W 18 ) − W 13 − σ 0 ( W 5 ) , W 4 W 3 = W 19 − σ 1 ( W 17 ) − W 12 − σ 0 ( W 4 ) , = W 18 − σ 1 ( W 16 ) − W 11 − σ 0 ( W 3 ) , W 2 W 1 = W 17 − σ 1 ( W 15 ) − W 10 − σ 0 ( W 2 ) , = W 16 − σ 1 ( W 14 ) − W 9 − σ 0 ( W 1 ) . W 0 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  13. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Compensation - First Chunk W 10 = W 26 − σ 1 ( W 24 ) − W 19 − σ 0 ( W 11 ) , W 9 = W 25 − σ 1 ( W 23 ) − W 18 − σ 0 ( W 10 ) , W 8 = W 24 − σ 1 ( W 22 ) − W 17 − σ 0 ( W 9 ) , W 7 = W 23 − σ 1 ( W 21 ) − W 16 − σ 0 ( W 8 ) , = W 22 − σ 1 ( W 20 ) − W 15 − σ 0 ( W 7 ) , W 6 W 5 = W 21 − σ 1 ( W 19 ) − W 14 − σ 0 ( W 6 ) , = W 20 − σ 1 ( W 18 ) − W 13 − σ 0 ( W 5 ) , W 4 W 3 = W 19 − σ 1 ( W 17 ) − W 12 − σ 0 ( W 4 ) , = W 18 − σ 1 ( W 16 ) − W 11 − σ 0 ( W 3 ) , W 2 W 1 = W 17 − σ 1 ( W 15 ) − W 10 − σ 0 ( W 2 ) , = W 16 − σ 1 ( W 14 ) − W 9 − σ 0 ( W 1 ) . W 0 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  14. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Result on SHA-2 W 11 , . . . , W 26 as a basis to generate all message words. Neutral words: W 16 and W 19 splitting point matching point S 17 S 35 indirect partial matching first chunk second chunk 0 1 16 19 34 41 W: A Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  15. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Message Compensation - Second Chunk W 27 = σ 1 ( W 25 ) + W 20 + σ 0 ( W 12 ) + W 11 , = σ 1 ( W 26 ) + W 21 + σ 0 ( W 13 ) + W 12 , W 28 W 29 = σ 1 ( W 27 ) + W 22 + σ 0 ( W 14 ) + W 13 , W 30 = σ 1 ( W 28 ) + W 23 + σ 0 ( W 15 ) + W 14 , W 31 = σ 1 ( W 29 ) + W 24 + σ 0 ( W 16 ) + W 15 , W 32 = σ 1 ( W 30 ) + W 25 + σ 0 ( W 17 ) + W 16 , = σ 1 ( W 31 ) + W 26 + σ 0 ( W 18 ) + W 17 , W 33 W 34 = σ 1 ( W 32 ) + W 27 + σ 0 ( W 19 ) + W 18 . Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

  16. Description of SHA-2 Overview Description of Preimage Attack Message Stealing Application to SHA-2 Message Compensation Conclusions Extended Partial Matching Result on SHA-2 splitting point matching point S 17 S 35 indirect partial matching first chunk second chunk 0 1 16 19 34 41 W: A W 0 = W 16 − σ 1 ( W 14 ) − W 9 − σ 0 ( W 1 ) W 34 = σ 1 ( W 32 ) + W 27 + σ 0 ( W 19 ) + W 18 Jian Guo, Krystian Matusiewicz Preimages for Step-Reduced SHA-2

Recommend

Free-start preimages of round-reduced Blake compression function Lei Wang, Kazuo Ohta and Kazuo

Free-start preimages of round-reduced Blake compression function Lei Wang, Kazuo Ohta and Kazuo

On behavior of Professors Ohta and Sakiyama. Free-start preimages of round-reduced Blake compression function Lei Wang, Kazuo Ohta and Kazuo Sakiyama The University of Electro-Communications, Japan Blake A candidate in second round for

433 views • 11 slides
On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10 - Turku Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

372 views • 22 slides
Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

654 views • 38 slides
Some Immediately Noticeable Benefits of using Polytron Reduced temperature n Reduced vibrations n

Some Immediately Noticeable Benefits of using Polytron Reduced temperature n Reduced vibrations n

Polytron Lubrication Technology Based on Micro-Metallurgical Process Some Immediately Noticeable Benefits of using Polytron Reduced temperature n Reduced vibrations n Reduced noise level n Reduced electrical power consumption n Considerable

630 views • 16 slides
min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

a i a j a i , a j a j , a i min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A parallel compare-exchange operation. Processes P i and P j send their elements to each other. Process P i keeps min { a i ,

372 views • 22 slides
Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all customary information forms to Preparation and adoption of Convening and submission Submission of Application Ste land owned by ILG obtain

1.23k views • 4 slides
Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by step procedures Webster Groves School District 2009 Response to Intervention (RtI) is a comprehensive early detection and prevention strategy

688 views • 23 slides
o o o o Step 1:

o o o o Step 1:

o o o o Step 1: Bachelor of Laws (Western Sydney School of Law) Step 2: Professional Legal Training (College of Law et ors) Step 3: Admission to the Supreme

366 views • 14 slides
Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD., DTM&amp;H., MCTM. Surveillance and Investigation Section Bureau of Epidemiology, Department of Disease Control Ministry of Public Health, Thailand

1.27k views • 83 slides
Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3:

Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3:

Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3: Installing RSBlog! 3.1 Installing the component 3.2 Installing a new language file Step 4: Import plugins (optional) 4.1 Import Joomla! articles

889 views • 67 slides
Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! Step 5: Add user permissions Step 6: Create event categories Step 7: Create event locations Step 8:

627 views • 35 slides
Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Preliminary: Spectral Methods for PDEs with Uncertain Coefficients Reduced Basis Methods Reduced Basis + Sparse Grid Collocation Iterative Solution of Reduced Problem Concluding Remarks Reduced Basis Collocation Methods for Partial Differential

476 views • 43 slides
FROM XML TO RDF STEP BY STEP: APPROACHES FOR LEVERAGING

FROM XML TO RDF STEP BY STEP: APPROACHES FOR LEVERAGING

Co-funded by the Horizon 2020 Framework Programme of the European Union Grant Agreement Number 644771 FROM XML TO RDF STEP BY STEP: APPROACHES

613 views • 26 slides
FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH

FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH

FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH GRADE AUGUST 10,2020 IS A MINIMUM DAY STUDENTS WILL LOG 7:45AM - ONTO THEIR 12:27PM CLASSES AND ENGAGE WITH THEIR TEACHERS AND PEERS STEP 1:

276 views • 6 slides
Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big

Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big

Type Theory and Coq Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big step specify how a given expression can be evaluated to its final value. The style is simple and natural for many purposes and is

196 views • 19 slides
Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading

Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading

Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading RSTickets!Pro 2.1 Downloading the component 2.2 Downloading the plugins/modules 2.3 Downloading additional language packs Step 3: Installing RSTickets!Pro

548 views • 44 slides
Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step

Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step

Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step 4: RSMail! settings Step 5: Add Subscribers 5.1. Create subscriber lists 5.2. Add subscribers 5.2.1 Manual add 5.2.2 Import from CSV Step 6

625 views • 14 slides
Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3:

Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3:

Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3: Installing RSComments! Step 4: Configure RSComments 4.1 General Configuration 4.2 Configure comments Step 5: Add user permissions Step 6: Moderate

337 views • 8 slides
Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! 4.1 General settings 4.2 Dashboard settings 4.3 Events 4.3.1 Event general settings 4.3.2

1.29k views • 80 slides
Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other

Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other

Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other Intermountain Reviews Approvals &amp; Signtures Manage and Close Step 1: Step 1a: Step 1b Step 1c Dept Step 2: Step 3: Step 4 : Step 5: Step 6 :

754 views • 31 slides
W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1

W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1

W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1 According to Google, people are browsing more than 7 different websites before they buy a ticket They are spending an average of 10 hours on

723 views • 21 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
Best Practices Step 1 Have clear internal and external case Step 2 Plant the seed early and

Best Practices Step 1 Have clear internal and external case Step 2 Plant the seed early and

Peer-to-Peer Campaign Best Practices Step 1 Have clear internal and external case Step 2 Plant the seed early and regularly Step 3 Skills, tools, and methods Step 4 Determine benchmarks Step 5 Challenge, Match, and Incentive Receive

440 views • 11 slides
Step Up Savannah 1 Step Up Savannah Mission: The Step Up collaborative will enhance economic

Step Up Savannah 1 Step Up Savannah Mission: The Step Up collaborative will enhance economic

Savannahs Poverty Reduction Initiative Step Up Savannah 1 Step Up Savannah Mission: The Step Up collaborative will enhance economic independence in Savannah by encouraging residents to take personal responsibility and organizations to

328 views • 29 slides

More recommend