Cryptographic hash functions are an important tool in cryptography to achieve certain security goals such as authenticity, digital signatures, digital time stamping, and entity authentication. They are also strongly related to other important cryptographic tools such as block ciphers and pseudorandom functions. The standard and widely used hash functions such as MD5 and SHA-1 follow the design principle of Merkle-Damgard iterated hash function construction which was presented independently by Ivan Damgard and Ralph Merkle at Crypto'89. It has been established that neither these hash functions nor the Merkle-Damgard construction itself meet certain security requirements. This thesis aims to study the attacks on this popular construction and propose schemes that offer more resistance against these attacks as well as investigating alternative approaches to the Merkle-Damgard style of designing hash functions. This thesis aims at analysing the security of the standard hash function Cellular Authentication and Voice Encryption Algorithm (CAVE) used for authentication and key-derivation in the second generation (2G) North American IS-41 mobile phone system. In addition, this thesis studies the analysis issues of message authentication codes (MACs) designed using hash functions. With the aim to propose some efficient and secure MAC schemes based on hash functions.ududududThis thesis works on three aspects of hash functions: design, cryptanalysis and applications with the following significant contributions:udududud* Proposes a family of variants to the Damgard-Merkle construction called 3CG for better protection against specific and generic attacks. Analysis of the linear variant of 3CG called 3C is presented including its resistance to some of the known attacks on hash functions.udududud* Improves the known cryptanalytical techniques to attack 3C and some other similar designs including a linear variant of GOST, a Russian standard hash function.udududud* Proposes a completely novel approach called Iterated Halving, alternative to the standard block iterated hash function construction.udududud* Analyses provably secure HMAC and NMAC message authentication codes (MACs) based on weaker assumptions than stated in their proofs of security. Proposes an efficient variant for NMAC called NMAC-1 to authenticate short messages. Proposes a variant for NMAC called M-NMAC which offers better protection against the complete key-recovery attacks than NMAC. As well it is shown that M-NMAC with hash functions also resists side-channel attacks against which HMAC and NMAC are vulnerable. Proposes a new MAC scheme called O-NMAC based on hash functions using just one secret key.udududud* Improves the open cryptanalysis of the CAVE algorithm.udududud* Analyses the security and legal implications of the latest collision attacks on the widely used MD5 and SHA-1 hash functions.
展开▼
机译:加密散列函数是加密中实现某些安全目标(如真实性,数字签名,数字时间戳和实体认证)的重要工具。它们还与其他重要的密码工具(如分组密码和伪随机函数)密切相关。标准且广泛使用的哈希函数(例如MD5和SHA-1)遵循Merkle-Damgard迭代哈希函数构造的设计原理,该构造原理由Ivan Damgard和Ralph Merkle在Crypto'89上独立提出。已经确定这些散列函数或Merkle-Damgard结构本身都不满足某些安全要求。本文旨在研究对这种流行结构的攻击,并提出对这些攻击提供更大抵抗力的方案,并研究默克尔-达姆加德设计散列函数的替代方法。本文旨在分析用于第二代(2G)北美IS-41手机系统中用于身份验证和密钥派生的标准哈希函数“蜂窝身份验证和语音加密算法”(CAVE)的安全性。此外,本文还研究了使用哈希函数设计的消息认证码(MAC)的分析问题。为了提出一些基于散列函数的高效,安全的MAC方案。 ud ud ud ud本文主要研究散列函数的三个方面:设计,密码分析和应用,具有以下重要贡献: ud ud ud ud *提出了Damgard-Merkle构造的一系列变体,称为3CG,以更好地防御特定和一般的攻击。给出了对称为3C的3CG线性变体的分析,包括其对哈希函数的某些已知攻击的抵抗力。 ud ud ud ud *改进了已知的密码分析技术来攻击3C和一些其他类似设计,包括线性变体 ud ud ud ud *提出了一种全新的方法,称为“迭代减半”,它是标准块迭代哈希函数构造的替代方法。 ud ud ud ud *分析可证明安全的HMAC NMAC消息认证代码(MAC)基于比其安全性证明中所述弱的假设。为NMAC提出一种有效的变体,称为NMAC-1,以对短消息进行身份验证。为NMAC提出一种变体,称为M-NMAC,它比NMAC提供更好的保护,使其免受完整的密钥恢复攻击。同样表明,具有哈希功能的M-NMAC还可以抵抗HMAC和NMAC容易受到攻击的边信道攻击。提出一种新的称为O-NMAC的MAC方案,该方案基于仅使用一个密钥的哈希函数。 ud ud ud ud *改进了CAVE算法的开放式密码分析。 ud ud ud ud *分析了安全性并最新的冲突攻击对广泛使用的MD5和SHA-1哈希函数的法律影响。
展开▼
