Results 1 
5 of
5
Second preimages on nbit hash functions for much less than 2^n work
"... We expand a previous result of Dean [Dea99] to provide a second preimage attack on all nbit iterated hash functions with DamgårdMerkle strengthening and nbit intermediate states, allowing a second preimage to be found for a 2 kmessageblock message with about k × 2 n/2+1 +2 n−k+1 work. Using RI ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
We expand a previous result of Dean [Dea99] to provide a second preimage attack on all nbit iterated hash functions with DamgårdMerkle strengthening and nbit intermediate states, allowing a second preimage to be found for a 2 kmessageblock message with about k × 2 n/2+1 +2 n−k+1 work. Using RIPEMD160 as an example, our attack can find a second preimage for a 2^60 byte message in about 2^106 work, rather than the previously expected 2^160 work. We also provide slightly cheaper ways to find multicollisions than the method of Joux [Jou04]. Both of these results are based on expandable messages–patterns for producing messages of varying length, which all collide on the intermediate hash result immediately after processing the message. We provide an algorithm for finding expandable messages for any nbit hash function built using the DamgårdMerkle construction, which requires only a small multiple of the work done to find a single collision in the hash function.
Statistical Testing of Random Number Generators
 In: Proceedings of the 22nd National Information Systems Security Conference
, 1999
"... : Random Number Generators 1 (RNGs) are an important building block for algorithms and protocols in cryptography. They are paramount in the construction of encryption keys and other cryptographic algorithm parameters. In practice, statistical testing is employed to gather evidence that a generator ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
: Random Number Generators 1 (RNGs) are an important building block for algorithms and protocols in cryptography. They are paramount in the construction of encryption keys and other cryptographic algorithm parameters. In practice, statistical testing is employed to gather evidence that a generator indeed produces numbers that appear to be random. Few resources are readily available to researchers in academia and industry who wish to analyze their newly developed RNG. To address this problem, NIST has developed new metrics that may be employed to investigate the randomness of cryptographic RNGs. In this paper, issues such as statistical test suites, evaluation frameworks, and the interpretation of results are addressed. 1.0 Introduction In computer security, suitable metrics are needed to investigate the degree of randomness for binary sequences produced by cryptographic random number generators (RNGs). Today, researchers are developing new hardware and software based RNGs. However,...
A PracticeOriented Treatment of Pseudorandom Number Generators
 ADVANCES IN CRYPTOLOGY–EUROCRYPT 02 PROCEEDINGS
, 2002
"... We study Pseudorandom Number Generators (PRNGs) as used in practice. We first give a general security framework for PRNGs, incorporating the attacks that users are typically concerned about. We then analyze the most popular ones, including the ANSI X9.17 PRNG and the FIPS 186 PRNG. Our results also ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
We study Pseudorandom Number Generators (PRNGs) as used in practice. We first give a general security framework for PRNGs, incorporating the attacks that users are typically concerned about. We then analyze the most popular ones, including the ANSI X9.17 PRNG and the FIPS 186 PRNG. Our results also suggest ways in which these PRNGs can be made more efficient and more secure.
PUFbased random number generation
 In MIT CSAIL CSG Technical Memo 481 (http://csg.csail.mit.edu/pubs/memos/Memo481/Memo481.pdf
, 2004
"... From security to randomized algorithms, there are many existing problems whose solutions are fundamentally based on the assumption that intrinsically pure random number sources exist. Pseudorandom number generators can imitate randomness sufficiently well for most applications, however, they still r ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
From security to randomized algorithms, there are many existing problems whose solutions are fundamentally based on the assumption that intrinsically pure random number sources exist. Pseudorandom number generators can imitate randomness sufficiently well for most applications, however, they still rely on some secret seed input. Hardware random number generators attempt to extract randomness directly from complex physical systems. In this way they create random outputs without requiring any seed inputs. In this paper we describe how to use Physical Random Functions (or Physical Unclonable Functions, PUFs) to create a candidate hardware random number generator. We present a short argument supporting the tenability of our methods and provide a brief evaluation of the “randomness ” of numbers generated using PUFs through a series of statistical tests. These tests show promising possibilities for the use of PUFs in hardware random number generation. 1.
BMGL: Synchronous Keystream Generator with Provable Security
, 2001
"... We propose a construction of an e#cient, synchronous keystream generator with provable security properties in response to the NESSIE call for primitives. The cryptographic core of the stream cipher is the block cipher Rijndael. We show that a nontrivial attack on the cipher reduces to an attack on ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We propose a construction of an e#cient, synchronous keystream generator with provable security properties in response to the NESSIE call for primitives. The cryptographic core of the stream cipher is the block cipher Rijndael. We show that a nontrivial attack on the cipher reduces to an attack on Rijndael. The construction uses an optimization of earlier work on pseudorandom generators by Blum and Micali, and Goldreich and Levin. 1