Results 11  20
of
32
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
Square Hash: Fast Message Authentication via Optimized Universal Hash Functions
 In Proc. CRYPTO 99, Lecture Notes in Computer Science
, 1999
"... This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication. ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication.
How to Stretch Random Functions: The Security of Protected Counter Sums
 Journal of Cryptology
, 1999
"... . Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Ki ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
. Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Kilian, and Rogaway, and cascading, which was proven unpredictable by Bellare, Canetti, and Krawczyk. The highlight here is a very simple proof of security. 1.
From unpredictability to indistinguishability: A simple construction of pseudorandom functions from MACs
 Advances in Cryptology  CRYPTO '98, LNCS
, 1998
"... Abstract. This paper studies the relationship between unpredictable functions (which formalize the concept of a MAC) and pseudorandom functions. We show an efficient transformation of the former to the latter using a unique application of the GoldreichLevin hardcore bit (taking the innerproduct ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
Abstract. This paper studies the relationship between unpredictable functions (which formalize the concept of a MAC) and pseudorandom functions. We show an efficient transformation of the former to the latter using a unique application of the GoldreichLevin hardcore bit (taking the innerproduct with a random vector r): While in most applications of the GLbit the random vector r may be public, in our setting this is not the case. The transformation is only secure when r is secret and treated as part of the key. In addition, we consider weaker notions of unpredictability and their relationship to the corresponding notions of pseudorandomness. Using these weaker notions we formulate the exact requirements of standard protocols for privatekey encryption, authentication and identification. In particular, this implies a simple construction of a privatekey encryption scheme from the standard challengeresponse identification scheme. 1
OMAC: OneKey CBC MAC
 Preproceedings of Fast Software Encryption, FSE 2003
, 2002
"... In this paper, we present Onekey CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k + 2n) bits in total, and TMAC requires two keys, (k + n) bits in total, where n denotes the block l ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
In this paper, we present Onekey CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k + 2n) bits in total, and TMAC requires two keys, (k + n) bits in total, where n denotes the block length of E.
Does Encryption with Redundancy Provide Authenticity?
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 2001, B. PFITZMANN, ED. LECTURE NOTES IN COMPUTER SCIENCE
, 2001
"... A popular paradigm for achieving privacy plus authenticity is to append some “redundancy” to the data before encrypting. We investigate the security of this paradigm at both a general and a specific level. We consider various possible notions of privacy for the base encryption scheme, and for each s ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
A popular paradigm for achieving privacy plus authenticity is to append some “redundancy” to the data before encrypting. We investigate the security of this paradigm at both a general and a specific level. We consider various possible notions of privacy for the base encryption scheme, and for each such notion we provide a condition on the redundancy function that is necessary and sufficient to ensure authenticity of the encryptionwithredundancy scheme. We then consider the case where the base encryption scheme is a variant of CBC called NCBC, and find sufficient conditions on the redundancy functions for NCBC encryptionwithredundancy to provide authenticity. Our results highlight an important distinction between public redundancy functions, meaning those that the adversary can compute, and secret ones, meaning those that depend on the shared key between the legitimate parties.
On the Round Security of SymmetricKey Cryptographic Primitives
 In Advances in Cryptology — CRYPTO ’00, volume 1880 of LNCS
, 2000
"... We put forward a new model for understanding the security of symmetrickey primitives, such as block ciphers. The model captures the fact that many such primitives often consist of iterating simpler constructs for a number of rounds, and may provide insight into the security of such designs. We comp ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
We put forward a new model for understanding the security of symmetrickey primitives, such as block ciphers. The model captures the fact that many such primitives often consist of iterating simpler constructs for a number of rounds, and may provide insight into the security of such designs. We completely characterize the security of fourround LubyRacko ciphers in our model, and show that the ciphers remain secure even if the adversary is given blackbox access to the middle two round functions. A similar result can be obtained for message authentication codes based on universal hash functions. 1 Introduction 1.1 Block Ciphers A block cipher is a family of permutations on a message space indexed by a secret key. Each permutation in the family deterministically maps plaintext blocks of some xed length to ciphertext blocks of the same length; both the permutation and its inverse are eciently computable given the key. Motivated originally by the study of security of the block ciphe...
Fast universal hashing with small keys and no preprocessing: the PolyR construction
, 2000
"... We describe a universal hashfunction family, PolyR, which hashes messages of effectively arbitrary lengths in 3.96.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2 16 2 50 ). Unlike most proposals, PolyR actually hashes short messages faster (per byte) tha ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We describe a universal hashfunction family, PolyR, which hashes messages of effectively arbitrary lengths in 3.96.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2 16 2 50 ). Unlike most proposals, PolyR actually hashes short messages faster (per byte) than long ones. At the same time, its key is only a few bytes, the output is only a few bytes, and no "preprocessing" is needed to achieve maximal effciency. Our designs have been strongly influenced by lowlevel considerations relevant to software speed, and experimental results are given throughout.
Energy Scalable Universal Hashing
, 2004
"... Message Authentication Codes (MACs) are valuable tools for ensuring the integrity of messages. MACs may be built around a universal hash function (NH) which was explored in the construction of UMAC. In this paper, we use a variation on NH called WH. WH reaches optimality in the sense that it is univ ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Message Authentication Codes (MACs) are valuable tools for ensuring the integrity of messages. MACs may be built around a universal hash function (NH) which was explored in the construction of UMAC. In this paper, we use a variation on NH called WH. WH reaches optimality in the sense that it is universal with half the hash length of NH and it achieves perfect serialization in hardware implementation. We achieved substantial power savings of up to 59 % and a speedup of up to 7.4 times over NH. Moreover, we show how the technique of multihashing and the Toeplitz approach can be combined to reduce the power and energy consumption even further while maintaining the same security level with a very slight increase in the amount of the key material. At low frequencies the power and energy reductions are achieved simultaneously while keeping the hashing time constant. We developed formulae for estimation of the leakage and dynamic power consumptions as well as the energy consumption based on the frequency and the Toeplitz parameter t. We introduce a powerful method for scaling WH according to specific energy and power consumption requirements. Our implementation of WH16 consumes only 2.95 µW at 500 kHz. It can therefore be integrated into a selfpowered device.
A Message Authentication Code based on Latin Squares
 in Lecture Notes in Computer Science
, 1997
"... . This is a proposal on the construction of a Message Authentication Code (MAC) based on Latin Squares. The design is inspired by WegmanCarter construction which takes advantage of provable security. The MAC is described and its security is examined. It is also compared with other MACs and its adva ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. This is a proposal on the construction of a Message Authentication Code (MAC) based on Latin Squares. The design is inspired by WegmanCarter construction which takes advantage of provable security. The MAC is described and its security is examined. It is also compared with other MACs and its advantages are shown. 1 Introduction Message Authentication Code (MAC) is one of the most common cryptographic tools for providing authentication in a wide range of applications. A MAC takes a secret key to generate a checksum for a given message or to verify an existing (previously generated) checksum. In most designs, a MAC is constructed from an existing hash function. A checksum is a fixed length string that follows a message to provide its integrity. We refer to the process of generating a checksum of a given message as signing and the process of verifying an existing checksum as verifying. A MAC uses a symmetric key that will be used in both signing and verifying processes, and therefore...