Results 11 
15 of
15
Evaluation of Some Blockcipher Modes of Operation
, 2011
"... Evaluation carried out for the Cryptography Research and Evaluation Committees (CRYPTREC) ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Evaluation carried out for the Cryptography Research and Evaluation Committees (CRYPTREC)
Getting the Best Out of Existing Hash Functions;or What if We Are Stuck with SHA?
"... Abstract Cascade chaining is a very efficient and popular mode of operation for building various kinds of cryptographichash functions. In particular, it is the basis of the most heavily utilized SHA function family. Recently, many researchers pointed out various practical and theoretical deficiencie ..."
Abstract
 Add to MetaCart
Abstract Cascade chaining is a very efficient and popular mode of operation for building various kinds of cryptographichash functions. In particular, it is the basis of the most heavily utilized SHA function family. Recently, many researchers pointed out various practical and theoretical deficiencies of this mode, which resulted in a renewedinterest in building specialized modes of operations and new hash functions with better security. Unfortunately, it appears unlikely that a new hash function (say, based on a new mode of operation) would be widely adoptedbefore being standardized, which is not expected to happen in the foreseeable future. Instead, it seems likely that practitioners would continue to use the cascade chaining, and the SHA familyin particular, and try to work around the deficiencies mentioned above. In this paper we provide a thorough treatment of how to soundly design a secure hash function H0 from a given cascadebased hash function H forvarious cryptographic applications, such as collisionresistance, onewayness, pseudorandomness, etc. We require each proposed construction of H0 to satisfy the following "axioms". 1. The construction should consist of one or two "blackbox " calls to H.2. In particular, one is not allowed to know/use anything about the internals of H, such as modifying theinitialization vector or affecting the value of the chaining variable. 3. The construction should support variablelength inputs.4. Compared to a single evaluation of H(M), the evaluation of H0(M) should make at most a fixed (smallconstant) number of extra calls to the underlying compression function of H. In other words, the efficiencyof H0 is negligibly close to that of H. We discuss several popular modes of operation satisfying the above axioms. For each such mode and for eachgiven desired security requirement, we discuss the weakest requirement on the compression function of H whichwould make this mode secure. We also give the implications of these results for using existing hash functions
Elastic Block Ciphers: Method, Security and Instantiations
"... We introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an exist ..."
Abstract
 Add to MetaCart
We introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing block cipher as a black box and inserts it into a substitution permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against keyrecovery attacks if the original cipher is secure against such attacks. We note that while reductionbased proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as subcomponents in a larger design. We are not aware of use of such techniques in the case of concrete block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples from existing block ciphers: AES, Camellia, MISTY1 and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for block ciphers. key words: elastic block ciphers, variablelength block ciphers, security analysis, reduction proof, key recovery attacks. 1
Prashant PuniyaThe Random Oracle Methodology
"... ♦ “Paradigm for designing secure and efficient protocols ” (BR’93). ♦ Assume existence of a publicly accessible ideal random function and prove protocol security. ♦ Replace ideal random function by an actual “secure hash function ” (such as SHA1) to deploy protocol. ♦ Hope that nothing breaks down! ..."
Abstract
 Add to MetaCart
♦ “Paradigm for designing secure and efficient protocols ” (BR’93). ♦ Assume existence of a publicly accessible ideal random function and prove protocol security. ♦ Replace ideal random function by an actual “secure hash function ” (such as SHA1) to deploy protocol. ♦ Hope that nothing breaks down! Is SHA1 Really Random? ♦ Is SHA1 obscure enough to successfully replace a random oracle? ♦ No. Practical hash functions usually iteratively apply a fixed length compression function to the input (called the Merkle Damgard construction). f f f