Results 1 -
4 of
4
Multi-Property-Preserving Hash Domain Extension and the EMD Transform
- Advances in Cryptology – ASIACRYPT 2006
, 2006
"... Abstract We point out that the seemingly strong pseudorandom oracle preserving (PRO-Pr) propertyof hash function domain-extension transforms defined and implemented by Coron et. al. [12] can actually weaken our guarantees on the hash function, in particular producing a hash functionthat fails to be ..."
Abstract
-
Cited by 43 (9 self)
- Add to MetaCart
Abstract We point out that the seemingly strong pseudorandom oracle preserving (PRO-Pr) propertyof hash function domain-extension transforms defined and implemented by Coron et. al. [12] can actually weaken our guarantees on the hash function, in particular producing a hash functionthat fails to be even collision-resistant (CR) even though the compression function to which the transform is applied is CR. Not only is this true in general, but we show that all the transformspresented in [12] have this weakness. We suggest that the appropriate goal of a domain extension transform for the next generation of hash functions is to be multi-property preserving, namelythat one should have a single transform that is simultaneously at least collision-resistance preserving, pseudorandom function preserving and PRO-Pr. We present an efficient new transformthat is proven to be multi-property preserving in this sense.
Repairing the BlueTooth pairing protocol
- Proceedings of Security Protocols Workshop
, 2005
"... Abstract. We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
Abstract. We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience. 1
Semantic Web
"... A privacy enhancing identity management framework using the semantic web Wspomagąjaca prywatność struktura ramowa zarządzania tożsamością z wykorzystaniem ..."
Abstract
- Add to MetaCart
A privacy enhancing identity management framework using the semantic web Wspomagąjaca prywatność struktura ramowa zarządzania tożsamością z wykorzystaniem
Collision Attack on NaSHA-384/512
"... NaSHA is a family of hash functions submitted by Markovski and Mileva as a SHA-3 candidate. In this paper, we present a collision attack on the hash function NaSHA for the output sizes 384-bit and 512-bit. This attack is based on the the weakness in the generate course of the state words and the fac ..."
Abstract
- Add to MetaCart
NaSHA is a family of hash functions submitted by Markovski and Mileva as a SHA-3 candidate. In this paper, we present a collision attack on the hash function NaSHA for the output sizes 384-bit and 512-bit. This attack is based on the the weakness in the generate course of the state words and the fact that the quasigroup operation used in the compression function is only determined by partial state words. Its time complexity is about 2128 with negligible memory and its probability is more than
