Results 1  10
of
143
Cryptographic Approach to "PrivacyFriendly" Tags
 IN RFID PRIVACY WORKSHOP
, 2003
"... Radio frequency identification (RFID) is expected to become an important and ubiquitous infrastructure technology. As RFID tags are a#xed to everyday items, they may be used to support various useful services. However, widespread deployment of RFID tags may create new threats to user privacy, due ..."
Abstract

Cited by 140 (1 self)
 Add to MetaCart
Radio frequency identification (RFID) is expected to become an important and ubiquitous infrastructure technology. As RFID tags are a#xed to everyday items, they may be used to support various useful services. However, widespread deployment of RFID tags may create new threats to user privacy, due to the powerful tracking capability of the tags. There are
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
The Whirlpool Hashing Function
 First open NESSIE Workshop
, 2000
"... Abstract. We present Whirlpool, a 512bit hash function operating on messages less than 2256 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs. (Revised on May 24, 2003) 1 ..."
Abstract

Cited by 58 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present Whirlpool, a 512bit hash function operating on messages less than 2256 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs. (Revised on May 24, 2003) 1
A failurefriendly design principle for hash functions
, 2005
"... Abstract. This paper reconsiders the established MerkleDamg˚ard design principle for iterated hash functions. The internal state size w of an iterated nbit hash function is treated as a security parameter of its own right. In a formal model, we show that increasing w quantifiably improves security ..."
Abstract

Cited by 53 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper reconsiders the established MerkleDamg˚ard design principle for iterated hash functions. The internal state size w of an iterated nbit hash function is treated as a security parameter of its own right. In a formal model, we show that increasing w quantifiably improves security against certain attacks, even if the compression function fails to be collision resistant. We propose the widepipe hash, internally using a wbit compression function, and the doublepipe hash, with w = 2n and an nbit compression function used twice in parallel.
Cryptographic Hash Functions: A Survey
, 1995
"... This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions ..."
Abstract

Cited by 47 (7 self)
 Add to MetaCart
(Show Context)
This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions.
Fast Hashing on the Pentium
 Advances in Cryptology, Proceedings Crypto'96, LNCS 1109
, 1996
"... With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded im ..."
Abstract

Cited by 46 (6 self)
 Add to MetaCart
With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded implementations of these hash functions are able to exploit the Pentium's superscalar architecture to its maximum e#ect: the performance with respect to execution on a nonparallel architecture increases by about 60%. This is an important result in view of the recent claims on the limited data bandwidth of these hash functions.
Tiger: A Fast New Hash Function
 Fast Software Encryption, Third International Workshop Proceedings
, 1996
"... Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how l ..."
Abstract

Cited by 44 (1 self)
 Add to MetaCart
(Show Context)
Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how long these functions' variants, such as RIPEMD, MD5, SHA, SHA1 and Snefru8, will remain unbroken. Furthermore, all these functions were designed for 32bit processors, and cannot be implemented efficiently on the new generation of 64bit processors such as the DEC Alpha. We therefore present a new hash function which we believe to be secure; it is designed to run quickly on 64bit processors, without being too slow on existing machines.
Design principles for iterated hash functions
 CRYPTOLOGY EPRINT ARCHIVE
, 2004
"... This paper deals with the security of iterated hash functions against generic attacks, such as, e.g., Joux’ multicollision attacks from Crypto 04 [6]. The core idea is to increase the size of the internal state of an nbit hash function to w> n bit. Variations of this core idea allow the use of ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
This paper deals with the security of iterated hash functions against generic attacks, such as, e.g., Joux’ multicollision attacks from Crypto 04 [6]. The core idea is to increase the size of the internal state of an nbit hash function to w> n bit. Variations of this core idea allow the use of a compression function with n output bits, even if the compression function itself is based on a block cipher. In a formal model, it is shown that these modifications quantifiably improve the security of iterated hash functions against generic attacks.
Fast Evaluation, Weights and Nonlinearity of RotationSymmetric Functions
 Discrete Mathematics
, 2000
"... We study the nonlinearity and the weight of the rotationsymmetric (RotS) functions defined by Pieprzyk and Qu [6]. We give exact results for the nonlinearity and weight of 2degree RotS functions with the help of the semibent functions [2] and we give the generating function for the weight of the ..."
Abstract

Cited by 27 (4 self)
 Add to MetaCart
(Show Context)
We study the nonlinearity and the weight of the rotationsymmetric (RotS) functions defined by Pieprzyk and Qu [6]. We give exact results for the nonlinearity and weight of 2degree RotS functions with the help of the semibent functions [2] and we give the generating function for the weight of the 3degree RotS function. Based on the numerical examples and our observations we state a conjecture on the nonlinearity and weight of the 3degree RotS function. Keywords: Boolean functions; nonlinearity; bent; semibent; hash functions 1 Motivation Hash functions are used to map a large collection of messages into a small set of message digests and can be used to generate e#ciently both signatures and message authentication codes, and they can be also used as oneway # State University of New York at Bu#alo, Department of Mathematics, Bu#alo, NY 142602900, email: cusick@math.bu#alo.edu + Auburn University Montgomery, Department of Mathematics, Montgomery, AL 361244023, email: stanpan@...
The Classification of Hash Functions
, 1993
"... When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This e ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collisionfree function, we can derive others which are also collisionfree, but cryptographically useless. This explains why researchers have not managed to find many interesting consequences of this property. We also prove Okamoto's conjecture that correlation freedom is strictly stronger than collision freedom. We go on to show that there are actually rather many properties which hash functions may need. Hash functions for use with RSA must be multiplication free, in the sense that one cannot find X , Y and Z such that h(X)h(Y ) = h(Z); and more complex requirements hold for other signature schemes. Universal principles can be proposed from which all the freedom properties follow, but like most theoretical principles, they do not seem to give much value to a designer; at the practical level, the main imp...