Results 11  20
of
128
Heuristic Design of Cryptographically Strong Balanced Boolean Functions
 EUROCRYPT 98, LNCS 1403
, 1998
"... Advances in the design of Boolean functions using heuristic techniques are reported. A genetic algorithm capable of generating highly nonlinear balanced Boolean functions is presented. Hill climbing techniques are adapted to locate balanced, highly nonlinear Boolean functions that also almost satis ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
Advances in the design of Boolean functions using heuristic techniques are reported. A genetic algorithm capable of generating highly nonlinear balanced Boolean functions is presented. Hill climbing techniques are adapted to locate balanced, highly nonlinear Boolean functions that also almost satisfy correlation immunity. The definitions for some cryptographic properties are generalised, providing a measure suitable for use as a fitness function in a genetic algorithm seeking balanced Boolean functions that satisfy both correlation immunity and the strict avalanche criterion. Results are presented demonstrating the effectiveness of the methods.
Building a collisionresistant compression function from noncompressing primitives
 In ICALP 2008, Part II
, 2008
"... Abstract. We consider how to build an efficient compression function from a small number of random, noncompressing primitives. Our main goal is to achieve a level of collision resistance as close as possible to the optimal birthday bound. We present a 2nton bit compression function based on three ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
Abstract. We consider how to build an efficient compression function from a small number of random, noncompressing primitives. Our main goal is to achieve a level of collision resistance as close as possible to the optimal birthday bound. We present a 2nton bit compression function based on three independent nton bit random functions, each called only once. We show that if the three random functions are treated as black boxes then finding collisions requires Θ(2 n/2 /n c) queries for c ≈ 1. This result remains valid if two of the three random functions are replaced by a fixedkey ideal cipher in DaviesMeyer mode (i.e., EK(x) ⊕ x for permutation EK). We also give a heuristic, backed by experimental results, suggesting that the security loss is at most four bits for block sizes up to 256 bits. We believe this is the best result to date on the matter of building a collisionresistant compression function from noncompressing functions. It also relates to an open question from Black et al. (Eurocrypt’05), who showed that compression functions that invoke a single noncompressing random function cannot suffice. We also explore the relationship of our problem with that of doubling the output of a hash function and we show how our compression function can be used to double the output length of ideal hashes.
Correlation Matrices
 Fast Software Encryption : Second International Workshop, LNCS 1008
, 1994
"... . In this paper we introduce the correlation matrix of a Boolean mapping, a useful concept in demonstrating and proving properties of Boolean functions and mappings. It is argued that correlation matrices are the "natural" representation for the proper understanding and description of the ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
. In this paper we introduce the correlation matrix of a Boolean mapping, a useful concept in demonstrating and proving properties of Boolean functions and mappings. It is argued that correlation matrices are the "natural" representation for the proper understanding and description of the mechanisms of linear cryptanalysis [4]. It is also shown that the difference propagation probabilities and the table consisting of the squared elements of the correlation matrix are linked by a scaled WalshHadamard transform. Key Words: Boolean Mappings, Linear Cryptanalysis, Correlation Matrices. 1 Introduction Most components in encryption schemes are Boolean mappings. In this paper, we establish a relation between Boolean mappings and specific linear mappings over real vector spaces. The matrices that describe these mappings are called correlation matrices. The elements of these matrices consist of the correlation coefficients associated with linear combinations of input bits and linear combin...
Fast Evaluation, Weights and Nonlinearity of RotationSymmetric Functions
 Discrete Mathematics
, 2000
"... We study the nonlinearity and the weight of the rotationsymmetric (RotS) functions defined by Pieprzyk and Qu [6]. We give exact results for the nonlinearity and weight of 2degree RotS functions with the help of the semibent functions [2] and we give the generating function for the weight of the ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
We study the nonlinearity and the weight of the rotationsymmetric (RotS) functions defined by Pieprzyk and Qu [6]. We give exact results for the nonlinearity and weight of 2degree RotS functions with the help of the semibent functions [2] and we give the generating function for the weight of the 3degree RotS function. Based on the numerical examples and our observations we state a conjecture on the nonlinearity and weight of the 3degree RotS function. Keywords: Boolean functions; nonlinearity; bent; semibent; hash functions 1 Motivation Hash functions are used to map a large collection of messages into a small set of message digests and can be used to generate e#ciently both signatures and message authentication codes, and they can be also used as oneway # State University of New York at Bu#alo, Department of Mathematics, Bu#alo, NY 142602900, email: cusick@math.bu#alo.edu + Auburn University Montgomery, Department of Mathematics, Montgomery, AL 361244023, email: stanpan@...
Breaking the ICE  finding multicollisions in iterated concatenated and expanded (ICE) hash functions
 In Proceedings of FSE ’06
, 2006
"... Abstract. The security of hash functions has recently become one of the hottest topics in the design and analysis of cryptographic primitives. Since almost all the hash functions used today (including the MD and SHA families) have an iterated design, it is important to study the general security pro ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Abstract. The security of hash functions has recently become one of the hottest topics in the design and analysis of cryptographic primitives. Since almost all the hash functions used today (including the MD and SHA families) have an iterated design, it is important to study the general security properties of such functions. At Crypto 2004 Joux showed that in any iterated hash function it is relatively easy to find exponential sized multicollisions, and thus the concatenation of several hash functions does not increase their security. However, in his proof it was essential that each message block is used at most once. In 2005 Nandi and Stinson extended the technique to handle iterated hash functions in which each message block is used at most twice. In this paper we consider the general case and prove that even if we allow each iterated hash function to scan the input multiple times in an arbitrary expanded order, their concatenation is not stronger than a single function. Finally, we extend the result to treebased hash functions with arbitrary tree structures.
Hash Functions Based on Block Ciphers and Quaternary Codes
 Advances in Cryptology ASIACRYPT
, 1996
"... . We consider constructions for cryptographic hash functions based on mbit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 2 3m=4 encryptions, which should be compared to 2 m encryptions for a brute force attack. This attack breaks the last remai ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
. We consider constructions for cryptographic hash functions based on mbit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 2 3m=4 encryptions, which should be compared to 2 m encryptions for a brute force attack. This attack breaks the last remaining subclass in a wide class of efficient hash functions which have been proposed in the literature. We then analyze hash functions based on a collision resistant compression function for which finding a collision requires at least 2 m encryptions, providing a lower bound of the complexity of collisions of the hash function. A new class of constructions is proposed, based on error correcting codes over GF(2 2 ) and a proof of security is given, which relates their security to that of single block hash functions. For example, a compression function is presented which requires about 4 encryptions to hash an mbit block, and for which finding a collision requires at least 2 m encryptions...
Towards Secure and Fast Hash Functions
, 1999
"... this paper [15], [16] (m, 2m) block cipher this paper this paper Suppose that ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
this paper [15], [16] (m, 2m) block cipher this paper this paper Suppose that
Constructing an Ideal Hash Function from Weak Ideal Compression Functions
 In Selected Areas in Cryptography, Lecture Notes in Computer Science
, 2006
"... Abstract. We introduce the notion of a weak ideal compression function, which is vulnerable to strong forms of attack, but is otherwise random. We show that such weak ideal compression functions can be used to create secure hash functions, thereby giving a design that can be used to eliminate attack ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. We introduce the notion of a weak ideal compression function, which is vulnerable to strong forms of attack, but is otherwise random. We show that such weak ideal compression functions can be used to create secure hash functions, thereby giving a design that can be used to eliminate attacks caused by undesirable properties of compression functions. We prove that the construction we give, which we call the “zipper hash, ” is ideal in the sense that the overall hash function is indistinguishable from a random oracle when implemented with these weak ideal building blocks. The zipper hash function is relatively simple, requiring two compression function evaluations per block of input, but it is not streamable. We also show how to create an ideal (strong) compression function from ideal weak compression functions, which can be used in the standard iterated way to make a streamable hash function. Keywords: Hash function, compression function, MerkleDamg˚ard, ideal primitives, nonstreamable hash functions, zipper hash.