Results 1  10
of
17
Multicollision Attacks on a Class of Hash Functions
 IACR PREPRINT ARCHIVE
, 2005
"... In a recent paper, A. Joux [7] showed multicollision attacks on the classical iterated hash function. (A multicollision is a set of inputs whose hash values are same.) He also showed how the multicollision attacks can be used to get a collision attack on the concatenated hash function. In this paper ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
In a recent paper, A. Joux [7] showed multicollision attacks on the classical iterated hash function. (A multicollision is a set of inputs whose hash values are same.) He also showed how the multicollision attacks can be used to get a collision attack on the concatenated hash function. In this paper, we first try to fix the attack by introducing a natural and wide class hash functions. However, we show that the multicollision attacks also exist in this general class. Thus, we rule out a natural and a wide class of hash functions as candidates for multicollision secure hash functions.
New methods in hard disk encryption
, 2005
"... This work investigates the state of the art in hard disk cryptography. As the choice of the cipher mode is essential for the security of hard disk data, we discuss the recent cipher mode developments at two standardisation bodies, NIST and IEEE. It is a necessity to consider new developments, as the ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
This work investigates the state of the art in hard disk cryptography. As the choice of the cipher mode is essential for the security of hard disk data, we discuss the recent cipher mode developments at two standardisation bodies, NIST and IEEE. It is a necessity to consider new developments, as the most common cipher mode – namely CBC – has many security problems. This work devotes a chapter to the analysis of CBC weaknesses. Next to others, the main contributions of this work are (1) efficient algorithms for series of multiplications in a finite field (Galois Field), (2) analysis of the security of passwordbased cryptography with respect to low entropy attacks and (3) a design template for secure key management, namely TKS1. For the latter, it is assumed that key management has to be done on regular user hardware in the absence of any special security hardware like key tokens. We solve the problems arising from magnetic storage by introducing a method called antiforensic information splitter. This work is complemented by the presentation of a system implementing a variant
The case for public work
 In in Proceedings of Global Internet
, 2007
"... Abstract—Whether it is port scans, spam, or distributed denialofservice attacks from botnets, unwanted traffic is a fundamental problem in all networked systems. Although proofofwork has been proposed as a mechanism for thwarting such attacks, few proofofwork systems have been successfully dep ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Abstract—Whether it is port scans, spam, or distributed denialofservice attacks from botnets, unwanted traffic is a fundamental problem in all networked systems. Although proofofwork has been proposed as a mechanism for thwarting such attacks, few proofofwork systems have been successfully deployed. One of the problems in the proofofwork approach is that the systems that issue and verify puzzles are typically located at or near the server edge. Rather than eliminate the denialofservice problem, such approaches merely shift the problem from the service itself to the proofofwork systems protecting the service. As a result, adversaries can disable services by flooding the issuer, by flooding the verifier, or by flooding all of the network links that lead to the issuer and verifier. To address this problem, this paper proposes a new approach for building proofofwork systems based on publicly verifiable client puzzles. The system works by issuing a single “public work function ” that clients must solve for each of its subsequent requests. Because the work function is publicly verifiable, any network device at the client’s edge can verify that subsequent traffic will be accepted by the service. The system mitigates floods to the issuer since only a single work function needs to be given per client, thus allowing duplicate requests and replies to be supressed. The system mitigates floods to the verifier and across links leading to the server edge by allowing the verifier to be placed arbitrarily close to the client adversary. I.
Multicollision attacks on some generalized sequential hash functions. Cryptology ePrint Archive, Report 2006/055
 In Proceedings of STOC'89
, 2006
"... A multicollision for a function is a set of inputs whose outputs are all identical. A. Joux showed multicollision attacks on the classical iterated hash function. He also showed how these multicollision attacks can be used to get a collision attack on a concatenated hash function. In this paper, we ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
A multicollision for a function is a set of inputs whose outputs are all identical. A. Joux showed multicollision attacks on the classical iterated hash function. He also showed how these multicollision attacks can be used to get a collision attack on a concatenated hash function. In this paper, we study multicollision attacks in a more general class of hash functions which we term “generalized sequential hash functions”. We show that multicollision attacks exist for this class of hash functions provided that every message block is used at most twice in the computation of the message digest. 1
The CoEvolution of Systems and
 Communities in Free and Open Source Software Development, in S. Koch (ed.), Free/Open Source Software Development, 5982, Idea Group Publishing
, 2004
"... Under consideration for publication in Knowledge and Information ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Under consideration for publication in Knowledge and Information
MAME: A Compression Function with Reduced Hardware Requirements ⋆
"... Abstract. This paper describes a new compression function, MAME designed for hardwareoriented hash functions which can be used in applications with reduced hardware requirements. MAME takes a 256bit message block and a 256bit chaining variable as input and produces a 256bit output. In the light ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. This paper describes a new compression function, MAME designed for hardwareoriented hash functions which can be used in applications with reduced hardware requirements. MAME takes a 256bit message block and a 256bit chaining variable as input and produces a 256bit output. In the light of recent attacks on MD5 and SHA1, our design strategy is very conservative, and we show that our compression function is secure against various kinds of widely known attacks with very large security margins. The simple logical operations and the hardware efficient Sboxes are used to achieve a hardware implementation of MAME requiring only 8.1 Kgates on 0.18 µm technology.
Helping ticketmaster: Changing the economics of ticket robots with geographic proofofwork
 In Global Internet
, 2010
"... Abstract—When tickets for popular events such as Hannah Montana concerts go on sale online, they sell out almost instantly. Unfortunately, a significant number of them are purchased by worldwide networks of ticket purchasing robots run by scalpers looking to turn a quick profit. Ticket outlets curr ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Abstract—When tickets for popular events such as Hannah Montana concerts go on sale online, they sell out almost instantly. Unfortunately, a significant number of them are purchased by worldwide networks of ticket purchasing robots run by scalpers looking to turn a quick profit. Ticket outlets currently employ CAPTCHAs to slow down fully automated purchasing robots. Since the profit associated with scalping tickets is several orders of magnitude larger than the cost associated with paying humans to solve the CAPTCHAs, this approach has been ineffective. CAPTCHAs have a fundamental flaw when used to protect online tickets: the cost to solve them using humans is fixed and small. To address this problem, this paper explores a novel alternative based on geographicallydriven proofofwork. The crux of the approach exploits the observation that most legitimate clients are located geographically close to the event. By requiring every client to solve a cryptographic puzzle whose difficulty is based on their distance to the event, ticket purchasing robots must be placed close to each event in order to monopolize the tickets. This requirement significantly increases the cost of operating such networks. Using emulation and simulation, we demonstrate the utility of our approach in tackling the online ticketing problem.
Relation between Successfulness of Birthday Attack on Digital Signature and Hash Function Irregularity
"... Abstract: In many network communications it is crucial to be able to authenticate both the contents and the origin of a message. Digital signatures based on public key schemas are used for such authentication. In order to provide message authentication the signature must depend on the contents of t ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract: In many network communications it is crucial to be able to authenticate both the contents and the origin of a message. Digital signatures based on public key schemas are used for such authentication. In order to provide message authentication the signature must depend on the contents of the message being signed. Since the public keybased signature schemes take too much time to compute, hash functions that map messages to short digests h(M) are used. Among other desirable properties of hash functions, an interesting one is that it should be collisionresistant, that is it should be difficult to find two messages with the same hash value. To find a collision the birthday attack is used, which shows that attacker may not need to examine too many messages before he finds a collision. Even worse, in estimates of attack successfulness it is always assumed that the hash function is regular, meaning that all points in the range have the same number of preimages under h. If h is not regular, fewer trials are required to find a collision. In this paper we first compute tighter upper and lower bounds for the number of birthday attack trials when the hash function is regular. Then we examine different types of irregularity of the hash function and the quantitative changes in the required number of trials to find a collision which then compromises the digital signature system. KeyWords: Digital signature, Birthday attack, Irregular hash function, Hash collision 1
Using Steganography to Improve Hash Functions ’ Collision Resistance
"... Lately, hash function security has received increased attention. Especially after the recent attacks that were presented for SHA1 and MD5, the need for a new and more robust hash function has become imperative. Even though many solutions have been proposed as replacements, the transition to a new f ..."
Abstract
 Add to MetaCart
Lately, hash function security has received increased attention. Especially after the recent attacks that were presented for SHA1 and MD5, the need for a new and more robust hash function has become imperative. Even though many solutions have been proposed as replacements, the transition to a new function could be costly and complex. In this paper, we introduce a mode of operation that can be applied to any existing or future hash function in order to improve its collision resistance. In particular, we use steganography, the art of hiding a message into another message, to create a scheme, named ΣHash, which enforces the security of hashing algorithms. We will demonstrate how, apart from hash function security, ΣHash can also be used for securing Open Source code from tampering attacks and other applications. 1.
On Quantifying the Resistance of Concrete Hash Functions to Generic MultiCollision Attacks
, 2009
"... Bellare and Kohno (2004) introduced the notion of balance to quantify the resistance of a hash function h to a generic collision attack. Motivated by their work, we consider the problem of quantifying the resistance of h to a generic multicollision attack. To this end, we introduce the notion of r ..."
Abstract
 Add to MetaCart
Bellare and Kohno (2004) introduced the notion of balance to quantify the resistance of a hash function h to a generic collision attack. Motivated by their work, we consider the problem of quantifying the resistance of h to a generic multicollision attack. To this end, we introduce the notion of rbalance µr(h) of h and obtain bounds on the success probability of finding an rcollision in terms( of µr(h). These r−1 bounds show that for a hash function with m image points, if the number of trials q is Θ rm ( r)µr(h)) then it is possible to find rcollisions with a significant probability of success. It is further shown that compared to regular functions, random functions offer somewhat lesser resistance to a generic multicollision attack. These results extend and complete the earlier results obtained by Bellare and Kohno (2004) for collisions (i.e., r = 2). 1