X-Proofpoint-Virus-Version: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=2007-04-27_05:2007-04-27,2007-04-27,2007-04-27 signatures=0 X-PP-SpamDetails: rule=spampolicy2_notspam policy=spampolicy2 score=0 spamscore=0 ipscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=3.1.0-0703060001 definitions=main-0704270063 X-PP-SpamScore: 0 X-NIST-MailScanner: Found to be clean

Abstract. We initiate a complexity-theoretic treatment of hardness amplification for collision-resistant hash functions, namely the transformation of weakly collision-resistant hash functions into strongly collision-resistant ones in the standard model of computation. We measure the level of collision resistance by the maximum probability, over the choice of the key, for which an efficient adversary can find a collision. The goal is to obtain constructions with short output, short keys, small loss in adversarial complexity tolerated, and a good trade-off between compression ratio and computational complexity. We provide an analysis of several simple constructions, and show that many of the parameters achieved by our constructions are almost optimal in some sense.

We cryptanalyse some block cipher proposals that are based on dedicated hash functions SHA-1 and MD5. We discuss a related-key attack against SHACAL-1 and present a method for finding “slid pairs” for it. We also present simple attacks against MDC-MD5 and the Kaliski-Robshaw block cipher.

. We give a new definition of keyed hash functions and show its relation with strongly universal hash functions and Cartesian authentication codes. We propose an algorithm for a secure keyed hash function and present preliminary result on its performance. The algorithm can be used for fast (about twice the speed of MD5) and secure message authentication. 1 Introduction Hash functions were introduced in early 1950's [20]. The original aim was to have functions that can uniformly map a large collection of messages into a small set of message digests (or hash values). A useful application of hash functions is for error detection. Appending message digest to the message allows detection of errors during transmission. In the receiving end, the hash value of the received message is recalculated and compared with the received hash value. If they do not match, an error has occurred. This detection is only for random errors. An active spoofer may intercept a message, modify it as he wishes, an...

In this paper we suggest two new provably secure block ciphers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components are a hash function and a stream cipher, and they are provably secure in the sense that attacks which find their keys would yield attacks on one or both of the underlying components. They also have the potential to be much faster than existing block ciphers in many applications.

Abstract not found

ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, NY 10036 USA, fax +1 (212) 869-0481, or permissions@acm.org. 2 \Delta Gabber, Gibbons, Kristol, Matias, Mayer 1. INTRODUCTION We consider the following problem: there is a set of clients located on a particular subnet and a set of servers on the Internet. For example, the set of clients could be employees on a company's intranet or subscribers of an ISP and the servers could be Web-sites. See Figure 1, where the c i are clients and the s j are servers. A client wishes to establish a persistent relationship with some (or all) of these servers, such that in all subsequent interactions (1) the client can be recognized and (2) either weak or strong authentication can be used. At the same time, ...

Cryptographic solutions should be cryptanalysis-tolerant, i.e. avoid dependency on the assumed security of a single cryptographic function. We present the 2/3 composition, a cryptanalysis-tolerant design for commitment schemes and cryptographic hash functions. Previous cryptanalysis-tolerant solutions provided either confidentiality or binding properties; the 2/3 composition provides both properties. The 2/3 composition is simple and efficient, and appropriate for practical applications, either to compose existing functions or to design new functions. Keywords: cryptographic functions; hash functions; one-way functions; collisionresistance; commitment schemes 1.

In this paper, we propose a new design tool for \block encryption ", allowing the en/decryption of arbitrarily long messages, but performing en/decryption on only a single block (e.g., 128 bit block), where the rest of the message is only processed by a good scrambling function (e.g., one based on an ideal hash function). The design can be a component in constructing various schemes where the above properties gives an advantage. A quite natural use of our scheme is for remotely keyed encryption. We actually solve an open problem (at least in the relaxed ideal hash model and where hosts are allowed to add randomness and integrity checks, thus giving a length increasing function), by demonstrating the existence of a secure remotely keyed encryption scheme which performs only one interaction with the trusted device.

These doctoral studies were conducted under the supervision of Professor Keith Martin. The work presented in this thesis is the result of original research carried out by myself, in collaboration with others, whilst enrolled in the Department of Mathematics as a candidate for the degree of Doctor of Philosophy. This work has not been submitted for any other degree or award in any other university or educational establishment. In this thesis we study the security of a number of dedicated cryptographic hash functions against cryptanalytic attacks. We begin with an introduction to what cryptographic hash functions are and what they are used for. This is followed by strict definitions of the security properties often required from cryptographic hash functions. FSB hashes are a class of hash functions derived from a coding theory problem. We attack FSB by modeling the compression function of the hash by a matrix in GF(2). We show that collisions and preimages can easily be found in FSB with the