Security Analysis of the Mode of JH Hash Function

Bhattacharyya, Rishiraj; Mandal, Avradip; Nandi, Mridul

doi:10.1007/978-3-642-13858-4_10

Cited by 32 publications

(39 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, our concept is not based on a secure PRP, as we work with a single permutation. The provable security framework for schemes employing a single permutation typically follows [2,4] the indifferentiability framework [13]. Assuming no non-trivial properties of the permutation, the designers replace it with a randomly chosen permutation and prove indistinguishability from the random oracle even though the adversary can query the randomly chosen permutation as well.…”

Section: Security Of Kwfmentioning

confidence: 99%

Key Wrapping with a Fixed Permutation

Khovratovich

2014

Topics in Cryptology – CT-RSA 2014

View full text Add to dashboard Cite

We present an efficient key wrapping scheme that uses a single wide permutation and does not rely on block ciphers. The scheme is capable of wrapping keys up to 1400 bits long and processing arbitrarily long headers. Our scheme easily delivers the security level of 128 bits or higher with the master key of the same length. The permutation can be taken from the sponge hash functions such as SHA-3 (Keccak), Quark, Photon, Spongent.We also present a simple proof of security within the concept of Deterministic Authenticated Encryption (DAE) introduced by Rogaway and Shrimpton. We extend the setting by allowing the adversary to query the permutation and following the indifferentiability setting in the security proof of the sponge construction.

show abstract

Section: Security Of Kwfmentioning

confidence: 99%

Key Wrapping with a Fixed Permutation

Khovratovich

2014

Topics in Cryptology – CT-RSA 2014

View full text Add to dashboard Cite

show abstract

“…Generic attacks have also been reported on hash modes other than the plain Merkle-Damgärd mode. A few of these are the 2nd pre-image attacks on the dithered variants of the Merkle-Damgärd construction [1], a pre-image attack on the JH mode [8], 1st/2nd pre-image and multi-collision attacks on the Sponge construction when the state-size is not sufficiently large [7], collision attacks on some concatenated hash functions [13], multi-collisions in iterated concatenated and expanded hash functions [12], and multi-collisions on some generalized sequential hash functions [18].…”

Section: Introductionmentioning

confidence: 99%

“…More technically, the indifferentiability framework measures the extent to which a hash function behaves as a random oracle under the assumption that the underlying small compression function is an ideal object. The class of indifferentiability attacks includes more attacks [2,8,9] than just useful generic attacks as above. Thus in some sense, an indifferentiable hash function can be viewed as eliminating potential future attacks.…”

Section: Introductionmentioning

confidence: 99%

“…Since its publication in 2007, the JH mode of operation has undergone an extensive security analysis. The first published analysis of the JH mode was done by Bhattacharyya, Mandal and Nandi, who showed that the indifferentiability security of the basic version of the JH mode up to n/3 bits [8]; 1 they have also shown a generic pre-image attack on the JH mode with (information theoretic) work which is slightly less than n bits. A year later, in [16], it was shown that the JH mode achieves the optimal collision resistance of up to n/2 bits.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improved indifferentiability security bound for the JH mode

Moody

Paul

Smith-Tone

2015

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Indifferentiability security of a hash mode of operation guarantees the mode's resistance against all (meaningful) generic attacks. It is also useful to establish the security of protocols that use hash functions as random functions. The JH hash function is one of the five finalists in the ongoing NIST SHA-3 hash function competition. Despite several years of analysis, the indifferentiability security of the JH mode (with n-bit digest and 2n-bit permutation) has remained remarkably low, only at n/3 bits (FSE 2010), while the other four finalist modes -with comparable parameter values -offer a security guarantee of n/2 bits. In this paper, we improve the indifferentiability security bound for the JH mode to n/2 bits (e.g. from 171 to 256 bits when n = 512). To put this into perspective, our result guarantees the absence of attacks on both JH-256 and JH-512 hash functions with time less than approximately 2 256 computations of the underlying 1024-bit permutation, under the assumption that the basic permutation is structurally strong. Our bounds are optimal for JH-256, and the best, so far, for JH-512. We obtain this improved bound by establishing an isomorphism of certain query-response graphs through a careful design of the simulators and the bad events. Our experimental data strongly supports the theoretically obtained results.

show abstract

“…There are many theoretical studies about classical Hash functions [21,22] and mature Hash functions such as MD5, SHA1 and SHA512. Now classical Hash functions are used extensively in quantum protocols to ensure the safety of quantum communication [23,24], yet it is contradictory with the fact that the quantum computer can crack most classical Hash functions.…”

mentioning

confidence: 99%

Discrete-time interacting quantum walks and quantum Hash schemes

Zhang

Guo

et al. 2012

Quantum Inf Process

View full text Add to dashboard Cite

Through introducing discrete-time quantum walks on the infinite line and on circles, we present a kind of two-particle interacting quantum walk which has two kinds of interactions. We investigate the characteristics of this kind of quantum walk and the time evolution of the two particles. Then we put forward a kind of quantum Hash scheme based on two-particle interacting quantum walks and discuss their feasibility and security. The security of this kind of quantum Hash scheme relies on the infinite possibilities of the initial state rather than the algorithmic complexity of hard problems, which will greatly enhance the security of the Hash schemes.

show abstract

Security Analysis of the Mode of JH Hash Function

Cited by 32 publications

References 17 publications

Key Wrapping with a Fixed Permutation

Key Wrapping with a Fixed Permutation

Improved indifferentiability security bound for the JH mode

Discrete-time interacting quantum walks and quantum Hash schemes

Contact Info

Product

Resources

About