streamhash2 hash function - instytut...
TRANSCRIPT
![Page 1: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/1.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 Hash Function
Michał Trojnara
Institute of TelecommunicationsFaculty of Electronics and Information Technology
Warsaw University of Technology
26 May 2010
Michał Trojnara StreamHash2 Hash Function
![Page 2: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/2.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
Outline
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 3: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/3.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 4: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/4.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 5: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/5.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 6: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/6.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 7: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/7.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 8: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/8.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 9: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/9.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
History of StreamHash Family
Jan 2007 NIST published draft of requirements for theSHA-3 competition
Nov 2007 NIST requested submissions for new hashfunctions
Oct 2008 StreamHash function submitted for the SHA-3competition
Dec 2008 StreamHash function published by NISTDec 2008 Published attacks against StreamHash function
2009-2010 Working on the successor – StreamHash2
Michał Trojnara StreamHash2 Hash Function
![Page 10: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/10.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 11: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/11.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Preimage Attack
Dmitry Khovratovich and Ivica Nikolic, University ofLuxembourgMulticollision Attack (Antoine Joux: Multicollisions inIterated Hash Functions, CRYPTO 2004)
Complexity of n2 · 2
n/4 for finding collisionsComplexity of n
2 · 2n/2 for finding preimages
Issue addressed in StreamHash2 by introducing a counter
Michał Trojnara StreamHash2 Hash Function
![Page 12: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/12.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Preimage Attack
Dmitry Khovratovich and Ivica Nikolic, University ofLuxembourgMulticollision Attack (Antoine Joux: Multicollisions inIterated Hash Functions, CRYPTO 2004)
Complexity of n2 · 2
n/4 for finding collisionsComplexity of n
2 · 2n/2 for finding preimages
Issue addressed in StreamHash2 by introducing a counter
Michał Trojnara StreamHash2 Hash Function
![Page 13: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/13.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Preimage Attack
Dmitry Khovratovich and Ivica Nikolic, University ofLuxembourgMulticollision Attack (Antoine Joux: Multicollisions inIterated Hash Functions, CRYPTO 2004)
Complexity of n2 · 2
n/4 for finding collisionsComplexity of n
2 · 2n/2 for finding preimages
Issue addressed in StreamHash2 by introducing a counter
Michał Trojnara StreamHash2 Hash Function
![Page 14: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/14.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Collision Attack
Tor E. Bjørstad, Department of Informatics, University ofBergen, NorwayInternal state cyclesThe ⊕ operation of StreamHash did not propagatechanges between the four bytes of the 32-byte state wordIssue addressed by replacing ⊕ operation with �
Michał Trojnara StreamHash2 Hash Function
![Page 15: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/15.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Collision Attack
Tor E. Bjørstad, Department of Informatics, University ofBergen, NorwayInternal state cyclesThe ⊕ operation of StreamHash did not propagatechanges between the four bytes of the 32-byte state wordIssue addressed by replacing ⊕ operation with �
Michał Trojnara StreamHash2 Hash Function
![Page 16: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/16.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
HistoryPrior Cryptanalysis
Collision Attack
Tor E. Bjørstad, Department of Informatics, University ofBergen, NorwayInternal state cyclesThe ⊕ operation of StreamHash did not propagatechanges between the four bytes of the 32-byte state wordIssue addressed by replacing ⊕ operation with �
Michał Trojnara StreamHash2 Hash Function
![Page 17: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/17.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 18: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/18.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Functional Requirements
Hash function h(m) is expected to meet the followingrequirements
Input m can be of any lengthOutput of h(m) has a predefined, fixed lengthh(m) is fast to compute for any given m
Michał Trojnara StreamHash2 Hash Function
![Page 19: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/19.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Functional Requirements
Hash function h(m) is expected to meet the followingrequirements
Input m can be of any lengthOutput of h(m) has a predefined, fixed lengthh(m) is fast to compute for any given m
Michał Trojnara StreamHash2 Hash Function
![Page 20: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/20.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Functional Requirements
Hash function h(m) is expected to meet the followingrequirements
Input m can be of any lengthOutput of h(m) has a predefined, fixed lengthh(m) is fast to compute for any given m
Michał Trojnara StreamHash2 Hash Function
![Page 21: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/21.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Security Requirements
Preimage resistancePractically infeasible for any given h(m) to compute mSecond preimage resistancePractically infeasible for any given m1 message it isinfeasible to find another m2 such that h(m1) = h(m2)
Collision resistancePractically infeasible to find two different messages m1 andm2 such that h(m1) = h(m2)
Michał Trojnara StreamHash2 Hash Function
![Page 22: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/22.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Security Requirements
Preimage resistancePractically infeasible for any given h(m) to compute mSecond preimage resistancePractically infeasible for any given m1 message it isinfeasible to find another m2 such that h(m1) = h(m2)
Collision resistancePractically infeasible to find two different messages m1 andm2 such that h(m1) = h(m2)
Michał Trojnara StreamHash2 Hash Function
![Page 23: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/23.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Security Requirements
Preimage resistancePractically infeasible for any given h(m) to compute mSecond preimage resistancePractically infeasible for any given m1 message it isinfeasible to find another m2 such that h(m1) = h(m2)
Collision resistancePractically infeasible to find two different messages m1 andm2 such that h(m1) = h(m2)
Michał Trojnara StreamHash2 Hash Function
![Page 24: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/24.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 25: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/25.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Merkle-Damgård Construction
Michał Trojnara StreamHash2 Hash Function
![Page 26: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/26.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
RequirementsTraditional Design
Davies-Meyer Compression Function
Hi ← Emi (Hi−1)⊕ Hi−1
Michał Trojnara StreamHash2 Hash Function
![Page 27: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/27.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 28: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/28.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
State Vector
State vector consists of 32-bit words7× 32 = 224 bits8× 32 = 256 bits12× 32 = 384 bits16× 32 = 512 bits
Michał Trojnara StreamHash2 Hash Function
![Page 29: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/29.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
NLF Transformation
NLF is a non-linear transformation based on an S-BOX
Michał Trojnara StreamHash2 Hash Function
![Page 30: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/30.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
StreamHash Family Structure
Michał Trojnara StreamHash2 Hash Function
![Page 31: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/31.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
NLF Implementation of StreamHash2 Function
statei+1 ← statei � S-BOX [LSB(statei)⊕ b ⊕ i] � c
, where:b processed byte valuec processed byte indexi state vector index
S-BOX S-BOX tablestate state vector
Michał Trojnara StreamHash2 Hash Function
![Page 32: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/32.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Next Section
1 Origins of StreamHash FamilyHistoryPrior Cryptanalysis
2 Hash FunctionsRequirementsTraditional Design
3 StreamHash2StreamHash2 DesignProperties
4 Conclusion
Michał Trojnara StreamHash2 Hash Function
![Page 33: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/33.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Simplicity
Clear and easy to analyze designMinimal size of codeMinimal size of variablesLow size of static dataFlexible hash value length
Michał Trojnara StreamHash2 Hash Function
![Page 34: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/34.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Simplicity
Clear and easy to analyze designMinimal size of codeMinimal size of variablesLow size of static dataFlexible hash value length
Michał Trojnara StreamHash2 Hash Function
![Page 35: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/35.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Simplicity
Clear and easy to analyze designMinimal size of codeMinimal size of variablesLow size of static dataFlexible hash value length
Michał Trojnara StreamHash2 Hash Function
![Page 36: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/36.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Simplicity
Clear and easy to analyze designMinimal size of codeMinimal size of variablesLow size of static dataFlexible hash value length
Michał Trojnara StreamHash2 Hash Function
![Page 37: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/37.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Simplicity
Clear and easy to analyze designMinimal size of codeMinimal size of variablesLow size of static dataFlexible hash value length
Michał Trojnara StreamHash2 Hash Function
![Page 38: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/38.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Performance
Easy to parallelize internal structureNegligible performance impact of machine endiannessHigh performance on 8-bit and 16-bit architecturesLow latencyHigh throughput for short messages
Michał Trojnara StreamHash2 Hash Function
![Page 39: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/39.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Performance
Easy to parallelize internal structureNegligible performance impact of machine endiannessHigh performance on 8-bit and 16-bit architecturesLow latencyHigh throughput for short messages
Michał Trojnara StreamHash2 Hash Function
![Page 40: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/40.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Performance
Easy to parallelize internal structureNegligible performance impact of machine endiannessHigh performance on 8-bit and 16-bit architecturesLow latencyHigh throughput for short messages
Michał Trojnara StreamHash2 Hash Function
![Page 41: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/41.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Performance
Easy to parallelize internal structureNegligible performance impact of machine endiannessHigh performance on 8-bit and 16-bit architecturesLow latencyHigh throughput for short messages
Michał Trojnara StreamHash2 Hash Function
![Page 42: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/42.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
Streamhash2 Advantages – Performance
Easy to parallelize internal structureNegligible performance impact of machine endiannessHigh performance on 8-bit and 16-bit architecturesLow latencyHigh throughput for short messages
Michał Trojnara StreamHash2 Hash Function
![Page 43: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/43.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
StreamHash2 Disadvantages
Expensive hardware implementationSide-channel attacks on S-BOX lookupsMathematical background not well studied in cryptographicapplications
Michał Trojnara StreamHash2 Hash Function
![Page 44: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/44.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
StreamHash2 Disadvantages
Expensive hardware implementationSide-channel attacks on S-BOX lookupsMathematical background not well studied in cryptographicapplications
Michał Trojnara StreamHash2 Hash Function
![Page 45: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/45.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
StreamHash2 DesignProperties
StreamHash2 Disadvantages
Expensive hardware implementationSide-channel attacks on S-BOX lookupsMathematical background not well studied in cryptographicapplications
Michał Trojnara StreamHash2 Hash Function
![Page 46: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/46.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
Conclusion
A new family of cryptographic hash functions was proposedSecurity properties of this new family require some furtheranalysis
Michał Trojnara StreamHash2 Hash Function
![Page 47: StreamHash2 Hash Function - Instytut Telekomunikacjicygnus.tele.pw.edu.pl/~zkotulsk/seminarium/trojnara-2010.pdfDmitry Khovratovich and Ivica Nikolic, University of´ Luxembourg Multicollision](https://reader033.vdocuments.net/reader033/viewer/2022051911/600111b251f0ce7e8f758b6a/html5/thumbnails/47.jpg)
Origins of StreamHash FamilyHash Functions
StreamHash2Conclusion
Conclusion
A new family of cryptographic hash functions was proposedSecurity properties of this new family require some furtheranalysis
Michał Trojnara StreamHash2 Hash Function