lux hash function
play

LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry - PowerPoint PPT Presentation

Mar 19, 2024 •245 likes •539 views

LUX Hash Function LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages LUX Hash Function Design Design LUX Hash

  1. LUX Hash Function LUX Hash Function Ivica Nikoli´ c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

  2. LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages

  3. LUX Hash Function Design Design

  4. LUX Hash Function Design General Design of LUX Stream based (RadioGatun like) hash function Big internal state - 3 × message digest Message is processed by small (32-bit or 64-bit) chunks Round function uses Rijndael-like transformation

  5. LUX Hash Function Design The internal state of LUX The state can be divided into two parts: Buffer - m × 16 matrix of bytes (light transforms) Core - m × 8 matrix of bytes (heavy transforms) Output m Core Buffer Total 256 4 4 × 8 4 × 16 96 512 8 8 × 8 8 × 16 192 Feedforwards between the core and the buffer in each round

  6. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  7. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  8. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  9. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  10. LUX Hash Function Design State update function (round transformation) Rijndael round Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  11. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  12. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  13. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  14. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  15. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  16. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  17. LUX Hash Function Design State update function (round transformation) Message XOR to the core and the buffer Update of the core and the buffer XOR of the core to the buffer Feedforward from the buffer to the core

  18. LUX Hash Function Design Hashing m 1 m 2 m 3 m k 0 0 0 0 0 0 ... ... ... h 1 h 2 h 3 Three phases of hashing: Input phase - absorb the whole message Blank rounds phase - increase diffusion of the last message blocks Output phase - produce the hash value from the state

  19. LUX Hash Function Security Analysis Security Security

  20. LUX Hash Function Security Analysis Multicollisions, length-extension, herding, 2-nd Multicollision, length-extension and herding attacks require internal collisions 2-nd preimage attack (Dean, Kelsey-Schneier) requires finding at least one preimage for some intermediate state value The big internal state of LUX-n has 3 n bits ⇒ internal collisions/preimages are expensive

  21. LUX Hash Function Security Analysis Collisions Truncated differentials (see Peyrin’s attack on Grindahl) Build a trail of truncated differentials Complexity of the attack depends on the number of active S-Boxes Fix some values of the S-Boxes with the message input The best truncated differential trail found for LUX-256 has 88 active S-Boxes where 38 can be fixed ⇒ complexity 2 300

  22. LUX Hash Function Security Analysis Preimages Whole execution of LUX is invertible ⇒ try MITM attack for preimages Big internal state ( 3 n ) stops this attack Try to fix some intermediate values in the buffer. Due to the xor of the core to the buffer, only n bits can be fixed ⇒ complexity of MITM on 2 n -bit state is 2 n

  23. LUX Hash Function Security Analysis Recent cryptanalysis Free-start collisions/preimages and distinguishers (Wu et al.) Free start attacks on invertible functions are trivial. Outputting the whole state at once stops the distinguisher based on the properties of the output transform Length extension slide attack (Peyrin) Needs salt size to be equal to 31 (mod 32) bits. Salt size is fixed to 128-bits in LUX.

  24. LUX Hash Function Implementation Implementation Implementation

  25. LUX Hash Function Implementation Implementation results Primitive comparation to AES (counting the number of XORs and table look-ups) gives a speed-up of 1.2 in favor of LUX 224/256 384/512 32-bit (C) 16.7 28.2 64-bit (asm) 10.2 9.5 Speed on 32-bit can be improved with an assembler implementation The new Intel instruction set can improve the speed of LUX-256

  26. LUX Hash Function Advantages Advantages Advantages

  27. LUX Hash Function Advantages Pros Rijndael-based - well analyzed transformation Cryptanalysis can be focused only on the construction Implementation tricks of Rijndael can be used in LUX Speed - one of the fastest on both 32 and 64-bit platforms Stable high speed on various processors (AMD, Intel) Overperforms all AES based functions

  28. LUX Hash Function Check LUX embourg on cryptolux.org/LUX

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D { 0 , 1 } n that is compressing, meaning | D | > 2 n . E.g. D = { 0 , 1 } 2 64 is the set of all strings of length at most 2 64 . h n MD4

1.13k views • 78 slides
, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

R ADIO G ATN , R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni, Joan Daemen, Michal Peeters * and Gilles Van Assche STMicroelectronics * De Valck Consultants Second Cryptographic Hash Workshop

474 views • 16 slides
Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Dictionaries 1/19/2005 11:37 PM Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to Dictionaries and Hash Tables integers in a fixed interval [0, N 1] Example: h ( x ) = x mod N 0 is a hash function for

503 views • 4 slides
The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009 Niels Ferguson Stefan Lucks Bruce Schneier Doug Whiting Mihir Bellare Tadayoshi Kohno Jon Callas Jesse Walker Overview Fast 6.1 cycles/byte on

581 views • 16 slides
Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into arrays: hash tables Converting long strings into shorter strings in an irreversible way: one-way function Turn a 200 KB document into a 16

434 views • 5 slides
Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it")

Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it")

Hashing: basic plan Save items in a key-indexed table (index is a function of the key). Hashing 0 Hash function. Method for computing array index from key. 1 2 hash("it") = 3 Tyler Moore 3 "it" ?? 4 CS 2123, The

559 views • 6 slides
pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

Syndrome Based Collision Resistant Hashing Matthieu Finiasz pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks Proposed Improvements and Parameters pq 1 Description of the FSB Hash Function pq

286 views • 28 slides
Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U|

Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U|

Hash Table In a hash table, we allocate an array of size m, which is much smaller than |U| (the set of keys). Tirgul 9 We use a hash function h() to determine the entry of each key. Hash Tables (continued) Reminder The crucial

151 views • 4 slides
Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash Functions June 2013 Bart Preneel Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis: basic topics Bart Preneel This is an input to

402 views • 14 slides
New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel

New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel

New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Ben-Gurion University, Israel Cryptographic Hash Functions A cryptographic hash function is hash function H:{0,1}*-> {0,1} n with strong requirements : Collision

461 views • 33 slides
ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long

ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long

Improved Cryptanalysis of Reduced RIPEMD-160 Florian Mendel, Thomas Peyrin, Martin Schlffer, Lei Wang, and Shuang Wu ASIACRYPT 2013 1 Cryptographic Hash Function Public function Input: arbitrary long messages Output: short random

840 views • 50 slides
Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016

Hash function based on the SIS problem HEBANT Chlo e University of Limoges Summer 2016 HEBANT Chlo e Hash function based on the SIS problem Summer 2016 1 / 19 Introduction Hash function 1 One-way collision-resistant Ajtai function

458 views • 26 slides
Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 Yu Sasaki 1 and Lei Wang 2 1 NTT Secure Platform Laboratories 2 Nanyang Technological University, Singapore SAC 2013 (16/August/2013) 1 Hash Function Based

822 views • 25 slides
Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash

Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash

Hash Tables 1 Hash Table in Primary Storage Main parameter B = number of buckets Hash function h maps key to numbers from 0 to B-1 Bucket array indexed from 0 to B-1 Each bucket contains exactly one value Strategy

460 views • 33 slides
Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity Cryptographic Hash Function: Provides assurance of data integrity Let h be a hash function and x some data. The hash creates a fingerprint of the data,

564 views • 31 slides
Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in modern cryptography and security In crypto, instantiates a Random Oracle In security, used in a variety of authentication and integrity

693 views • 20 slides
Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer

Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer

Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer Extraordinaire @tomprats github.com/tomprats www.tomify.me API @tomprats github.com/tomprats www.tomify.me @tomprats github.com/tomprats www.tomify.me

734 views • 60 slides
Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages

Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages

Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages -~800 million mobile, ~200-300 mn migrant workers Authentication Scenarios Government e-praman authentication framework - PKI In

639 views • 35 slides
The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004

The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004

The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004 Accomplishments Current & Future Technology Technomap CGL Cluster Spec Analysis July August September October November

399 views • 23 slides
Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

. Hash Tables September 25th, 2012 Biostatistics 615/815 - Lecture 7 Hyun Min Kang September 25th, 2012 Hyun Min Kang Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap . . . . . . . . . . .

563 views • 45 slides
Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and

Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and

Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and Jeppe Nejsum Madsen Speaker Jeppe Nejsum Madsen July 5th, SWAT2002 p.1/ ?? Relations A relation consists of a scheme and an

386 views • 21 slides
How to Construct State Registries Matching State registry Na ve solution Undeniability with

How to Construct State Registries Matching State registry Na ve solution Undeniability with

Secure registries M. Kutyowski How to Construct State Registries Matching State registry Na ve solution Undeniability with Public Security Our solution Mirosaw Kutyowski joint work with Przemysaw Kubiak and Jun Shao

330 views • 18 slides
Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is

Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is

Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is un- Dimensions ending in each Nodes dimension. It is a Hashing circle where the last Realities address neighbours Zone takeover the first,

922 views • 10 slides

More recommend