sha 3 vs the world

SHA-3 vs the world David Wong Snefru MD4 Snefru MD4 Snefru MD4 - PowerPoint PPT Presentation

SHA-3 vs the world David Wong Snefru MD4 Snefru MD4 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd


  1. SHA-3 vs the world David Wong

  2. Snefru MD4

  3. Snefru MD4

  4. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  5. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  6. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  7. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  8. Keccak BLAKE, Grøstl, JH, Skein

  9. Outline 1.SHA-3 2.derived functions 3.derived protocols

  10. f permutation -based cryptography

  11. AES is a permutation input AES output

  12. AES is a permutation 0 input 0 0 0 0 0 0 AES 0 key 0 0 0 0 0 0 0 output 0

  13. Sponge Construction f

  14. Sponge Construction 0 0 0 1 0 0 0 1 f 0 1 0 0 0 0 0 1

  15. Sponge Construction 0 0 0 1 r 0 0 0 1 f 0 1 0 0 c 0 0 0 1

  16. Sponge Construction 0 0 0 1 r 0 0 r c 0 1 f 0 1 0 0 0 0 0 c 0 0 0 0 0 0 1 0 AES 0 key 0 0 0 0 0 0 0 0

  17. Sponge Construction message 0 1 0 1 ⊕ 0 1 0 0 f 0 0 0 0 0 1 0 0

  18. Sponge Construction message 0 0 ⊕ ⊕ 0 0 f 0 0 0 0

  19. Sponge Construction message 0 0 ⊕ ⊕ 0 0 f f 0 0 0 0

  20. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f 0 0 0 0

  21. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0

  22. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0 absorbing

  23. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0 absorbing

  24. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 0 absorbing

  25. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 0 absorbing

  26. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing

  27. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  28. Keccak Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche

  29. 2007 SHA-3 competition 2012

  30. 2007 SHA-3 competition 2012 SHA-3 standard (FIPS 202) 2015

  31. Where is SHA-3 being used?

  32. Outline 1.SHA-3 2.derived functions 3.derived protocols

  33. SHAKE is a XOF

  34. 2007 SHA-3 competition 2012 SHA-3 standard (FIPS 202) 2015 SP 800-185 2016

  35. KMAC TupleHash ParallelHash

  36. KMAC message || SHA-256(message) TupleHash ParallelHash

  37. KMAC message || SHA-256(key||message) TupleHash ParallelHash

  38. KMAC message || more || SHA-256(key||message||more) TupleHash ParallelHash

  39. KMAC message || SHAKE(key || message) TupleHash ParallelHash

  40. KMAC message || SHAKE(key || message) TupleHash my RSA public key = (e, N) ParallelHash

  41. KMAC message || SHAKE(key || message) TupleHash my RSA public key = (e, N) fingerprint = SHA-256(e || N) ParallelHash

  42. KMAC message || SHAKE(key || message) TupleHash e N fingerprint1 = SHA-256( 1010110000000010001 …) ParallelHash

  43. KMAC message || SHAKE(key || message) TupleHash e N fingerprint1 = SHA-256( 1010110000000010001 …) e N fingerprint2 = SHA-256( 1010110000000010001 …) ParallelHash

  44. KMAC message || SHAKE(key || message) TupleHash SHAKE(len(e) || e || len(N) || N) ParallelHash

  45. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  46. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  47. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  48. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  49. KMAC message || SHAKE(key || message) TupleHash SHAKE(len(e) || e || len(N) || N) ParallelHash SHAKE(SHAKE(b1) || SHAKE(b2) || SHAKE(b3) || …)

  50. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016

  51. Keyak and Ketje

  52. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016 KangarooTwelve & MarsupilamiFourteen

  53. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016 KangarooTwelve & MarsupilamiFourteen

  54. github.com/gvanas/KeccakCodePackage

  55. Outline 1.SHA-3 2.derived functions 3.derived protocols

  56. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  57. Duplex Construction input output input output input output 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 init 0 duplexing duplexing duplexing

  58. Keyed-mode key 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  59. Keyed-mode key secret part 0 0 ⊕ 0 leak 0 f 0 0 0 init duplexing 0

  60. Encryption? key 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  61. Encryption key ciphertext1 plaintext1 ⊕ 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  62. Authenticated Encryption key tag1 ciphertext1 plaintext1 ⊕ 0 0 ⊕ ⊕ 0 0 f f 0 0 0 init duplexing duplexing 0

  63. Sessions key tag1 ciphertext2 tag2 ciphertext1 plaintext2 plaintext1 ⊕ ⊕ 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 init duplexing duplexing duplexing duplexing 0

  64. Strobe myProtocol = Strobe_init (“myWebsite.com”) myProtocol. KEY (sharedSecret) buffer += myProtocol. send_ENC (“GET /”) buffer += myProtocol. send_MAC (len=16) // send the buffer // receive a ciphertext message = myProtocol. recv_ENC (ciphertext[:-16]) ok = myProtocol. recv_MAC (ciphertext[-16:]) if !ok { // reset the connection }

  65. Hash Function myHash = Strobe_init (“hash”) myHash. AD (“something to be hashed”) hash = myHash. PRF (outputLen=16)

  66. Key Derivation Function KDF = Strobe_init (“deriving keys”) KDF. KEY (keyExchangeOutput) keys = KDF. PRF (outputLen=32) key1 = keys[:16] key2 = keys[16:]

  67. operation = AD data = 010100… ⊕ ⊕

  68. operation = AD operation = send_MAC data = 010100… tag len = 16 ⊕ ⊕ ⊕ f

  69. operation = KEY data = 010100… 0 0 0 ⊕ 0 f 0 0 0 init 0

  70. operation = KEY operation = send_ENC data = 010100… data = hello 0 ciphertext 0 0 ⊕ ⊕ ⊕ 0 f f 0 0 0 init 0

  71. operation = send_MAC operation = KEY operation = send_ENC data = 010100… data = hello tag 0 ciphertext 0 len = 16 0 ⊕ ⊕ ⊕ ⊕ 0 f f f 0 0 0 init 0

  72. strobe.sourceforge.io

  73. Outline 1.SHA-3 2.derived functions 3.derived protocols 4.Disco?

  74. Noise + Strobe = Disco www.discocrypto.com

  75. I write about crypto at www.cryptologie.net I tweet my mind on twitter.com/lyon01_david and I work here

Recommend


More recommend