sha 3 vs the world

SHA-3 vs the world David Wong Snefru MD4 Snefru MD4 Snefru MD4 - PowerPoint PPT Presentation

Dec 11, 2023 •390 likes •1.27k views

SHA-3 vs the world David Wong Snefru MD4 Snefru MD4 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd SHA-1 SHA-2 Snefru MD4 MD5 MerkleDamgrd

  1. SHA-3 vs the world David Wong

  2. Snefru MD4

  3. Snefru MD4

  4. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  5. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  6. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  8. Snefru MD4 MD5 Merkle–Damgård SHA-1 SHA-2

  11. Keccak BLAKE, Grøstl, JH, Skein

  12. Outline 1.SHA-3 2.derived functions 3.derived protocols

  13. f permutation -based cryptography

  14. AES is a permutation input AES output

  15. AES is a permutation 0 input 0 0 0 0 0 0 AES 0 key 0 0 0 0 0 0 0 output 0

  16. Sponge Construction f

  17. Sponge Construction 0 0 0 1 0 0 0 1 f 0 1 0 0 0 0 0 1

  18. Sponge Construction 0 0 0 1 r 0 0 0 1 f 0 1 0 0 c 0 0 0 1

  19. Sponge Construction 0 0 0 1 r 0 0 r c 0 1 f 0 1 0 0 0 0 0 c 0 0 0 0 0 0 1 0 AES 0 key 0 0 0 0 0 0 0 0

  20. Sponge Construction message 0 1 0 1 ⊕ 0 1 0 0 f 0 0 0 0 0 1 0 0

  21. Sponge Construction message 0 0 ⊕ ⊕ 0 0 f 0 0 0 0

  22. Sponge Construction message 0 0 ⊕ ⊕ 0 0 f f 0 0 0 0

  23. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f 0 0 0 0

  24. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0

  25. Sponge Construction message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0 absorbing

  26. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 0 absorbing

  27. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 0 absorbing

  28. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 0 absorbing

  29. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing

  30. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  32. Keccak Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche

  33. 2007 SHA-3 competition 2012

  35. 2007 SHA-3 competition 2012 SHA-3 standard (FIPS 202) 2015

  38. Where is SHA-3 being used?

  39. Outline 1.SHA-3 2.derived functions 3.derived protocols

  41. SHAKE is a XOF

  43. 2007 SHA-3 competition 2012 SHA-3 standard (FIPS 202) 2015 SP 800-185 2016

  44. KMAC TupleHash ParallelHash

  45. KMAC message || SHA-256(message) TupleHash ParallelHash

  46. KMAC message || SHA-256(key||message) TupleHash ParallelHash

  47. KMAC message || more || SHA-256(key||message||more) TupleHash ParallelHash

  48. KMAC message || SHAKE(key || message) TupleHash ParallelHash

  49. KMAC message || SHAKE(key || message) TupleHash my RSA public key = (e, N) ParallelHash

  50. KMAC message || SHAKE(key || message) TupleHash my RSA public key = (e, N) fingerprint = SHA-256(e || N) ParallelHash

  51. KMAC message || SHAKE(key || message) TupleHash e N fingerprint1 = SHA-256( 1010110000000010001 …) ParallelHash

  52. KMAC message || SHAKE(key || message) TupleHash e N fingerprint1 = SHA-256( 1010110000000010001 …) e N fingerprint2 = SHA-256( 1010110000000010001 …) ParallelHash

  53. KMAC message || SHAKE(key || message) TupleHash SHAKE(len(e) || e || len(N) || N) ParallelHash

  54. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  55. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  56. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  57. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  58. KMAC message || SHAKE(key || message) TupleHash SHAKE(len(e) || e || len(N) || N) ParallelHash SHAKE(SHAKE(b1) || SHAKE(b2) || SHAKE(b3) || …)

  59. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016

  60. Keyak and Ketje

  61. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016 KangarooTwelve & MarsupilamiFourteen

  63. 2007 SHA-3 competition 2012 SHA-3 / SHAKE 2015 TupleHash / ParallelHash / KMAC 2016 KangarooTwelve & MarsupilamiFourteen

  64. github.com/gvanas/KeccakCodePackage

  65. Outline 1.SHA-3 2.derived functions 3.derived protocols

  66. Sponge Construction output message 0 0 ⊕ ⊕ ⊕ 0 0 f f f f f 0 0 0 0 absorbing squeezing

  67. Duplex Construction input output input output input output 0 0 ⊕ ⊕ ⊕ 0 0 f f f 0 0 0 init 0 duplexing duplexing duplexing

  68. Keyed-mode key 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  69. Keyed-mode key secret part 0 0 ⊕ 0 leak 0 f 0 0 0 init duplexing 0

  70. Encryption? key 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  71. Encryption key ciphertext1 plaintext1 ⊕ 0 0 ⊕ 0 0 f 0 0 0 init duplexing 0

  72. Authenticated Encryption key tag1 ciphertext1 plaintext1 ⊕ 0 0 ⊕ ⊕ 0 0 f f 0 0 0 init duplexing duplexing 0

  73. Sessions key tag1 ciphertext2 tag2 ciphertext1 plaintext2 plaintext1 ⊕ ⊕ 0 0 ⊕ ⊕ ⊕ 0 0 f f f f 0 0 0 init duplexing duplexing duplexing duplexing 0

  74. Strobe myProtocol = Strobe_init (“myWebsite.com”) myProtocol. KEY (sharedSecret) buffer += myProtocol. send_ENC (“GET /”) buffer += myProtocol. send_MAC (len=16) // send the buffer // receive a ciphertext message = myProtocol. recv_ENC (ciphertext[:-16]) ok = myProtocol. recv_MAC (ciphertext[-16:]) if !ok { // reset the connection }

  76. Hash Function myHash = Strobe_init (“hash”) myHash. AD (“something to be hashed”) hash = myHash. PRF (outputLen=16)

  77. Key Derivation Function KDF = Strobe_init (“deriving keys”) KDF. KEY (keyExchangeOutput) keys = KDF. PRF (outputLen=32) key1 = keys[:16] key2 = keys[16:]

  78. operation = AD data = 010100… ⊕ ⊕

  79. operation = AD operation = send_MAC data = 010100… tag len = 16 ⊕ ⊕ ⊕ f

  80. operation = KEY data = 010100… 0 0 0 ⊕ 0 f 0 0 0 init 0

  81. operation = KEY operation = send_ENC data = 010100… data = hello 0 ciphertext 0 0 ⊕ ⊕ ⊕ 0 f f 0 0 0 init 0

  82. operation = send_MAC operation = KEY operation = send_ENC data = 010100… data = hello tag 0 ciphertext 0 len = 16 0 ⊕ ⊕ ⊕ ⊕ 0 f f f 0 0 0 init 0

  83. strobe.sourceforge.io

  84. Outline 1.SHA-3 2.derived functions 3.derived protocols 4.Disco?

  85. Noise + Strobe = Disco www.discocrypto.com

  86. I write about crypto at www.cryptologie.net I tweet my mind on twitter.com/lyon01_david and I work here

Recommend

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash Functions June 2013 Bart Preneel Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis: basic topics Bart Preneel This is an input to

402 views • 14 slides
Post Quantum Cryptography Kenny Paterson Information Security Group @kennyog Lifetime of a Hash

Post Quantum Cryptography Kenny Paterson Information Security Group @kennyog Lifetime of a Hash

Post Quantum Cryptography Kenny Paterson Information Security Group @kennyog Lifetime of a Hash Algorithm SHA-1 1995: SHA-1 published (NIST, tweak of 1993 SHA-0 design) 1990s: (various attacks on SHA-0, validating switch to SHA-1)

345 views • 31 slides
SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of

SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of

The SHA-1 Hash Function Chosen-prefix Collisions Our Results Conclusion Extra Materials SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust Ga etan Leurent (INRIA - France) Thomas Peyrin (NTU

650 views • 29 slides
rhythm and the enactive sense of extent and duration SYNTHESIS ASU SHA XIN WEI Sha Xin Wei

rhythm and the enactive sense of extent and duration SYNTHESIS ASU SHA XIN WEI Sha Xin Wei

rhythm and the enactive sense of extent and duration SYNTHESIS ASU SHA XIN WEI Sha Xin Wei Synthesis Center + AME @ ASU Topological Media Lab @ Concordia Sha SLSA 161105 synthesiscenter.net Koyaanisqatsi, Godfrey Reggio, Philip

1k views • 71 slides
1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in

1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in

1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in Camp Tien Sha 4. interior shot with temp stored cargo 5. LST offload ramps, staging area and DeLong pier 6. Army pontoon ferry needed when the

515 views • 17 slides
SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust

SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust

Introduction Record computation PGP/GPG Impersonation Conclusion SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust Gatan Leurent Thomas Peyrin Inria, France NTU, Singapore Real World Crypto

1.29k views • 25 slides
2012 Product Costing Recipe Spice Adeel A. Siddiqui Sha n F o o ds (Priva te ) L td . wa s

2012 Product Costing Recipe Spice Adeel A. Siddiqui Sha n F o o ds (Priva te ) L td . wa s

2012 Product Costing Recipe Spice Adeel A. Siddiqui Sha n F o o ds (Priva te ) L td . wa s fo unde d in 1981 in a sing le ro o m a s Sha n Ma sa la . L a te r, due to its po pula rity, the c o mpa ny wa s na me d Sha n F o o ds. It

365 views • 21 slides
2012 Sales Forcasting Recipe Spice Shan Foods Private Limited Sha n F o o ds (Priva te ) L

2012 Sales Forcasting Recipe Spice Shan Foods Private Limited Sha n F o o ds (Priva te ) L

2012 Sales Forcasting Recipe Spice Shan Foods Private Limited Sha n F o o ds (Priva te ) L td . wa s fo unde d in 1981 in a sing le ro o m a s Sha n Ma sa la . L a te r, due to its po pula rity, the c o mpa ny wa s na me d Sha n F o

585 views • 23 slides
Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] No external

730 views • 16 slides
Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 Nanyang Technological

Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 Nanyang Technological

Description of SHA-2 Description of Preimage Attack Application to SHA-2 Conclusions Preimages for Step-Reduced SHA-2 Jian Guo 1 Krystian Matusiewicz 2 Nanyang Technological University, Singapore Technical University of Denmark NTU, 25 Nov

249 views • 21 slides
Security of SHA-3 and Related Constructions Jian Guo FSE 2019 @ Paris, France. 27th March 2019

Security of SHA-3 and Related Constructions Jian Guo FSE 2019 @ Paris, France. 27th March 2019

Security of SHA-3 and Related Constructions Jian Guo FSE 2019 @ Paris, France. 27th March 2019 J. Guo Security of SHA-3 and Related Constructions FSE 2019 @ Paris 1 / 49 Acknowledgements Thomas Peyrin FSE 2019 @ Paris Security of SHA-3

889 views • 66 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
verifying SHA using VST Freek Wiedijk last paper in the reading list of Type Theory & Coq

verifying SHA using VST Freek Wiedijk last paper in the reading list of Type Theory & Coq

verifying SHA using VST Freek Wiedijk last paper in the reading list of Type Theory & Coq 20152016 Radboud University Nijmegen June 16, 2016 0 SHA and VST SHA = Secure Hash Algorithm VST = Verified Software

740 views • 69 slides
WORLD WORLD WORLD WORLD WORLD WORLD En End of of the Br Bron onze Age ME MEETI NG 8

WORLD WORLD WORLD WORLD WORLD WORLD En End of of the Br Bron onze Age ME MEETI NG 8

2/20/20 CIVILIZATIONS CIVILIZATIONS CIVILIZATIONS CIVILIZATIONS CIVILIZATIONS CIVILIZATIONS OF OF OF OF OF OF ANCIENT ANCIENT ANCIENT ANCIENT ANCIENT ANCIENT THE THE THE THE THE THE WORLD WORLD WORLD WORLD WORLD WORLD

316 views • 8 slides
T M Cre a ting K 12 Co nve rsa tio ns & Co nditio ns with the 6Cs: e xplo ring sha re d

T M Cre a ting K 12 Co nve rsa tio ns & Co nditio ns with the 6Cs: e xplo ring sha re d

T M Cre a ting K 12 Co nve rsa tio ns & Co nditio ns with the 6Cs: e xplo ring sha re d c ulture , c urric ulum & c o nc lusio ns Alpine Sc ho o l Distric t K 12 T e a m: Dr. Amy Mine r, Dr. Jo e Je nse n, Bria n Jo lle y, Sha

915 views • 89 slides
Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c

Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c

11/11/2019 Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c ka ma n, T yle r & Ha g e n, P.C. E thic s Compe te nc e A la wye r sha ll pr ovide c ompe te nt r e pr e se ntation to a c

153 views • 11 slides
Prt rt

Prt rt

Prt rt s rt rst trs st

626 views • 36 slides
SpongeFiles Mitigating Data Skew in MapReduce Using Distributed Memory Khaled Elmeleegy

SpongeFiles Mitigating Data Skew in MapReduce Using Distributed Memory Khaled Elmeleegy

SpongeFiles Mitigating Data Skew in MapReduce Using Distributed Memory Khaled Elmeleegy Benjamin Reed Christopher Olston Turn Inc. Facebook Inc. Google Inc. kelmeleegy@turn.com br33d@fb.com olston@google.com 1 Background

434 views • 25 slides
Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2

Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2

Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Eurocrypt 2013 Athens, Greece, May 28th, 2013 1 / 57 Symmetric crypto: what textbooks and intros say Symmetric

915 views • 67 slides
Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics Summer school on real-world crypto and privacy ibenik, Croatia, June 2019 Based on joint work with Elena Andreeva, Guido Bertoni, Joan Daemen,

907 views • 88 slides
Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with Peter Gai (IST Austria) wr0ng Paris, April 30, 2017 The Sponge Construction [BDP V A08] M {0,1}* M 1 M 2 M L r-bit blocks: r 0 H (M)

820 views • 42 slides
The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin and Axel Poschmann I2R

The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin and Axel Poschmann I2R

Introduction Generalized Sponge Serial MDS PHOTON Security Conclusion The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin and Axel Poschmann I2R and NTU ECRYPT II Hash Workshop 2011 Tallinn, Estonia Introduction

579 views • 33 slides
KangarooTwelve draft-viguier-kangarootwelve-00 t Viguier 1 Beno CFRG Meeting, July 18, 2017

KangarooTwelve draft-viguier-kangarootwelve-00 t Viguier 1 Beno CFRG Meeting, July 18, 2017

KangarooTwelve draft-viguier-kangarootwelve-00 t Viguier 1 Beno CFRG Meeting, July 18, 2017 1 Radboud University, Nijmegen, The Netherlands 1 / 12 What is KangarooTwelve ? An extendable output function (XOF) like SHAKE128, with: an

355 views • 22 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides

More recommend