Catálogo de publicaciones - libros

Hermes8 [6,7] is one of the stream ciphers submitted to the ECRYPT Stream Cipher Project (eSTREAM [3]). In this paper we present an analysis of the Hermes8 stream ciphers. In particular, we show an attack on the latest version of the cipher (Hermes8F), which requires very few known keystream bytes and recovers the cipher secret key in less than a second on a normal PC. Furthermore, we make some remarks on the cipher’s key schedule and discuss some properties of ciphers with similar algebraic structure to Hermes8.

In this paper, we present an algebraic analysis of the LILI family of stream ciphers, and in particular LILI-II, and investigate the security provided against both standard and fast algebraic attacks. We show that the size of the two registers used, the difference between their lengths, the maximum number of times a register is clocked and the degree of the filter function all play important roles in providing resistance against algebraic attacks. Further, we show that the degree 10 filter function used in LILI-II has an algebraic immunity (AI) of 4. Using this, a fast algebraic attack can be performed on LILI-II that significantly reduces the attack complexity, although not to such a degree that it is more efficient than exhaustive key search. These algebraic attacks recover the internal state of the cipher rather than the key bits. We investigate the role of the initialization process in providing resistance to algebraic attacks aimed at key recovery. The investigation shows that, generally, for the LILI family of stream ciphers, the complexity of recovering key bits using algebraic attacks is much worse than exhaustive key search because of the very high degree equations generated during the initialization process.

NLS is a stream cipher proposal submitted to eSTREAM project. In SAC 2006 Cho and Pieprzyk presented a linear distinguishing attack called Crossword Puzzle attack on NLS where they have shown that the bias of the distinguisher is around (2). In this work we have proposed a new function modular which is nonlinear in nature and strongly resistant against Linear Cryptanalysis. Replacing the modular addition in the nonlinear filter (NLF) of NLS we have shown that the Crossword puzzle attack presented by Cho and Pieprzyk can be prevented. In the modified NLS the bias of the linear distinguisher reduces to around (2). Also we have shown that the implementation cost of modular , in terms of hardware and time delay, is less than modular addition. The proposed function could be an interesting alternative to modular addition, due to its better cryptographic properties and lesser implementation cost.

In this paper, we propose a new construction algorithm for finding differential paths of Round 1 of -1 for use in the collision search attack. Generally, the differential path of Round 1 is very complex, and it takes much time to find one by hand. Therefore, we propose a new search algorithm that consists of three sub searches, naming the forward search, the backward search, and the joint search, so that we can find a differential path by computers. By implementing our new algorithm and doing some experiments on a computer, we actually found 383 differential paths in the joint search that are different from Wang’s. Since it is designed by quite a new policy, our algorithm can search a range of space that was not examined by existing algorithms.

The parallel FFT-Hashing function was designed by C. P. Schnorr and S. Vaudenay in 1993. The function is a simple and light weight hash algorithm with 128-bit digest. Its basic component is a multi-permutation which helps in proving its resistance to collision attacks.

In this work we show a preimage attack on the parallel FFT-Hashing function using 2 + 2 time complexity and 2 memory, which is less than the generic complexity 2. Specifically, when  = 32 , we can find a preimage using 2 time and 2 memory. Our method can be described as “disseminative-meet-in-the-middle-attack”. we actually use the properties of multi-permutation (helpful against collision attack) to our advantage in the attack. Overall, this type of attack (beating the generic one) demonstrates that the structure of the parallel FFT-Hashing function has some weaknesses when preimage attack is considered (and relevant). To the best of our knowledge,this is the first attack on the parallel FFT-Hashing function.

In this article, we focus on second preimages for iterated hash functions. More precisely, we introduce the notion of a -block bypass which is closely related to the notion of second preimage but specifies additional properties. We will then give two examples of iterated hash functions to which this notion applies: a double-block length hash function and a single-block length hash function. Furthermore, we look at NMAC and HMAC and show the implications of a -block bypass regarding forgery attacks. As a result it turns out that the impact of second preimages for NMAC and HMAC heavily depends on how the second preimages are constructed.

Recent advances in hash functions cryptanalysis provide a strong impetus to explore new designs. This paper describes a new hash function that depends for its security on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. While provably achieving pre-image resistance for a hash function based on multivariate equations is relatively easy, naïve constructions using multivariate equations are susceptible to collision attacks. In this paper, therefore, we describe a mechanism—also using multivariate quadratic polynomials—yielding the collision-free property we seek while retaining provable pre-image resistance. Therefore, offers an intriguing companion proposal to the provably collision-free hash function .

This work deals with the security challenges in authentication protocols employing volatile biometric features, where the authentication is indeed a comparison between a fresh biometric template and that enrolled during the enrollment phase. We propose a security model for biometric-based authentication protocols by assuming that the biometric features to be public. Extra attention is paid to the privacy issues related to the sensitive relationship between a biometric feature and the relevant identity. Relying on the Goldwasser-Micali encryption scheme, we introduce a protocol for biometric-based authentication and prove its security in our security model.

A new, soft two-level approach for the generation of multiple and revocable biometric keys, adapted to the analog nature of biometric signals, is proposed. It consists of a novel soft code-offset construction for the Euclidean metric, applied at the first level, and a code-redundancy construction for the Hamming metric, preferably based on a Reed-Solomon code, applied at the second level. The Shannon entropy analysis shows that the new construction achieves maximal possible security. It is also shown that the previously proposed constructions for the Euclidean metric are vulnerable to biometric template reconstruction in the multiple-key scenario.

In this paper, we point out flaws in existing secret sharing schemes against cheating. Namely, we show that a scheme proposed by Ghodosi and Pieprzyk presented at ACISP 2000 and a one by Obana and Araki presented at Asiacrypt 2006 are both insecure against single cheater. We further show that the scheme by Obana can be made secure by slight modification.