›› 2013,Vol. 28 ›› Issue (1): 159-164.doi: 10.1007/s11390-013-1320-x

• Special Section on Selected Paper from NPC 2011 • 上一篇    下一篇

缩减轮数DASH的密码分析

Shu-Sheng Liu (刘树生), Zheng Gong* (龚征), and Li-Bin Wang (王立斌), Member, CCF   

  • 收稿日期:2012-02-27 修回日期:2012-06-29 出版日期:2013-01-05 发布日期:2013-01-05
  • 基金资助:

    The work is supported by the National Natural Sciences Foundation of China under Grant No. 61100201 and Foundation for Distinguished Young Talents in Higher Education of Guangdong Province of China under Grant No. LYM11053.

Cryptanalysis of Reduced-Round DASH

Shu-Sheng Liu (刘树生), Zheng Gong* (龚征), and Li-Bin Wang (王立斌), Member, CCF   

  1. School of Computer Science, South China Normal University, Guangzhou 510631, China
  • Received:2012-02-27 Revised:2012-06-29 Online:2013-01-05 Published:2013-01-05
  • Supported by:

    The work is supported by the National Natural Sciences Foundation of China under Grant No. 61100201 and Foundation for Distinguished Young Talents in Higher Education of Guangdong Province of China under Grant No. LYM11053.

PDF (PC)

1339

在密码学中,哈希函数是一种输入任意长度消息输出固定长度摘要的函数.它用于保护数据的完整性.密码界对不同哈希函数做了大量的密码分析.由于王小云等人在哈希函数的密码分析领域的突破,广泛使用的哈希函数(MD5,SHA-1等)的安全性受到严重威胁.哈希函数DASH由Billet等人在ACISP 2008提出.在DASH的设计过程中,Billet等人认为“当前哈希函数的设计有点散乱”.因此,他们回归到AES竞赛开始时的方式设计DASH-256和DASH-512.在那时,密码界已经有丰富的分组密码设计理论和经验.通过借鉴最后一轮AES竞赛的两个候选算法Rijndael和RC6的设计,他们希望可以设计出好的哈希函数.到目前为止,没有第三方发表对DASH-256或DASH-512的密码学安全性分析.唯一的密码分析结果是由DASH设计者提出的3轮 A256 的Local collision 攻击,以及 3轮 A256A512 至少包含5个活跃的S-boxes的安全边界.本文第一次给出了DASH-256的第三方密码分析,首先我们主要分析了DASH-256的主要部件 A256.其次,我们使用差分分析方法提出对8轮DASH-256压缩函数的一个区分攻击.最后我们利用两条短的高概率差分链构造出对9轮 A256 的飞来去器区分攻击.

Abstract: In ACISP 2008, the hash family DASH has been proposed by Billet et al., which considers the design of Rijndael and RC6. DASH family has two variants that support 256-bit and 512-bit output length respectively. This paper presents the first third-party cryptanalysis of DASH-256 with a focus on the underlying block cipher A256. In particular, we study the distinguisher using differential and boomerang attack. As a result, we build a distinguishing attack for the compression function of DASH-256 with 8-round A256 using the differential cryptanalysis. Finally, we obtain a boomerang distinguisher of 9-round A256.

[1] Wang X Y, Lai X J, Feng D G, Chen H, Yu X Y. Cryptanalysisof the hash functions MD4 and RIPEMD. In Proc. the24th EUROCRYPT 2005, May 2005, pp.1-18.
[2] Wang X Y, Yin Y L, Yu H B. Finding collisions in the fullSHA-1. In Proc. the 25th CRYPTO 2005, August 2005,pp.17-36.
[3] Wang X Y, Yu H B. How to break MD5 and other hash functions.In Proc. the 24th EUROCRYPT 2005, May 2005,pp.19-35.
[4] Wang X Y, Yu H B, Yin Y L. Efficient collision search attackson SHA-0. In Proc. the 25th CRYPTO 2005, August 2005,pp.1-16.
[5] Billet O, Robshaw M J B, Seurin Y, Yin Y L. Looking backat a new hash function. In Proc. the 13th ACISP 2008, July2008, pp.239-253.
[6] National Institute of Standards and Technology(NIST). Advanced encryption standard (AES).http://csrc.nist.gov/publications/fips197/fips-197.pdf.
[7] Rivest R L, Robshaw M J B, Sidney R, Yin Y L.The RC6TM block cipher (V1.1), August 20, 1998,www.people.csail.mit.edu/rivest/pubs/RRSY98.pdf.
[8] Wagner D. The Boomerang attack. In Proc. the 6th FSE,March 1999, pp.156-170.
[9] Biryukov A, Nikolic I, Roy A. Boomerang attacks on BLAKE-32. In Proc. the 18th FSE, February 2011, pp.218-237.
[10] Lamberger M, Mendel F. Higher-order differential attackon reduced SHA-256. Cryptology ePrint Archive, Report2011/037, 2011, http://eprint.iacr.org/2011/037.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 李卫华; 袁由光;. Error Recovery in a Real-Time Multiprocessor System[J]. , 1992, 7(1): 83 -87 .
[2] 郑宇华; 谢立; 孙钟秀;. Full Or-Parallemism and Restricted And-Parallelism in BTM[J]. , 1994, 9(4): 373 -381 .
[3] 陈珂; 石川真澄;. A Parallel Voting Scheme for Aspect Recovery[J]. , 1995, 10(5): 385 -402 .
[4] 余盛可;. Reasoning in H-Net: A Unified Approach to Intelligent Hypermedia Systems[J]. , 1996, 11(1): 83 -89 .
[5] 鞠九滨; 王勇; 尹玉;. Scheduling PVM Tasks[J]. , 1997, 12(2): 167 -176 .
[6] 孙玉方;. Hanzix and Chinese Open System Platform[J]. , 1997, 12(3): 283 -288 .
[7] 汪灏泓; 吴瑞迅; 蔡士杰;. A New Algorithm for Two-Dimensional Line Clipping via Geometric Transformation[J]. , 1998, 13(5): 410 -416 .
[8] Ewen Denney. Simply-typed Underdeterminism[J]. , 1998, 13(6): 491 -508 .
[9] 徐晓飞; 叶丹; 李全龙; 战德臣;. Dynamic Organization and Methodology for Agile Virtual Enterprises[J]. , 2000, 15(4): 368 -375 .
[10] 聂旭民; 郭青;. Renaming a Set of Non-Horn Clauses[J]. , 2000, 15(5): 409 -415 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: