Mahmoud Maqableh Stefan Dantchev

Cryptanalysis of Chaos-Based Hash Function (CBHF)

Durham University - UK

OutlineOutline

Introduction

Literature Survey

Chaos-Based Hash Function (CBHF)

Cryptanalysis of CBHF

Conclusion

Future Works

Introduction

Cryptography is the art and science of encrypt and decrypt data to be protected while it store or transfer over insecure networks.

Cryptography

Encryption AlgorithmEncryption Algorithm

CiphertextPlaintext

؛؛L„èL„èىىfY’fY’جقجق**kUu?kUu?

ؤإ# ؤإ#ق TE¦FTE¦F،،¬ ¥m¬ ¥mآآhhقCoLCoLڑڑ ے; ے;و �µµë‹‡}²U�닇}²Uو ٌٌèè/ƒ/ƒجىجىWWژضژضQQککؤؤùù©]©]ههU7ë$FQU7ë$FQ••پپâ²îL$â²îL$أأ¼¼üüھھ|�|�ƒƒچچèèممz|z|rPµôrPµô،،³÷° ³÷° UU ٌٌèèککQQژضژضW W @;D;{@;D;{ززk’k’ گ~ گ~ف �43�43ف

Cryptanalysis is the arts and sciences of studying and analyzing cryptographic techniques to break them.

CryptologyCryptology

CryptographyCryptography CryptanalysisCryptanalysis

Asymmetric Symmetric Hash Function

Confidentiality

Digital SignatureKey Exchange

Keyed HashUn-keyed HashStream CipherBlock Cipher

Cryptology Parts

A dynamical system is chaotic if

1. it is sensitive to initial conditions,

2. it is topologically mixing, and

3. its periodic orbits are dense.

Chaos Theory

is a branch of mathematics that studies the behaviour of certain dynamical systems, which may be highly sensitive to initial conditions.

Chaos Theory

Examples of Chaotic Maps or Attractors are:

1. Lorenz Attractors.

2. Logistic Map.

3. Tent Map.

4. Henon Map.

Lorenz Attractors

dx/dt = delta * (y - x).

dy/dt = r * x - y - x * z.

dz/dt = x * y - b * z.

Logistic Map

nnn xrxx

xr

1

1,0 ,4,0

1

0

Tent Map

x [0, 1]

r [0, 2]

Literature Survey

Chaos in Cryptography

Chaos theory has attracted the cryptography field due to it characteristics, such as deterministic nature, unpredictable, random-look nature and its sensitivity to initial value

Chaos in Cryptography

In 2007, J. Zhang, X. Wang, and W. Zhang described it is weak collision resistance because the hash space will not fully covered from these three points and if the message is too short the key could be attacked.

In 2008, a research group published paper about design new hash function based on Chaos theory (CHA-1),

This algorithm has two disadvantages:

1) CHA-1 algorithm build based on two simple functions, which are similar to design of SHA-1 and it could effect by Wang et al. attack.

Chaos in Cryptography

2) CHA-1 is three times slower than SHA-1 and it will be slower with increase the message size.

Recently, M. Amin, O.S. Faragallah, and A.A. Abd El-Latif (2009) suggested simple implementation to un-keyed hash function using tent map (CBHF), they explained the general idea of their new hash function in one paragraph, without given enough details how it works.

Mt …… Mn-1M0 M1

T T T T

…......

K0 H0 K1H1 K2

HtKt+1Kt

Kn-1Hn-1 Hn

…

Chaos-Based Hash Function (CBHF)

Chaos-Based Hash Function (CBHF)

A Cryptography hash function should be:• Collision-free • Public• The security of the hash function shouldn't in the secure of

the process

M. Amin et al. suggested a new hash function based on chaos theory for cryptography applications.

They suggested simple implementation of an unkeyed hash function, using well known chaotic tent map, and can be use as keyed hash function

Chaos-Based Hash Function (CBHF)

The proposed hash function works by dividing the input message into 1024-bit blocks

If the last message block size is less than 1024 bit, it will padded by adding a single one followed by the necessary number of zeros.

Message

Mt …… Mn-1M0 M1 …......

T T T T

K0 H0 K1H1 K2

HtKt+1Kt

Kn-1Hn-1 Hn

… …

Chaos-Based Hash Function (CBHF)

The final hash value will be128 bits

The final hash value is calculated as:

Hn = Kn-1 Hn-1 .

In general,

Hn = K0 H1 H2 H3 ..... Hn-1 .

where K0 is the initial value of the tent map

Cryptanalysis of CBHF

Cryptanalysis of CBHF

Unkeyed Version

The tent map T has two inputs (Ki, Mi). It is not clear from the

paper, which one corresponds to x and which one to r. so, in our

analysis, we will work the two cases out separately.

In any case, we work under the following assumptions:

1. The initial value K0 is public in unkeyed hash function

2. Either Hi = TMi (Ki) OR Hi = Tki (Mi).

3. Ki = Ki-1 Hi-1, thus

Hn = K0 H1 H2 H3 ..... Hn-1 .

Cryptanalysis of CBHF

We will now show how to break the CBHF in a very strong

sense.

Given any (partial) message M`0 M`1 ………… M`n-2,

then we can compute the last block M`n-1,so that the hash value

of M` is the same as value of M.

For this end, we first calculate K`n-1, then we calculate the value

of the last block message M`n-1 satisfying the following:

Hn = K`n-1 H`n-1 H`n-1 = K`n-1 Hn

Cryptanalysis of CBHF

Mn-2` Mn-1 `M0` M1` …......

T T T T

K0` H0

` K1` H1

` K2` Hn-2`Kn-2` Kn-1` Hn-1` Hn`

…

Mn-1 `

H`n=Hn

Hn = Kn-1 Hn-1 H`n = K`n-1 H`n-1

Cryptanalysis of CBHF

We know that H`n-1 is obtained in one of the following two

ways, which we consider separately.

1- H`n-1 = TM`n-1(K`n-1)

H`n-1 = M`n-1K, K = K`n-1 OR 1-K`n-1

M`n-1 = (H`n-1 / K)

Cryptanalysis of CBHF

2- H`n-1 = TK`n-1(M`n-1)

H`n-1 = K`n-1M, M = M`n-1 OR 1-M`n-1

M = (H`n-1 / K`n-1)

Then we calculate the value of M`n-1 as follow:

Examples OF Unkeyed version of CBHF

Message`

Mn-2`M0` M1` …......

T T T T

K0` H0

` K1` H1

` K2` Hn-2`Kn-2` 0.50 Hn-1`

0.625

…

Example one – case 1: H`n-1 = TM`n-1(K`n-1)

Example OF Unkeyed version of CBHF

Mn-2` 0.25M0` M1` …......

T T T T

K0` H0

` K1` H1

` K2` Hn-2`Kn-2` 0.50 0.125 0.625

…

Message` Mn-1 `

Example OF Unkeyed version of CBHF

Check the values:

Example OF Unkeyed version of CBHF

Message`

Mn-2`M0` M1` …......

T T T T

K0` H0

` K1` H1

` K2` Hn-2`Kn-2` 0.625 Hn-1`

0.75

…

Example two – case 2 : H`n-1 = TK`n-1(M`n-1)

Example OF Unkeyed version of CBHF

Cryptanalysis of CBHF - Unkeyed Version

Real Collision Example of Unkeyed Version of CBHF

Cryptanalysis of CBHF

Keyed Version

In this case, the initial value K0 is unknown key.

The final hash value Hn(M) is known

So, we can append any new part to the original message M, say

M`=MnMn+1 ……Mn+m-2

Then use the procedure of Unkeyed CBHF to determine the

value of the last block Mn+m-1

Hn+m = Hn.

Cryptanalysis of CBHF - Keyed Version

Message

Mn-1M0 M1 …......

T T T T

K0

H0 K1H1 K2

Hn-1Kn-1

Kn

Hn+1 Kn+m-1

…

Mn

T

Hn+m-1 Hn+m

Mn+m-1

Kn+1

…

…......

Mn Mn+m-1…......

Hn

Cryptanalysis of CBHF - Keyed Version

Real Collision Example of Keyed Version of CBHF

Cryptanalysis of CBHF - Keyed Version

Real Collision Example of Keyed Version of CBHF

Conclusion

We have shown how to break the recently proposed Keyed and

Unkeyed versions of hash function based on chaos theory (CBHF).

Our attacks show that we can easily find two totally different

messages that have the same hash value.

Therefore, both the keyed and the Unkeyed hash versions of CBHF

are totally unsecure.

Conclusion

Future works

Finding and designing new hash functions that work better than the

current existences hash functions.

Utilize Chaotic Maps to design new cryptography algorithms.

Finding and designing framework of new hash functions based on

Chaotic Maps

Future works

Happy to answer questions and hear comments

Thanks for Listening