Date post: | 29-Apr-2015 |
Category: |
Documents |
Upload: | majid-khan |
View: | 9 times |
Download: | 1 times |
Mahmoud Maqableh Stefan Dantchev
Cryptanalysis of Chaos-Based Hash Function (CBHF)
Durham University - UK
OutlineOutline
Introduction
Literature Survey
Chaos-Based Hash Function (CBHF)
Cryptanalysis of CBHF
Conclusion
Future Works
Introduction
Cryptography is the art and science of encrypt and decrypt data to be protected while it store or transfer over insecure networks.
Cryptography
Encryption AlgorithmEncryption Algorithm
CiphertextPlaintext
؛؛L„èL„èىىfY’fY’جقجق**kUu?kUu?
ؤإ# ؤإ#ق TE¦FTE¦F،،¬ ¥m¬ ¥mآآhhقCoLCoLڑڑ ے; ے;و �µµë‹‡}²U�닇}²Uو ٌٌèè/ƒ/ƒجىجىWWژضژضQQککؤؤùù©]©]ههU7ë$FQU7ë$FQ••پپâ²îL$â²îL$أأ¼¼üüھھ|�|�ƒƒچچèèممz|z|rPµôrPµô،،³÷° ³÷° UU ٌٌèèککQQژضژضW W @;D;{@;D;{ززk’k’ گ~ گ~ف �43�43ف
Cryptanalysis is the arts and sciences of studying and analyzing cryptographic techniques to break them.
CryptologyCryptology
CryptographyCryptography CryptanalysisCryptanalysis
Asymmetric Symmetric Hash Function
Confidentiality
Digital SignatureKey Exchange
Keyed HashUn-keyed HashStream CipherBlock Cipher
Cryptology Parts
A dynamical system is chaotic if
1. it is sensitive to initial conditions,
2. it is topologically mixing, and
3. its periodic orbits are dense.
Chaos Theory
is a branch of mathematics that studies the behaviour of certain dynamical systems, which may be highly sensitive to initial conditions.
Chaos Theory
Examples of Chaotic Maps or Attractors are:
1. Lorenz Attractors.
2. Logistic Map.
3. Tent Map.
4. Henon Map.
Lorenz Attractors
dx/dt = delta * (y - x).
dy/dt = r * x - y - x * z.
dz/dt = x * y - b * z.
Logistic Map
nnn xrxx
xr
1
1,0 ,4,0
1
0
Tent Map
x [0, 1]
r [0, 2]
Literature Survey
Chaos in Cryptography
Chaos theory has attracted the cryptography field due to it characteristics, such as deterministic nature, unpredictable, random-look nature and its sensitivity to initial value
Chaos in Cryptography
In 2007, J. Zhang, X. Wang, and W. Zhang described it is weak collision resistance because the hash space will not fully covered from these three points and if the message is too short the key could be attacked.
In 2008, a research group published paper about design new hash function based on Chaos theory (CHA-1),
This algorithm has two disadvantages:
1) CHA-1 algorithm build based on two simple functions, which are similar to design of SHA-1 and it could effect by Wang et al. attack.
Chaos in Cryptography
2) CHA-1 is three times slower than SHA-1 and it will be slower with increase the message size.
Recently, M. Amin, O.S. Faragallah, and A.A. Abd El-Latif (2009) suggested simple implementation to un-keyed hash function using tent map (CBHF), they explained the general idea of their new hash function in one paragraph, without given enough details how it works.
Mt …… Mn-1M0 M1
T T T T
…......
K0 H0 K1H1 K2
HtKt+1Kt
Kn-1Hn-1 Hn
…
Chaos-Based Hash Function (CBHF)
Chaos-Based Hash Function (CBHF)
A Cryptography hash function should be:• Collision-free • Public• The security of the hash function shouldn't in the secure of
the process
M. Amin et al. suggested a new hash function based on chaos theory for cryptography applications.
They suggested simple implementation of an unkeyed hash function, using well known chaotic tent map, and can be use as keyed hash function
Chaos-Based Hash Function (CBHF)
The proposed hash function works by dividing the input message into 1024-bit blocks
If the last message block size is less than 1024 bit, it will padded by adding a single one followed by the necessary number of zeros.
Message
Mt …… Mn-1M0 M1 …......
T T T T
K0 H0 K1H1 K2
HtKt+1Kt
Kn-1Hn-1 Hn
… …
Chaos-Based Hash Function (CBHF)
The final hash value will be128 bits
The final hash value is calculated as:
Hn = Kn-1 Hn-1 .
In general,
Hn = K0 H1 H2 H3 ..... Hn-1 .
where K0 is the initial value of the tent map
Cryptanalysis of CBHF
Cryptanalysis of CBHF
Unkeyed Version
The tent map T has two inputs (Ki, Mi). It is not clear from the
paper, which one corresponds to x and which one to r. so, in our
analysis, we will work the two cases out separately.
In any case, we work under the following assumptions:
1. The initial value K0 is public in unkeyed hash function
2. Either Hi = TMi (Ki) OR Hi = Tki (Mi).
3. Ki = Ki-1 Hi-1, thus
Hn = K0 H1 H2 H3 ..... Hn-1 .
Cryptanalysis of CBHF
We will now show how to break the CBHF in a very strong
sense.
Given any (partial) message M`0 M`1 ………… M`n-2,
then we can compute the last block M`n-1,so that the hash value
of M` is the same as value of M.
For this end, we first calculate K`n-1, then we calculate the value
of the last block message M`n-1 satisfying the following:
Hn = K`n-1 H`n-1 H`n-1 = K`n-1 Hn
Cryptanalysis of CBHF
Mn-2` Mn-1 `M0` M1` …......
T T T T
K0` H0
` K1` H1
` K2` Hn-2`Kn-2` Kn-1` Hn-1` Hn`
…
Mn-1 `
H`n=Hn
Hn = Kn-1 Hn-1 H`n = K`n-1 H`n-1
Cryptanalysis of CBHF
We know that H`n-1 is obtained in one of the following two
ways, which we consider separately.
1- H`n-1 = TM`n-1(K`n-1)
H`n-1 = M`n-1K, K = K`n-1 OR 1-K`n-1
M`n-1 = (H`n-1 / K)
Cryptanalysis of CBHF
2- H`n-1 = TK`n-1(M`n-1)
H`n-1 = K`n-1M, M = M`n-1 OR 1-M`n-1
M = (H`n-1 / K`n-1)
Then we calculate the value of M`n-1 as follow:
Examples OF Unkeyed version of CBHF
Message`
Mn-2`M0` M1` …......
T T T T
K0` H0
` K1` H1
` K2` Hn-2`Kn-2` 0.50 Hn-1`
0.625
…
Example one – case 1: H`n-1 = TM`n-1(K`n-1)
Example OF Unkeyed version of CBHF
Mn-2` 0.25M0` M1` …......
T T T T
K0` H0
` K1` H1
` K2` Hn-2`Kn-2` 0.50 0.125 0.625
…
Message` Mn-1 `
Example OF Unkeyed version of CBHF
Check the values:
Example OF Unkeyed version of CBHF
Message`
Mn-2`M0` M1` …......
T T T T
K0` H0
` K1` H1
` K2` Hn-2`Kn-2` 0.625 Hn-1`
0.75
…
Example two – case 2 : H`n-1 = TK`n-1(M`n-1)
Example OF Unkeyed version of CBHF
Cryptanalysis of CBHF - Unkeyed Version
Real Collision Example of Unkeyed Version of CBHF
Cryptanalysis of CBHF
Keyed Version
In this case, the initial value K0 is unknown key.
The final hash value Hn(M) is known
So, we can append any new part to the original message M, say
M`=MnMn+1 ……Mn+m-2
Then use the procedure of Unkeyed CBHF to determine the
value of the last block Mn+m-1
Hn+m = Hn.
Cryptanalysis of CBHF - Keyed Version
Message
Mn-1M0 M1 …......
T T T T
K0
H0 K1H1 K2
Hn-1Kn-1
Kn
Hn+1 Kn+m-1
…
Mn
T
Hn+m-1 Hn+m
Mn+m-1
Kn+1
…
…......
Mn Mn+m-1…......
Hn
Cryptanalysis of CBHF - Keyed Version
Real Collision Example of Keyed Version of CBHF
Cryptanalysis of CBHF - Keyed Version
Real Collision Example of Keyed Version of CBHF
Conclusion
We have shown how to break the recently proposed Keyed and
Unkeyed versions of hash function based on chaos theory (CBHF).
Our attacks show that we can easily find two totally different
messages that have the same hash value.
Therefore, both the keyed and the Unkeyed hash versions of CBHF
are totally unsecure.
Conclusion
Future works
Finding and designing new hash functions that work better than the
current existences hash functions.
Utilize Chaotic Maps to design new cryptography algorithms.
Finding and designing framework of new hash functions based on
Chaotic Maps
Future works
Happy to answer questions and hear comments
Thanks for Listening