Improving security of lightweith SHA-3 against preimage attacks

Authors

  • Serhii Onopa Warsaw University of Technology, (pl. Politechniki 1, 00-661, Warsaw, Poland)
  • Zbigniew Kotulski Warsaw University of Technology, (pl. Politechniki 1, 00-661, Warsaw, Poland) http://orcid.org/0000-0002-1149-7863

Abstract

In this article we describe the SHA-3 algorithm and its internal permutation in which potential weaknesses are hidden.  The hash algorithm can be used for different purposes, such as pseudo-random bit sequences generator, key wrapping or one pass authentication, especially in weak devices (WSN, IoT, etc.). Analysis of the function showed that successful preimage attacks are possible for low round hashes, protection from which only works with increasing the number of rounds inside the function. When the hash function is used for building lightweight applications, it is necessary to apply a small number of rounds, which requires additional security measures. This article proposes a variant improved hash function protecting against preimage attacks, which occur on SHA-3. We suggest using an additional external randomness sources obtained from a lightweight PRNG or from application of the source data permutation.

References

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document, http: //keccak.noekeon.org/Keccak-main-2.1.pdf.

FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf.

Najjar M., Stokłosa J., The nonlinearity of homogenous Boolean functions and the design of strong cryptographic algorithms. Burakowski W., Wieczorek A. (eds.), Regional Conference on Military Communication and Information Systems. Zegrze 1999, Vol. 2, 71–76.

Chengxin Qu, Seberry J., Pieprzyk J., Homogenous bent functions (preprint), University of Wollongong, NSW, Australia 1998.G. Eason, B. Noble, and I.N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving products of Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529-551, April 1955. (references)

Bertoni G., Daemen J., Peeters M., and Assche G., Sponge-based pseudo-random number generators, CHES 2010: Cryptographic Hardware and Embedded Systems, CHES 2010 p.33-47.

Borowski M., Gliwa R., Rozwój algorytmów uwierzytelnionego szyfrowania, www.wil.waw.pl/art_prac/2014/PTiWT_8-9_14_3.pdf.

https://en.bitcoin.it/wiki/Hashcash

Dinur I., Security Evaluation of SHA-3, https://www.cryptrec.go.jp/estimation/techrep_id2402.pdf.

Dinur I., P Morawiecki P., J Pieprzyk J., Srebrny M., Straus M., Cube Attacks and Cube-attack-like Cryptanalysis on the Round-reduced Keccak Sponge Function, https://eprint.iacr.org/2014/736.

Morawiecki P., Malicious Keccak, https://eprint.iacr.org/2015/1085.

Morawiecki P., Pieprzyk J., Srebrny M., and Straus M.: Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis, https://eprint.iacr.org/2013/561.

Dinur I., Morawiecki P., J Pieprzyk J., Srebrny M., Straus M., Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function, https://eprint.iacr.org/2014/259.pdf

Morawiecki P., Pieprzyk J and Srebrny M. Rotational cryptanalysis of round-reduced Keccak. IACR Cryptology ePrint Archive, 20 12, pp. 546-562.

Chang D. , Kumar A., Morawiecki P., Sanadhya S., 1st and 2nd Preimage Attacks on 7, 8 and 9 Rounds of Keccak-224,256,384,512, http://csrc.nist.gov/groups/ST/hash/sha-3/Aug2014/documents/chang_paper_sha3_2014_workshop.pdf.

Najjar M., Stokłosa J., Petra-2 cryptographic hash function, NATO Regional Conference on Military Communications and Information Systems 2001, Zegrze, 2001, vol. I, 317–320.

Lathrop J., Cube Attacks on Cryptographic Hash Functions, http://scholarworks.rit.edu/cgi/viewcontent.cgi?article=1653&context=theses.

Sekar G., Bhattacharya S., Practical (Second) Preimage Attacks on TCS SHA-3, https://eprint.iacr.org/2013/150.pdf.

NIST SP 800-22rev1a, A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications, April 27, 2010.

https://csrc.nist.gov/projects/hash-functions/sha-3-project

Dinur I., and Shami A, Cube Attacks on Tweakable Black Box Polynomials, https://eprint.iacr.org/2008/385.pdf

Borowski M., Cryptographic Applications of the Duplex Construction, https://journals.umcs.pl/ai/article/download/3389/2583.

Sekar G., Bhattacharya S., Practical (Second) Preimage Attacks on TCS SHA-3, https://eprint.iacr.org/2013/150.pdf.

Downloads

Published

2018-04-27

Issue

Section

Cryptography and Cybersecurity