Preneel, B.: Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven (Belgium) (1993)  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of bent functions is at most n=2 ) We refer to this as the naive bound on (the number of) bent functions. However, we know that for n = 6 (the highest number of variables for which the number of bent functions is known) the number of bent functions is approximately equal to 2 (cf. [26]) which is much less than 2 3 ) Also it has been checked experimentally that there is no hope of obtaining a bent function in 8 variables by picking a Boolean function of algebraic degree upper bounded by 4 at random. So a better upper bound is desirable. Siegenthaler s inequality [30] ....

B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph. D. Thesis, Katholieke Universiteit Leuven, K. Mercierlaan 94, 3001 Leuven, Belgium (1993).

....privacy and ownership of individual information while not impeding the flow of information. Our other related papers include [2, 3, 4, 5] 3. INTERSECTION 3. 1 A Simple, but Incorrect, Protocol A straightforward idea for computing the intersection VS VR would be to use one way hash functions [38]. Here is a simple protocol that appears to work: 1. Both S and R apply hash function h to their sets, yielding XS = h(VS ) fh(v) j v 2 VSg and XR = h(VR ) fh(v) j v 2 VRg: 2. S sends its hashed set XS to R. 3. R sets aside all v 2 VR for which h(v) 2 XS ; these values form the set VS VR ....

B. Preneel. Analysis and design of cryptographic hash functions. Ph.D. dissertation, Katholieke Universiteit Leuven, 1992.

....10,000 clock cycles may be available for security functions. The relative abundance of clock cycles suggest using few gates, many cycles as a design principle when considering low cost hash designs. A comprehensive analysis of cryptographic hash functions is available in Preneel s Ph.D. thesis [74]. Bakhtiari, Safavi Naini and Pieprzyk present a general survey on cryptographic hash functions [5] In Section 5.3.1 we will define one way and collision resistant hash functions. Section 5.3.2 presents several historical design approaches, which are not appropriate for low cost RFID. Sections ....

....not offer much promise for tags in the near future either. Theoretically secure hashes may also be based on algebraic matrices. For example, given an n n secret matrix K, the hash of message M may be defined as H(M) M t KM . Several weaknesses to these types of systems are pointed out in [74]. Unfortunately, hashing a message of, for example, 128 bits would require a key matrix of size approximately 512 bytes. Matrix operations of this size are beyond what is feasible for low cost tags. However, a small matrix based S box or sub hash function might be a useful building block in hash ....

[Article contains additional citation context not shown here]

Bart Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke University Leuven, January 1993.

....appears in the ACL. This optimization does not impair security: even though in theory two di erent public keys could produce the same SHA 1 hash, such an event is extremely unlikely to occur in practice since SHA 1 is considered to be a cryptographically secure, collision resistant hash function [6, 7]. Indeed, despite extensive research, no SHA 1 collisions have been found to date. 1.3.2 ACL example Each le and each directory in SFS has an associated ACL similar to the one below: 13 sys:anyuser:rl: alias:savvides:rldiwa: alias:dm:rldiwa: localgroup:sfsdev:rliw: ....

B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis, (Katholieke University Leuven, 1993)

....on the set of ane transforms. This seems infeasible for moderate m, due to a matrix having m bits. In fact it has been an open problem to demonstrate any other algorithm for distinguishing ane equivalence. One approach to this problem is suggested by the observation (due perhaps to Preneel[10]) that the absolute values in the Walsh Hadamard transform and the autocorrelation function are always re arranged by ane transforms, so the frequency distribution of the absolute values in these transforms is invariant under ane transform. Investigating this, we have found by inspection that this ....

B. Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Cathoic University of Leuven, 1994. 12 Appendix A - Equivalence Classes Properties

....Collision Resistant Hash functions, or simply Hash functions, have been used for producing secure checksums since the 1950 s. A hash function maps an arbitrary length message into a fixed length message digest, and can be used for mes sage integrity [Bakhtiari et al. 95a, Damggrd 89, Preneel 93] For this purpose, a sender calculates the message digest of the message and sends it appended to the message. The receiver verifies the checksum by recalculating it from the received message and comparing it with the received checksum (traditional hashing) It is assumed the the probability of ....

....on average d bits of information. Clearly, d c and 2 a computations are feasible. The checksum of a given message M is calculated as h(kl II II h(M) where kl is A s password, R is a randomly chosen (c d) bit number, and h 0 is a collision resistant hash function [Bakhtiari et al. 95a, Preneel 93] To verify the checksum, A exhaustively tests 2 c a possible values of R and calculates h(kl II R II h(M) for each candidate R GF(2C a) A match indicates that the checksum is valid, because h 0 is collision resistant. Since both kl and R, which have in total d (c d) c bits of uncertainty, ....

Preneel, B.: Analysis and Design of Cryptographic Hash Functions; PhD thesis, Katholieke University Leuven, 1993.

....functions in that starting from step 17 (i.e. once every message word has been used once) a linear recursion is applied to the array of 16 message words: every element of the array is computed as the exor of four other elements. Any message bit is now input to at least 28 and at most 36 steps [Pre93]. The additive constants K are di#erent per round, except for MD5, where each step has a di#erent K. The rotation constants s are di#erent per round and per chaining variable for MD4 and MD5, are fixed for SHA 1, and are di#erent per round and per message word for the RIPEMD sisters. The Boolean ....

B. Preneel, Analysis and design of cryptographic hash functions, Ph.D. thesis, K.U.Leuven, February 1993.

.... are an interesting alternative to signatures based on asymmetric cryptography [4, 5, 14, 18, 19, 28] One of their main advantages is that these signatures only rely on a one way function, which we can implement with a fast hash function (e.g. SHA 1 [22] or MD5 [29] or from a block cipher [16, 20, 26, 27]. These one time signature schemes are orders of magnitude faster than traditional signatures, so they may be an attractive alternative for small devices. However, some of these schemes have large 1 To save production costs, manufacturer deploy minimal microprocessors for the required task. Even ....

B. Preneel. Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven (Belgium), 1993.

....corrected digest of the desired value. This attack is often applied to the last block and is called correcting last block attack, although it can be applied to other blocks as well. Hash functions based on modular arithmetic are especially sensitive to the correcting last block attack (cf. Preneel [50]) The introduction of redundancy into the message in these schemes makes finding a correcting block with the necessary redundancy difficult. However, it makes the scheme less efficient. The difficulty of finding a correcting block depends on the nature of the redundancy introduced. For 16 ....

B. Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit, Leuven, 1993.

....when f = g and gives us the following Corollary 3.1 Let f be an n variable function. Then [C f (0) C f (2 n 1) H n = W 2 f (0) W 2 f (2 n 1) This result is called the Wiener Khintchine Theorem in continuous analysis and has also been obtained for Boolean functions [2, 17, 10]. Applying the inverse transform to the cross correlation vector gives the following Corollary 3.2 Let f; g be n variable functions. Then 2 n [C f;g (0) C f;g (2 n 1) W f (0)W g (0) W f (2 n 1)W g (2 n 1) H n : 3) Applying the inverse transform with g = f , gives ....

.... These facts are also stated in [1, Theorem 4(ii) Theorem 5(iv) However, the complementariness of the auto correlation of f; g and their perfect uncorrelatedness have not been considered in [1] 5 Propagation Characteristics The concept of propagation characteristics was introduced by Preneel [10]. Later investigations can be found in [3, 4, 8] Here we study the cross correlation between the sub functions of a function satisfying propagation characteristics. We characterize propagation characteristics in terms of the uncorrelatedness of its sub functions. By f X i =0 and f X i =1 we ....

[Article contains additional citation context not shown here]

B. Preneel. Analysis and design of cryptographic hash functions, doctoral dissertation, K.U. Leuven, 1993.

....and force the group to use its favorite key. Instead, what is sent is a plain version of the key, and this plain key should be hashed to generate the real new key. A hash function has a property that says that given x = h(y) where h is a hash function, it is impossible to recover x from y [57]. This property guarantees that a chosen plain key hashing to the same value as the real key cannot be found. The REQ KEY GEN message has a time stamp, so that, if more than one REQ KEY GEN message is received by a HS, it can discard the more recent ones. Also, HSs which have sent the newer ....

B. Preneel. Analysis and Design of Cryptographic Hash Functions. Phd thesis, Katholieke University, Leuven, January 1993.

.... length hash function if the size of the hashed value is m bits (2m bits, respectively) Essentially three types of single block length hash functions are believed to be secure [13] namely the schemes known as Matyas Meyer Oseas hash [10] Davies Meyer hash [3] and Miyaguchi Preneel hash [2] [14]. However, there exists a collision attack (the birthday attack) which succeeds with O(2 m=2 ) complexity for any single block length hash function. This complexity is no longer secure for m = 64 in today s technologies. This motivates the attempt to construct double block length hash functions ....

B. Preneel, Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven, Belgium, Jan. 1993.

....8 Lemma 6. Let g # W 2k 1 be a semi bent function with A = I and a = 1, 1, 1) Then g satisfies PC(2k) Lemma 7. If g is the concatenation g 0 g 1 , w # = w, w 2n 1 ) # W n 1 , then F g (w # ) F g 0 (w) 1) wn 1 F g 1 (w) The following result belongs to Preneel [7]. We define l b (x) b x. Lemma 8. For h on W n , a, b # W n , c # W 1 and a 2k 2k nonsingular matrix A, define g by g(x) h(Ax # a) # l b (x) # c. Then, F g (w) 1) c ( 1) A 1 a,w#b) F h ( A 1 ) t (w # b) It is not very di#cult to observe (see also [6] ....

B. Preneel, Analysis and design of cryptographic hash functions, Ph.D. dissertation, Katholieke Universiteit Leuven, 1993.

.... (double) block length hashfunctiC i the si2 of the hashed valuei mbi7 ( mbiEO resp ecti ely) Essenti2CW three types ofsi003 block length hash functic are beliE ed to be secure [13] namely the schemes known as Matyas Meyer Oseas hash [10] Davi37043 er hash [3] and Mi aguchi2E7W7C2 hash [ [14]. However, there exie2 acolliE2[ attack (thebie2EO y attack) whi h succeedswic O( m 2 )complexi y for anysiW gle block length hashfunctiE0 Thi complexi yi s no longer secure for m = 64i n today s technologi2[ Thi moti ates the attempt to construct double block length hashfunctiO3 [ 11] A ....

B. Preneel, "Analysis and Design of Cryptographic Hash Functions," Ph.D. thesis, Katholieke Universiteit Leuven, Belgium, Jan. 1993.

....as the number of m bit message blocks hashed per encryption, where m is the block size of the underlying cipher. Many early proposals for building fast hash functions have been broken; in particular, Knudsen, Lai, and Preneel cryptanalyzed a large class of double length hash functions of rate 1 [1 4, 8]. In ACISP 97, Yi and Lam proposed a new construction for building a hash function from a block cipher (e.g. IDEA) with m bit block width and 2m bit key size [10] Typically, we will have m = 64. The Yi Lam scheme has rate 1 and yields 2m bit outputs. With such high performance, it is an ....

B. Preneel, \Analysis and design of cryptographic hash functions," Doctoral dissertation, Katholieke Universiteit Leuven, 1993.

No context found.

B. Preneel, Analysis and design of cryptographic hash functions, PhD. Thesis, Katholieke Universiteit Leuven, 1993.

No context found.

Preneel, B.: Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven (Belgium) (1993)

No context found.

B. Preneel, Analysis and design of cryptographic hash functions, Ph.D thesis, KU Leuven(Belgium),February 1993.

No context found.

B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D Thesis, KU Leuven(Belgium),February 1993.

No context found.

B. Preneel. Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven, 1993.

No context found.

B. Preneel, Analysis and Design of Cryptographic Hash Functions. Leuven, Belgium: Katholieke Universiteit, Jan. 1993.

No context found.

Bart. Preneel, "Analysis and Design of Cryptographic Hash Functions", PhD thesis, Katholieke University Leuven, Jan 1993

No context found.

B. Preneel. Analysis and design of cryptographic hash functions. Ph.D. dissertation, Katholieke Universiteit Leuven, 1992.

No context found.

B. Preneel, Analysis and Design of Cryptographic Hash Functions, Doct Dissertation KULeuven, 1993.

No context found.

B. Preneel. Analysis and Design of Cryptographic Hash Functions. Phd thesis, Katholieke University Leuven, January 1993. 23

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC