A Uniform Class of Weak Keys for Universal Hash Functions
نویسندگان
چکیده
In this paper we investigate weak keys of universal hash functions (UHFs) from their combinatorial properties. We find that any UHF has a general class of keys, which makes the combinatorial properties totally disappear, and even compromises the security of the UHFbased schemes, such as the Wegman-Carter scheme, the UHF-then-PRF scheme, etc. By this class of keys, we actually get a general method to search weak-key classes of UHFs, which is able to derive all previous weak-key classes of UHFs found by intuition or experience. Moreover we give a weak-key class of the BRW polynomial function which was once believed to have no weak-key issue, and exploit such weak keys to implement a distinguish attack and a forgery attack against DTC a BRW-based authentication encryption scheme. Furthermore in Grain128a, with the linear structure revealed by weak-key classes of its UHF, we can recover any first (32 + b) bits of the UHF key, spending no more than 1 encryption and (2 + b) decryption queries.
منابع مشابه
Weak-Key Analysis of POET
We evaluate the security of the recently proposed authenticated encryption scheme POET with regard to weak keys when its universal hash functions are instantiated with finite field multiplications. We give explicit constructions for weak key classes not covered by POET’s weak key testing strategy, and demonstrate how to leverage them to obtain universal forgeries.
متن کاملRandomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes
We study the suitability of common pseudorandomness modes associated with cryptographic hash functions and block ciphers (CBCMAC, Cascade and HMAC) for the task of “randomness extraction”, namely, the derivation of keying material from semi-secret and/or semirandom sources. Important applications for such extractors include the derivation of strong cryptographic keys from non-uniform sources of...
متن کاملEfficient Strongly Universal and Optimally Universal Hashing
New hash families are analyzed, mainly consisting of the hash functions ha,b : {0, . . . , u− 1} → {0, . . . , r − 1}, x 7→ ( (ax+ b) mod(kr) ) div k. Universal classes of such functions have already been investigated in [5, 6], and used in several applications, e.g. [3, 9]. The new constructions which are introduced here, improve in several ways upon the former results. Some of them achieve a ...
متن کاملOn the Distribution of Keys by Hashing
The distribution of keys by a hash function as used in hash search with chaining is studied by considering the distribution of keys a random function from keys to buckets would give. This model gives surprisingly simple expressions for the mean value of some statistics on hash functions. It is also seen that the universal hash functions give the same distribution of keys, and so the results her...
متن کاملA Security Real-time Privacy Amplification Scheme in QKD System
Quantum Key Distribution (QKD) technology, based on the laws of physics, can create unconditional security keys between communication parties. In recent years, researchers draw more and more attention to the QKD technology. Privacy amplification is a very significant procedure in QKD system. In this paper, we propose the real-time privacy amplification (RTPA) scheme which converts the weak secr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017