mitigation and improving sha-1 hash standard using ...sameekhan.org/pub/a_k_2018_epscor.pdf ·...

Change ColorTheme:Thistemplateisdesignedtousethebuilt-incolorthemesin thenewerversionsofPowerPoint.Tochangethecolortheme,selecttheDesign tab,thenselecttheColors drop-downlist.

Thedefaultcolorthemeforthistemplateis“Office”,soyoucanalwaysreturntothataftertryingsomeofthealternatives.

PrintingYourPoster:Onceyourposterfileisready,visitwww.genigraphics.com toorderahigh-quality,affordableposterprint.EveryorderreceivesafreedesignreviewandwecandeliverasfastasnextbusinessdaywithintheUSandCanada.Genigraphics®hasbeenproducingoutputfromPowerPoint®longerthananyoneintheindustry;datingbacktowhenwehelpedMicrosoft®designthePowerPoint®software.

USandCanada:1-800-790-4001Email:info@genigraphics.com

[Thissidebarareadoesnotprint.]

Mitigation and Improving SHA-1 Hash Standard Using Collision Detection ApproachZeyad Al-Odat, and Samee Khan1,2

1North Dakota State University (NDSU), 2National Science Foundation (NSF)

[Zeyad A Al-Odat][North Dakota State University [NDSU Dept 2480, PO Box 6050][Zeyad.alodat@ndsu.edu][7017303344]

Contact [1] Eli Biham and Adi Shamir. differential cryptanalysis of des-like cryptosystems. Journal of CRYPTOLOGY, 4(1):3{72, 1991.[2] Xiaoyun Wang and Hongbo Yu. How to break md5 and other hash functions . In Eurocrypt, volume 3494, pages 19{35. Springer, 2005.[3] Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Finding collisions in the full sha-1. In Crypto, volume 3621, pages 17{36. Springer, 2005.[4] Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. The first collision for full sha-1. IACR Cryptology ePrint Archive, 2017:190, 2017.[5] Florent Chabaud and Antoine Joux. Differential collisions in sha-0. In Advances in CryptologyCRYPTO'98, pages 56{71. Springer, 1998.[6] Xiaoyun Wang, Hongbo Yu, and Yiqun Lisa Yin. Efficient collision search attacks on sha-0. In Annual International Cryptology Conference, pages 1{16. Springer, 2005.[7] Stephane Manuel and Thomas Peyrin. Collisions on sha-0 in one hour. Lecture Notes in Computer Science, 5086:16{35, 2008.[8] Marc Stevens. New collision attacks on sha-1 based on optimal joint local- collision analysis. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 245{261. Springer, 2013.[9] Marc Stevens. Counter-cryptanalysis. In Advances in Cryptology{CRYPTO 2013, pages 129{146. Springer, 2013.[10] Marc Stevens and Daniel Shumow. Speeding up detection of sha-1 collision attacks using unavoidable attack conditions. IACR Cryptology ePrint Archive, 2017:173, 2017.[11] Stephane Manuel. Classification and generation of disturbance vectors for collision attacks against sha-1. Designs, Codes and Cryptography, 59(1-3):247{263, 2011.

References

We introduce collision detection and an improved version of SHA-1 standard ,which helps to protect weak primitives from any possible collision attack , weproposed two designs to help protect and improve SHA-1 standard, the firstone employ near collision detection approach which previously proposed byMarc Stevens , and the second one is our proposal of detection of SHA-1collision attack using two block calculation scheme.

Abstract

Bothoftheabovementionedapproachesweretestedandverifiedforpartofthepublisheddisturbancevectors.Table2representstwomessagesthatcollidetothesamehashvalueoutput

Introduction

Enhanced SHA-1 Architecture:TheideaofcounterSHA-1collisionattackcanbedepictedinfigure3below,theinputmessageisprocessedandcheckedusingcollisiondetectionmechanism.

Collision Detection Mechanism : we are presenting two approaches forSHA-1 counter collision attack as seen in figures 4 and 5, by which we candetect any possibility of collision occurrence by only checking one message,and here comes the challenge , detect the collision from only one message,after that invalidate the output hash in case of collision.

Methods and Materials

We presented Counter Cryptanalyst method to protect SHA-1 hash functionfrom collision attack ,and improve the hash computation to support entitiesthat still using SHA-1 hash standard. The proposed approaches can be furtherimproved to get more secure and trusted SHA-1 hash function ,also helpspeed up the process of computing the hash values , as the new approachesmay consume more time to calculate the hash than original one. This workused to protect digital signature as seen in figure 7 below. Can be furtherimproved in term of speed and memory.

Discussion and Future Work

We are presenting two methods to improve SHA-1 standard against collisionattack, the first approach relay on Marc's approach for detecting SHA-1collision attack , the other approach take advantage of two block Collisonattack to help speed up the process of detecting collision.Truncated SHA-512/160 is suggested to replace suspicious message's hashoutputs.

Conclusions

SHA-1 Standard® : SHA-1standardfollowsMerkle-Damgard (MD)structure,inwhichittakesthemessageoflengthlessthan264anddivideitintoblocksandprocessthemsequentiallyascanbeseeninfigure1below.

SHA-1 Collision Attack : The main goal of SHA-1 collision attack , is to findtwo or more messages that lead to the same output hash. A two blockCollision Attack can be depicted in figure 2 below.

𝑊" = (W&'()⊕Wi-13 ⊕Wi-8 ⊕Wi-3 )

𝑊" = (W&+()≫ 1 ) ⊕ Wi+13 ⊕ Wi+8 ⊕ Wi+2

Results

Figure1. SHA-1StructureModel(MD).

Figure2. SHA-1CollisionAttack.

Figure3. GeneralArchitectureofSHA-1Collisiondetection

Figure4. FirstApproach Figure5. secondapproach

Figure6. Exampleoftwomessageswiththesamehashoutput

Figure6. AnotherExampleoftwomessageswiththesamehashoutput

Figure7. ProtectDigitalsignature

AcknowledgmentWewouldliketothanktheCenterforComputationallyAssistedScienceandTechnology(CCAST)ofNDSU.