Cryptographic hash functions: analysis, design and implementation

密码哈希函数：分析、设计和实现

• 批准号: 312274-2010
• 负责人: Youssef, Amr
• 金额: $ 3.2万
• 依托单位: Concordia University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2013
• 资助国家: 加拿大
• 起止时间: 2013-01-01 至 2014-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=526460
• 关键词: Cryptographic; hash; functions; analysis; design

Cryptographic hash functions can be considered as the workhorse of cryptography and they are sprinkled all over security protocols. In spite of this, hash functions are arguably the least well-understood cryptographic primitives, and hashing techniques are much less developed than encryption techniques. Cryptanalysis during the early 2000s has shown that widely used hash functions offered only a very limited security margin. A completely new chapter in the history of analysis of Merkle-Damgård (MD)-like designs was opened when Chinese cryptanalysts managed to enhance multi-block differential cryptanalysis to a point that finding collisions for MD5 became very easy and a substantial reduction of the security margin was obtained for SHA-1. Soon after the first collisions for MD5 have been found, it was shown how such collisions can be used to mislead integrity checking software and to produce documents with popular formats that collide under MD5. Furthermore, MD5 collisions were also used to create a rogue certification authority. In response to these dramatic cryptanalytic attacks, the National Institute for Standards and Technology (NIST) has decided to develop one or more additional hash functions. Consequently, in November 2007, the NIST has announced the launch of the SHA-3 competition to select a new hash function family. The objective of this research is to investigate the design and analysis of efficient families of provably secure hash functions. In particular, we aim to (i) Formalize both the design and the practice of cryptanalysis of hash functions by introducing more sound concepts from mathematics (ii) Produce a theory to quantify the resistance of iterated hash functions to a large set of cryptanalytic attacks, and (iii) Develop a new alternative to the current MD-like iterative structures which can be used to bring practical hash functions closer to the random oracle model. The cryptographic primitives that will be investigated in this project are the main focus of the cryptographic and security communities from both academia and industry. Consequently, the findings of this project are expected to be of high significance because of its impact on a very wide range of security products and applications.

加密散列函数可以被认为是密码学的主力，它们遍布在安全协议中。 尽管如此，散列函数可以说是最不容易理解的加密原语，而且散列技术的发展远不如加密技术。21世纪初的密码分析表明，广泛使用的哈希函数只能提供非常有限的安全裕度。当中国密码分析师设法增强多块差分密码分析时，发现MD5的冲突变得非常容易，并且SHA-1的安全裕度大幅降低时，类似Merkle-Damgård（MD）设计的分析历史上打开了一个全新的篇章。在发现MD5的第一个冲突后不久，就显示了这种冲突如何被用来误导完整性检查软件，并产生在MD5下冲突的流行格式的文档。此外，MD5冲突也被用来创建流氓证书颁发机构。为了应对这些引人注目的密码分析攻击，美国国家标准与技术研究所（NIST）决定开发一个或多个额外的哈希函数。因此，在2007年11月，NIST宣布启动SHA-3竞赛，以选择新的哈希函数家族。本研究的目的是探讨设计和分析的有效族的可证明安全的哈希函数。特别是，我们的目标是（i）通过从数学中引入更多合理的概念来形式化哈希函数的密码分析的设计和实践（ii）产生一种理论来量化迭代哈希函数对大量密码分析攻击的抵抗力，及（iii）发展一个新的替代方案，以取代现时的MD-类似于可用于使实际散列函数更接近随机预言模型的迭代结构。本项目中将研究的密码原语是学术界和工业界密码和安全社区的主要焦点。因此，该项目的研究结果预计将具有重要意义，因为它对广泛的安全产品和应用产生影响。