Abstract
In a recent note to the NIST hash-forum list, the following observation was presented: narrow-pipe hash functions differ significantly from ideal random functions H:{0,1}N →{0,1}n that map bit strings from a big domain where \(N=n+m,\ m\geq n\) (n = 256 or n = 512). Namely, for an ideal random function with a big domain space {0,1}N and a finite co-domain space Y = {0,1}n, for every element y ∈ Y, the probability \(Pr\{H^{-1}(y) = \varnothing\} \approx e^{-2^{m}} \approx 0\) where H − 1(y) ⊆ {0,1}N and \(H^{-1}(y) = \{x \ |\ H(x)=y \}\) (in words - the probability that elements of Y are “unreachable” is negligible). However, for the narrow-pipe hash functions, for certain values of N (the values that are causing the last padded block that is processed by the compression function of these functions to have no message bits), there exists a huge non-empty subset Y ∅ ⊆ Y with a volume \(|Y_\varnothing|\approx e^{-1}|Y|\approx 0.36 |Y|\) for which it is true that for every \(y \in Y_\varnothing,\ H^{-1}(y) = \varnothing\).
In this paper we extend the same finding to SHA-2 and show consequences of this abberation when narrow-pipe hash functions are employed in HMAC and in two widely used protocols: 1. The pseudo-random function defined in SSL/TLS 1.2 and 2. The Password-based Key Derivation Function No.1, i.e, PBKDF1.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: CCS 1993: Proceedings of the 1st ACM conference on Computer and Communications Security, pp. 62–73 (1993)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: 30th STOC, pp. 209–218 (1998)
Gligoroski, D.: Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains. NIST hash-forum mailing list (May 7, 2010)
National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (November 2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf (2009/04/10)
Aumasson, J.-P., Henzen, L., Meier, W., Phan, R. C.-W.: SHA-3 proposal BLAKE, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/BLAKE_Round2.zip (2010/05/03)
Kücük, Ö.: The Hash Function Hamsi, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Hamsi_Round2.zip (2010/05/03)
Biham, E., and Dunkelman, O.: The SHAvite-3 Hash Function, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/SHAvite-3_Round2.zip (2010/05/03)
Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., and Walker, J.: The Skein Hash Function Family, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Skein_Round2.zip (2010/05/03)
NIST FIPS PUB 180-2: Secure Hash Standard, National Institute of Standards and Technology, U.S. Department of Commerce (August 2002)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (August 2008)
RSA Laboratories. PKCS #5 v2.1: Password-Based Cryptography Standard (October 5, 2006)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (February 1997)
Flajolet, P., Odlyzko, A.M.: Random mapping statistics. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 329–354. Springer, Heidelberg (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gligoroski, D., Klima, V. (2011). Practical Consequences of the Aberration of Narrow-Pipe Hash Designs from Ideal Random Functions. In: Gusev, M., Mitrevski, P. (eds) ICT Innovations 2010. ICT Innovations 2010. Communications in Computer and Information Science, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19325-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-19325-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19324-8
Online ISBN: 978-3-642-19325-5
eBook Packages: Computer ScienceComputer Science (R0)