Secured Hash Function Efficient hardware implementation by Liron Cohen Based on “LFSR-based Hashing and Authentication” by Hugo Krawvzyk (IBM)

Slides:

Advertisements

Similar presentations

1 KCipher-2 KDDI R&D Laboratories Inc.. ©KDDI R&D Laboratories Inc. All rights Reserved. 2 Introduction LFSR-based stream ciphers Linear recurrence between.

Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Enhanced matrix multiplication algorithm for FPGA Tamás Herendi, S. Roland Major UDT2012.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

1 Parallel Scientific Computing: Algorithms and Tools Lecture #2 APMA 2821A, Spring 2008 Instructors: George Em Karniadakis Leopold Grinberg.

The Hash Function “Fugue” Shai Halevi William E. Hall Charanjit S. Jutla IBM T. J. Watson Research Center.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.

10.2 Characteristics of Computer Memory RAM provides random access Most RAM is volatile.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :

HASH ALGORITHMS - Chapter 12

HSC: Building Stream Cipher from Secure Hash Functions Juncao Li Nov. 29 th 2007 Department of Computer Science Portland State University.

By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Hashing (Message Digest) Hello There.

1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Generating Random Numbers in Hardware. Two types of random numbers used in computing: --”true” random numbers: ++generated from a physical source (e.g.,

XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

PARALLEL TABLE LOOKUP FOR NEXT GENERATION INTERNET

Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF.

AES Background and Mathematics CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Topic 22: Digital Schemes (2)

Stream Ciphers Making the one-time pad practical.

Analyzing and Testing a justified Prime Number Jeong-kyu YANG Seok-kyu Kang ( Mid-term Presentation )

13. Other Block Ciphers 13.1 LUCIFER 13.2 MADRYGA 13.3 NEWDES 13.4 FEAL 13.5 REDOC 13.6 LOKI.

Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

Confidentiality Confidentiality is maintained so long as private keys are secure. Authenticity is possible via public-key encryption by encrypting messages.

Linear Feedback Shift Register. 2 Linear Feedback Shift Registers (LFSRs) These are n-bit counters exhibiting pseudo-random behavior. Built from simple.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.

Network Security Lecture 18 Presented by: Dr. Munam Ali Shah.

TOPIC : Signature Analysis. Introduction Signature analysis is a compression technique based on the concept of (CRC) Cyclic Redundancy Checking It realized.

Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.

A High-Speed Hardware Implementation of the LILI-II Keystream Generator Paris Kitsos...in cooperation with Nicolas Sklavos and Odysseas Koufopavlou Digital.

PRNGs Pseudo-random number generation. Randomness and Cryptography Randomness and pseudo-randomness are useful in cryptography: –To generate random and.

多媒體網路安全實驗室 Practical Searching Over Encrypted Data By Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: GLOBECOM 2010, 2010 IEEE.

Lecture 5B Block Diagrams HASH Example.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 10 September 21, 2004.

OSPFv3 Auto-Config IETF 83, Paris Jari Arkko, Ericsson Acee Lindem, Ericsson.

The Advanced Encryption Standard Part 2: Mathematical Background

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

CS440 Computer Networks 1 Link State Routing and OSPF Neil Tang 10/31/2008.

Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

UltraSparc IV Tolga TOLGAY. OUTLINE Introduction History What is new? Chip Multitreading Pipeline Cache Branch Prediction Conclusion Introduction History.

Cryptography CSS 329 Lecture 13:SSL.

Forward Secure Signatures on Smart Cards A. Hülsing, J. Buchmann, C. Busold | TU Darmstadt | A. Hülsing | 1.

Design of OCDMA Demonstrator Yun Ping Yang, Alireza Hodjat, Herwin Chan, Eric Chen, Josh Conway.

Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions.

หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.

CS 206D Computer Organization

Cryptographic Hash Functions Part I

One Time Signature.

Hashing Hash are the auxiliary values that are used in cryptography.

Pseudorandom Numbers Network Security.

Hash Function Requirements

Cryptography Lecture 15.

Presentation transcript:

Secured Hash Function Efficient hardware implementation by Liron Cohen Based on “LFSR-based Hashing and Authentication” by Hugo Krawvzyk (IBM)

LFSR-based Hash LFSR-based (Toeplitz) hashing, same as in RSS. Given a key of m bits returns hash value of n bits ( ). Guarantees that, Where. Note that in the (best) random case. In our framework of m=188b, n=32b we get, Where in the random case we get.

Example The secret key that generates this matrix is Compute the hash result via matrix multiplication :

Example Compute the hash value via our algorithm : Secret key Hash Result – Message –

Overview

Hash Type Advertises what message length should the hash expect, 4 options : 00IPv6 - message length is (2B+2B+16B+16B=) 36B 01IPv4 - message length is (2B+2B+4B+4B=) 12B 10Reduced IPv6 - message length is (2B+2B+16B+1B=) 21B 11Reduced IPv4 - message length is (2B+2B+4B+1B=) 9B

Seed Instead of generating pseudo-random bit sequence with LFSR we can receive a seed (secret key) from the firmware/driver. For IPv4 the seed should be (2B+2B+4B+4B+32b=) 16 Bytes long. For IPv6 the seed should be (2B+2B+16B+16B+32b=) 40 Bytes long. Note that the number should be generated by a LFSR with connections corresponding to the coefficients of an irreducible polynomial.

Mask Type Determines the output size in bits. Value between We will use different mask types for different uses, for example : On-die search – mask_type = (hash_result[10:0]) Off-die search for iScsi – mask_type = (hash_result[9:0]) Off-die search for RDMA – mask_type = (hash_result[16:0])

Timing Assuming low power, 65nm process, pipelined – Throughput of 1 hash result per cycle Latency of 4 cycles per hash result.

Implementation