Upcoming SlideShare
×

# Graph based cryptographic hash functions

1,503 views

Published on

Published in: Education, Technology
1 Like
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

Views
Total views
1,503
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
25
0
Likes
1
Embeds 0
No embeds

No notes for slide

### Graph based cryptographic hash functions

1. 1. Graph-Based Cryptographic Hash Functions<br />Dan Nichols<br />Advisor: Dr. MukkaiKrishnamoorthy<br />Rensselaer Polytechnic Institute<br />May 6th, 2011<br />
2. 2. Introduction<br />Cryptographic hash function<br />A mathematical function with some special properties which make it useful for security and authentication<br />We write f(m) = d where m is the message or input and d is the digestor output. The message is a string of any size; the digest is a string of a fixed length determined by the hash function.<br />Used for:<br />Message integrity checking<br />Password authentication<br />
3. 3. Without a cryptographic hash function<br />Login prompt<br />Computer Hard Drive<br />List of Passwords:<br />Alice Palice<br />Bob Pbob<br />…<br />Username<br />Password<br />check<br />Permission to access computer system <br />
4. 4. With a cryptographic hash function<br />Login prompt<br />Computer Hard Drive<br />Username<br />Password<br />List of Digests:<br />Alice f(Palice)<br />Bob f(Pbob)<br />…<br />f<br />Username<br />f(Password)<br />check<br />Permission to access computer system <br />
5. 5. Cryptographic Hash Functions<br />A cryptographic hash function f must have three special properties:<br />Preimage resistance: Given a digest d, it is very hard to find a message m such that d = f(m)<br />Second preimage resistance: Given a message m1, it is very hard to find another message m2 such that f(m1) = f(m2).<br />Collision resistance: It must be very hard to find any two messages m1 and m2 such that f(m1) = f(m2).<br />
6. 6. Cryptographic Hash Functions<br />What does it mean for breaking a cryptosystem to be “very hard”?<br />Generally, it means that solving the problem would take more time and resources (computing power) than those available to anyone who would want to solve it.<br />But this isn’t really a mathematical definition; it is dependent on political and economic factors.<br />A cryptographic hash function that is provably secure is one that can be mathematically proven to be at least as hard as certain very difficult mathematical problems.<br />most commonly-used hash functions like SHA-1 are not provably secure.<br />
7. 7. Provably Secure Cryptographic Hash Functions<br />One possible hash function to consider is the function HamHash, proposed by MaikeMassierer in a bachelor’s thesis.<br />Massierer argues that this function is provably secure.<br />HamHash is based on a mathematical problem called the Hamiltonian Cycle Problem, or HCP.<br />
8. 8. Hamiltonian Cycle Problem<br />The Hamiltonian Cycle Problem is as follows:<br />Given a graph G, does G contain a cycle which passes through every node in the graph exactly once and contains no duplicate edges?<br />If so, we say G is Hamiltonian.<br />This problem is NP-complete<br />Example Hamiltonian Cycle<br />Credit: Wikipedia<br />
9. 9. HamHash<br />HamHash creates as its digest a large Hamiltonian graph.<br />The function HamHash is made up of three parts:<br />RED<br />CYC<br />GRAPH<br />HamHash<br />RED<br />CYC<br />GRAPH<br />message<br />digest<br />
10. 10. RED<br />Input: binary string m (message)<br />Output: binary string m’ of length l<br />This function reduces the message to a fixed size in a secure way<br />Massierer suggests using an existing hash function like SHA-256<br />
11. 11. CYC<br />Input: binary string m’ of length l<br />Output: n-permutation N representing a Hamiltonian cycle<br />This function maps the string m’ to a permutation on n vertices, which corresponds to a Hamiltonian cycle<br />There are (n-1)!/2 possible permutations after accounting for duplicate cycles, so we need to choose n such that 2l ≤ (n-1)!/2<br />
12. 12. GRAPH<br />Input: n-permutation N representing a Hamiltonian cycle<br />Output: graph adjacency matrix G (this is the digest of HamHash)<br />This function adds many randomly chosen edges to the Hamiltonian cycle N<br />These edges disguise the Hamiltonian cycle, making it (hopefully) very hard to find<br />
13. 13. HamHash Overview<br />Binary string<br />𝑚<br /> <br />RED<br />truncation<br />Binary string, length 𝑙<br /> <br />𝑚′<br /> <br />Mapping to an n-permutation, which represents a Hamiltonian cycle<br />CYC<br />𝑁<br /> <br />Hamiltonian cycle<br />GRAPH<br />Adding random edges<br />Graph (adjacency matrix)<br />𝐺<br /> <br />
14. 14. HamHash Functionality<br />To authenticate using a normal, deterministic hash function, we would calculate f(m) and check to see whether f(m) = d.<br />With HamHash, we instead calculate the Hamiltonian cycle associated with m using RED and CYC and check to see if this cycle is contained in the digest graph G.<br />
15. 15. How secure is HamHash?<br />Massierer argues that HamHash is provably secure because finding a pre-image for a given digest graph G requires finding a Hamiltonian cycle in G.<br />Therefore breaking HamHash is at least as difficult as the HCP, which is known to be mathematically very difficult.<br />However, the problem is that while HCP is very hard in the worst case, in reality most instances of HCP can be solved quickly.<br />This is similar to the Subset-Sum Problem, which has been suggested for cryptographic applications in the past<br />There exist algorithms for HCP which are quick and successful for nearly all graphs<br />
16. 16. Empirical testing<br />We generated many random graphs similar to those produced by HamHash, of varying size and density<br />We tested a heuristic algorithm proposed by Bollobás, Fenner, and Frieze, modified by Keydar, and implemented in C++ by Nivasch.<br />Based on our data, the SemiHam algorithm was nearly always successful in finding a Hamiltonian cycle very quickly. It only failed for some very sparse graphs, as expected.<br />A backtracking algorithm would be better suited to these graphs.<br />
17. 17. Empirical testing<br />p<br />Time (µs)<br />n<br />
18. 18. Conclusions<br />In practice, given a digest graph G, it is fairly easy for an attacker to find a Hamiltonian cycle in this graph and therefore to determine the output of the function RED<br />HamHash is not suitable for practical use<br />It is still possible that some other more complex hash function based on the HCP could be better<br />Designing a provably secure cryptographic hash function is harder than it seems<br />It’s not enough to just use a mathematical problem that is theoretically difficult; we need one that is hard in practice.<br />HamHash<br />RED<br />CYC<br />GRAPH<br />message<br />digest<br />
19. 19. End<br />Thank you for your attention<br />