Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

1,503 views

Published on

No Downloads

Total views

1,503

On SlideShare

0

From Embeds

0

Number of Embeds

11

Shares

0

Downloads

25

Comments

0

Likes

1

No embeds

No notes for slide

- 1. Graph-Based Cryptographic Hash Functions<br />Dan Nichols<br />Advisor: Dr. MukkaiKrishnamoorthy<br />Rensselaer Polytechnic Institute<br />May 6th, 2011<br />
- 2. Introduction<br />Cryptographic hash function<br />A mathematical function with some special properties which make it useful for security and authentication<br />We write f(m) = d where m is the message or input and d is the digestor output. The message is a string of any size; the digest is a string of a fixed length determined by the hash function.<br />Used for:<br />Message integrity checking<br />Password authentication<br />
- 3. Without a cryptographic hash function<br />Login prompt<br />Computer Hard Drive<br />List of Passwords:<br />Alice Palice<br />Bob Pbob<br />…<br />Username<br />Password<br />check<br />Permission to access computer system <br />
- 4. With a cryptographic hash function<br />Login prompt<br />Computer Hard Drive<br />Username<br />Password<br />List of Digests:<br />Alice f(Palice)<br />Bob f(Pbob)<br />…<br />f<br />Username<br />f(Password)<br />check<br />Permission to access computer system <br />
- 5. Cryptographic Hash Functions<br />A cryptographic hash function f must have three special properties:<br />Preimage resistance: Given a digest d, it is very hard to find a message m such that d = f(m)<br />Second preimage resistance: Given a message m1, it is very hard to find another message m2 such that f(m1) = f(m2).<br />Collision resistance: It must be very hard to find any two messages m1 and m2 such that f(m1) = f(m2).<br />
- 6. Cryptographic Hash Functions<br />What does it mean for breaking a cryptosystem to be “very hard”?<br />Generally, it means that solving the problem would take more time and resources (computing power) than those available to anyone who would want to solve it.<br />But this isn’t really a mathematical definition; it is dependent on political and economic factors.<br />A cryptographic hash function that is provably secure is one that can be mathematically proven to be at least as hard as certain very difficult mathematical problems.<br />most commonly-used hash functions like SHA-1 are not provably secure.<br />
- 7. Provably Secure Cryptographic Hash Functions<br />One possible hash function to consider is the function HamHash, proposed by MaikeMassierer in a bachelor’s thesis.<br />Massierer argues that this function is provably secure.<br />HamHash is based on a mathematical problem called the Hamiltonian Cycle Problem, or HCP.<br />
- 8. Hamiltonian Cycle Problem<br />The Hamiltonian Cycle Problem is as follows:<br />Given a graph G, does G contain a cycle which passes through every node in the graph exactly once and contains no duplicate edges?<br />If so, we say G is Hamiltonian.<br />This problem is NP-complete<br />Example Hamiltonian Cycle<br />Credit: Wikipedia<br />
- 9. HamHash<br />HamHash creates as its digest a large Hamiltonian graph.<br />The function HamHash is made up of three parts:<br />RED<br />CYC<br />GRAPH<br />HamHash<br />RED<br />CYC<br />GRAPH<br />message<br />digest<br />
- 10. RED<br />Input: binary string m (message)<br />Output: binary string m’ of length l<br />This function reduces the message to a fixed size in a secure way<br />Massierer suggests using an existing hash function like SHA-256<br />
- 11. CYC<br />Input: binary string m’ of length l<br />Output: n-permutation N representing a Hamiltonian cycle<br />This function maps the string m’ to a permutation on n vertices, which corresponds to a Hamiltonian cycle<br />There are (n-1)!/2 possible permutations after accounting for duplicate cycles, so we need to choose n such that 2l ≤ (n-1)!/2<br />
- 12. GRAPH<br />Input: n-permutation N representing a Hamiltonian cycle<br />Output: graph adjacency matrix G (this is the digest of HamHash)<br />This function adds many randomly chosen edges to the Hamiltonian cycle N<br />These edges disguise the Hamiltonian cycle, making it (hopefully) very hard to find<br />
- 13. HamHash Overview<br />Binary string<br />𝑚<br /> <br />RED<br />truncation<br />Binary string, length 𝑙<br /> <br />𝑚′<br /> <br />Mapping to an n-permutation, which represents a Hamiltonian cycle<br />CYC<br />𝑁<br /> <br />Hamiltonian cycle<br />GRAPH<br />Adding random edges<br />Graph (adjacency matrix)<br />𝐺<br /> <br />
- 14. HamHash Functionality<br />To authenticate using a normal, deterministic hash function, we would calculate f(m) and check to see whether f(m) = d.<br />With HamHash, we instead calculate the Hamiltonian cycle associated with m using RED and CYC and check to see if this cycle is contained in the digest graph G.<br />
- 15. How secure is HamHash?<br />Massierer argues that HamHash is provably secure because finding a pre-image for a given digest graph G requires finding a Hamiltonian cycle in G.<br />Therefore breaking HamHash is at least as difficult as the HCP, which is known to be mathematically very difficult.<br />However, the problem is that while HCP is very hard in the worst case, in reality most instances of HCP can be solved quickly.<br />This is similar to the Subset-Sum Problem, which has been suggested for cryptographic applications in the past<br />There exist algorithms for HCP which are quick and successful for nearly all graphs<br />
- 16. Empirical testing<br />We generated many random graphs similar to those produced by HamHash, of varying size and density<br />We tested a heuristic algorithm proposed by Bollobás, Fenner, and Frieze, modified by Keydar, and implemented in C++ by Nivasch.<br />Based on our data, the SemiHam algorithm was nearly always successful in finding a Hamiltonian cycle very quickly. It only failed for some very sparse graphs, as expected.<br />A backtracking algorithm would be better suited to these graphs.<br />
- 17. Empirical testing<br />p<br />Time (µs)<br />n<br />
- 18. Conclusions<br />In practice, given a digest graph G, it is fairly easy for an attacker to find a Hamiltonian cycle in this graph and therefore to determine the output of the function RED<br />HamHash is not suitable for practical use<br />It is still possible that some other more complex hash function based on the HCP could be better<br />Designing a provably secure cryptographic hash function is harder than it seems<br />It’s not enough to just use a mathematical problem that is theoretically difficult; we need one that is hard in practice.<br />HamHash<br />RED<br />CYC<br />GRAPH<br />message<br />digest<br />
- 19. End<br />Thank you for your attention<br />

No public clipboards found for this slide

Be the first to comment