Cryptanalysis of Chaos-Based Hash Function (CBHF) Mahmoud Maqableh Stefan Dantchev

Durham University - UK

Outline Outline

Introduction Literature Survey Chaos-Based Hash Function (CBHF) Cryptanalysis of CBHF Conclusion Future Works

Introduction

Cryptography
Cryptography is the art and science of encrypt and decrypt data to be protected while it store or transfer over insecure networks.
Plaintext Ciphertext
LfY*kUu? L fY* #hTEF #h TEF m CoL; } m ;  U QW/ U W / U7$FQ[ U7$FQ[ L$| z| L$ | rP rP U QW @;D; W {k4 3~

Encryption Algorithm

Cryptanalysis is the arts and sciences of studying and analyzing cryptographic techniques to break them.

Cryptology Parts

Cryptology

Cryptography

Cryptanalysis

Symmetric

Asymmetric

Hash Function

Block Cipher

Stream Cipher

Confidentiality

Un-keyed Hash

Keyed Hash

Key Exchange

Digital Signature

Chaos Theory

is a branch of mathematics that studies the behaviour of certain dynamical systems, which may be highly sensitive to initial conditions. A dynamical system is chaotic if 1. it is sensitive to initial conditions, 2. it is topologically mixing, and 3. its periodic orbits are dense.

Chaos Theory

Examples of Chaotic Maps or Attractors are: 1. Lorenz Attractors. 2. Logistic Map. 3. Tent Map. 4. Henon Map.

Lorenz Attractors

dx/dt = delta * (y - x). dy/dt = r * x - y - x * z. dz/dt = x * y - b * z.

ogistic Map
( ,1 ( ,1 r 1 ], x1 1 )
xn + =rx n (1 xn ) 1

ent Map

x [0, 1] r [0, 2]

Literature Survey

Chaos in Cryptography

Chaos theory has attracted the cryptography field due to it characteristics, such as deterministic nature, unpredictable, random-look nature and its sensitivity to initial value

Chaos in Cryptography

In 2007, J. Zhang, X. Wang, and W. Zhang described it is weak collision resistance because the hash space will not fully covered from these three points and if the message is too short the key could be attacked. In 2008, a research group published paper about design new hash function based on Chaos theory (CHA-1), This algorithm has two disadvantages: CHA-1 algorithm build based on two simple functions, which are similar to design of SHA-1 and it could effect by Wang et al. attack.

1)

Chaos in Cryptography

2) CHA-1 is three times slower than SHA-1 and it will be slower with increase the message size.

Recently, M. Amin, O.S. Faragallah, and A.A. Abd El-Latif (2009) suggested simple implementation to un-keyed hash function using tent map (CBHF), they explained the general idea of their new hash function in one paragraph, without given enough details how it works.
M0 M1 ..... .
H1 K2

Mt

Mn-1

K0

H0

K1

Kt

Ht

Kt+1

Kn-1

Hn-1

Hn

Chaos-Based Hash Function (CBHF)

Chaos-Based Hash Function (CBHF)

A Cryptography hash function should be: Collision-free Public The security of the hash function shouldn't in the secure of the process M. Amin et al. suggested a new hash function based on chaos theory for cryptography applications. They suggested simple implementation of an unkeyed hash function, using well known chaotic tent map, and can be use as keyed hash function

Chaos-Based Hash Function (CBHF)

The proposed hash function works by dividing the input message into 1024-bit blocks If the last message block size is less than 1024 bit, it will padded by adding a single one followed by the necessary number of zeros.
Message
M0
K0 H0 K1

M1
H1

.... ..
K2 Kt

Mt
Ht

Kt+1 Kn-1

Mn-1
Hn-1 Hn

Chaos-Based Hash Function (CBHF)

The final hash value will be128 bits The final hash value is calculated as: Hn = Kn-1 Hn-1 .

In general, Hn = K0 H1 H2 H3 ..... Hn-1 . where K0 is the initial value of the tent map

Cryptanalysis of CBHF

Cryptanalysis of CBHF
Unkeyed Version

The tent map T has two inputs (Ki, Mi). It is not clear from the paper, which one corresponds to x and which one to r. so, in our analysis, we will work the two cases out separately.

In any case, we work under the following assumptions:

1. 2. 3.

The initial value K0 is public in unkeyed hash function Either Hi = TMi (Ki) OR Hi = Tki (Mi). Ki = Ki-1 Hi-1, thus ..... Hn-1 .

Hn = K0 H1 H2 H3

Cryptanalysis of CBHF

We will now show how to break the CBHF in a very strong sense.

Given any (partial) message M`0 M`1 M`n-2, then we can compute the last block M`n-1,so that the hash value of M` is the same as value of M.

For this end, we first calculate K`n-1, then we calculate the value of the last block message M`n-1 satisfying the following: Hn = K`n-1 H`n-1

H`n-1 = K`n-1

Hn

Cryptanalysis of CBHF

Mn-1 ` M0`
K0` H0` K1`

M1`
H1`

.... ..
K2` Kn-2`

Mn-2`
Hn-2` Kn-1`

Mn-1 `
Hn-1` Hn`

H`n=Hn

Hn = Kn-1 Hn-1

H`n = K`n-1 H`n-1

Cryptanalysis of CBHF

We know that H`n-1 is obtained in one of the following two ways, which we consider separately.

1- H`n-1 = TM`n-1(K`n-1) H`n-1 = M`n-1K, M`n-1 = (H`n-1 / K) K = K`n-1 OR 1-K`n-1

Cryptanalysis of CBHF

2- H`n-1 = TK`n-1(M`n-1) H`n-1 = K`n-1M, M = (H`n-1 / K`n-1)

M = M`n-1 OR 1-M`n-1

Then we calculate the value of M`n-1 as follow:

Examples OF Unkeyed version of CBHF Example one case 1: H`n-1 = TM`n-1(K`n-1)

Message`
M1`
H0` K1` H1`

M0`
K0`

.... ..
K2` Kn-2`

Mn-2`
Hn-2` 0.50 Hn-1`

0.625

Example OF Unkeyed version of CBHF

Message`
M0`
K0` H0` K1`

Mn-1 ` .... .. Mn-2`

Hn-2` 0.50

M1`
H1`

0.25
0.125 0.625

K2`

Kn-2`

Example OF Unkeyed version of CBHF

Check the values:

Example OF Unkeyed version of CBHF Example two case 2 : H`n-1 = TK`n-1(M`n-1)

Message`
M1`
H0` K1` H1`

M0`
K0`

.... ..
K2` Kn-2`

Mn-2`
Hn-2` 0.625 Hn-1`

0.75

Example OF Unkeyed version of CBHF

Cryptanalysis of CBHF - Unkeyed Version

Real Collision Example of Unkeyed Version of CBHF

Cryptanalysis of CBHF

Keyed Version

In this case, the initial value K0 is unknown key. The final hash value Hn(M) is known So, we can append any new part to the original message M, say M`=MnMn+1 Mn+m-2

Then use the procedure of Unkeyed CBHF to determine the value of the last block Mn+m-1

Hn+m = Hn.

Cryptanalysis of CBHF - Keyed Version

Message
M0
K0 H0 K1 H1

Mn .... .. Mn-1
Hn-1 Kn Hn

.... .. .... ..
Hn+1 Kn+1 Kn+m-1

Mn+m-1 Mn+m-1
Hn+m-1 Hn+m

M1

Mn

K2

Kn-1

Cryptanalysis of CBHF - Keyed Version

Real Collision Example of Keyed Version of CBHF

Cryptanalysis of CBHF - Keyed Version

Real Collision Example of Keyed Version of CBHF

Conclusion

Conclusion

We have shown how to break the recently proposed Keyed and Unkeyed versions of hash function based on chaos theory (CBHF).

Our attacks show that we can easily find two totally different messages that have the same hash value.

Therefore, both the keyed and the Unkeyed hash versions of CBHF are totally unsecure.

Future works

Future works

Finding and designing new hash functions that work better than the current existences hash functions.

Utilize Chaotic Maps to design new cryptography algorithms. Finding and designing framework of new hash functions based on Chaotic Maps

Thanks for Listening

Happy to answer questions and hear comments