Finding Bugs in Cryptographic Hash Function Implementations

Nicky Mouha; Mohammad S. Raunak; D. Richard Kuhn; Raghu Kacker

首页> 外文期刊>IEEE Transactions on Reliability >Finding Bugs in Cryptographic Hash Function Implementations

【24h】

Finding Bugs in Cryptographic Hash Function Implementations

机译：在加密哈希函数实现中查找错误

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cryptographic hash functions are security-critical algorithms with many practical applications, notably in digital signatures. Developing an approach to test them can be particularly difficult, and bugs can remain unnoticed for many years. We revisit the National Institute of Standards and Technology hash function competition, which was used to develop the SHA-3 standard, and apply a new testing strategy to all available reference implementations. Motivated by the cryptographic properties that a hash function should satisfy, we develop four tests. The Bit-Contribution Test checks if changes in the message affect the hash value, and the Bit-Exclusion Test checks that changes beyond the last message bit leave the hash value unchanged. We develop the Update Test to verify that messages are processed correctly in chunks, and then use combinatorial testing methods to reduce the test set size by several orders of magnitude while retaining the same fault-detection capability. Our tests detect bugs in 41 of the 86 reference implementations submitted to the SHA-3 competition, including the rediscovery of a bug in all submitted implementations of the SHA-3 finalist BLAKE. This bug remained undiscovered for seven years, and is particularly serious because it provides a simple strategy to modify the message without changing the hash value returned by the implementation. We detect these bugs using a fully automated testing approach.

机译：密码散列函数是具有许多实际应用（特别是在数字签名中）的安全性至关重要的算法。开发一种测试它们的方法可能特别困难，并且错误可能在很多年内未被发现。我们重新审视了用于开发SHA-3标准的美国国家标准技术研究院哈希函数竞赛，并将新的测试策略应用于所有可用的参考实现。基于哈希函数应满足的密码学性质，我们开发了四个测试。位贡献测试检查消息中的更改是否影响哈希值，而位排除测试则检查超出最后一个消息位的更改是否使哈希值保持不变。我们开发了Update Test（更新测试）以验证消息是否按块正确处理，然后使用组合测试方法将测试集的大小减少几个数量级，同时保留相同的故障检测能力。我们的测试检测了提交给SHA-3竞赛的86种参考实现中的41种错误，包括重新发现了SHA-3决赛入围者BLAKE的所有提交实现中的错误。此错误七年以来一直未被发现，并且特别严重，因为它提供了一种简单的策略来修改消息而不更改实现返回的哈希值。我们使用全自动测试方法来检测这些错误。

著录项

来源
《IEEE Transactions on Reliability》 |2018年第3期|870-884|共15页
作者
Nicky Mouha; Mohammad S. Raunak; D. Richard Kuhn; Raghu Kacker;
展开▼
作者单位

National Institute of Standards and Technology, Gaithersburg, MD, USA;

Department of Computer Science, Loyola University Maryland, Baltimore, MD, USA;

National Institute of Standards and Technology, Gaithersburg, MD, USA;

National Institute of Standards and Technology, Gaithersburg, MD, USA;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Testing; Cryptography; Computer bugs; NIST; Software; Systematics;

机译：测试;密码学;计算机错误;NIST;软件;系统学;

相似文献

外文文献
中文文献
专利

1. Finding Bugs in Cryptographic Hash Function Implementations [J] . Mouha Nicky, Raunak Mohammad S., Kuhn D. Richard, Fortschritte der Physik . 2018,第3期

机译：在加密哈希函数实现中找到错误
2. High Performance and Low Power Hardware Implementation for Cryptographic Hash Functions [J] . YunlongZhang, JooheeKim, KenChoi, International Journal of Distributed Sensor Networks . 2014,第1期

机译：加密哈希函数的高性能和低功耗硬件实现
3. High frequency implementation of cryptographic hash function Keccak-512 on FPGA devices [J] . Soufiane El Moumni, Mohamed Fettach, Abderrahim Tragha International journal of information and computer security . 2018,第4期

机译：FPGA器件上的加密哈希函数Keccak-512的高频实现
4. Parameterized FPGA-based implementation of cryptographic hash functions using cellular automata [C] . Yuliya Tanasyuk, Artem Perepelitsyn, Sergey Ostapov 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies . 2018

机译：使用元胞自动机的基于FPGA的参数化加密哈希函数实现
5. High Speed FPGA Implementation of Cryptographic Hash Function. [D] . Esuruoso, Olakunle. 2011

机译：加密散列函数的高速FPGA实现。
6. Finding Bugs in Cryptographic Hash Function Implementations [O] . Nicky Mouha, Mohammad S Raunak, D. Richard Kuhn, -1

机译：在加密哈希函数实现中查找错误
7. Analysis and Implementation of Cryptographic Hash Functions in Programmable Logic Devices [O] . Tautvydas Brukštus 2016

机译：可编程逻辑器件中密码哈希函数的分析与实现
8. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Category: Computer Security. Subcategory: Cryptography. [R] . 2015

机译：sHa-3标准：基于排列的散列和可扩展输出函数。类别：计算机安全。子类别：密码学。

Finding Bugs in Cryptographic Hash Function Implementations

摘要

著录项

相似文献

相关主题

期刊订阅