|
|
Attacks based on side channels
Hlaváč, Martin ; Rosa, Tomáš (advisor) ; Tůma, Jiří (referee)
The work extends the Hidden Number Problem (HNP) introduced by Boneh and Venkatesan in 1996. HNP is to find an unknown integer if several approximations of its multiples modulo N are known. New method for solving an extension of HNP (EHNP) is elaborated, taking into account the ragmentation of the information on the multiples and on the hidden number itself, as well. A real scenario application of the approach is presented - the private DSA key is extracted with the knowledge of side information on 5 signing operations. Such an information can be obtained if the signatures are generated in the unsecured environment of a Pentium 4 processor with Hyper-Threading technology.
|
|
|
Algebraic and combinatorial methods for the study of hash functions
Joščák, Daniel ; Tůma, Jiří (advisor) ; El Bashir, Robert (referee) ; Rosa, Tomáš (referee)
The work summarizes author's research during the doctoral studies in the field of hash functions. The first part of the thesis presents a generalised theory of equations built from two basic building blocks of cryptographic primitives: modular addition and eXclusive OR. In particular we study AX-equations of depth 1. The second and third sections were written after Wang's publication of collisions in MD5 and show that minor modifications of the hash function does not work. We present collisions in the 3C and 3C+ constructions of hash function suggested by Gauravaram and feedback ring-iterative structure by Su et al. The results were published at the conferences ICISC 2006 and SPI 2007. The last part presents a newly constructed type of collisions in MD5 with a newly proposed message differences. The result was published and presented at the conference Indocrypt 2008. Powered by TCPDF (www.tcpdf.org)
|
|
| |
|
| |
|
|
Searching collisions in hash functions
Joščák, Daniel ; Tůma, Jiří (advisor) ; Holub, Štěpán (referee)
The main interest of this paper is finding collisions in the hash function MD5. We present our new algorithm based on Wangs et al. methods of finding collisions in MD5. While writing this thesis Stevens and Klima published their fast algorithms for finding collisions. We give a description of these algorithms and the calculation of computianal complexity of all three algorithms.
|
|
|
Mathematical foundations of Steven's algorithm
Štubňa, Ivan ; Tůma, Jiří (advisor) ; Vábek, Jiří (referee)
In the present work we address the issue of nding collisions in MD5 hash function. In this work we focus on Steven's algorithm for nding the di erential paths and solve some problems associated with this algorithm. We solve especially problem of the rotation and selections of parameters within one step of generating di erential path. The aim of this work is to present mathematical solutions of these problems and propose an optimization of Steven's algorithm.
|
|
| |
|
|
Cryptanalysis of ciphers used in GSM phones
Barboriková, Jana ; Tůma, Jiří (advisor) ; Kechlibar, Marian (referee)
The aim of this thesis is to introduce the family of A5 algorithm which is used in data encryption and decryption in GSM phones. It is focused on real time cryptanalysis of the stream cipher A5/1. It describes in detail the known plaintext attack published by A. Biryukov, A. Shamir and D. Wagner. Both the attack and the cipher are implemented. The implementation proves that the preprocessing stage of the attack is very time consuming, but the actual attack can be carried out in real time on a single PC. Then the problem of finding a good statistical model for the process of generating tree of predecessors of internal states of A5/1 is studied. We present reasons why the singletype Galton-Watson process is not suitable for the problem and introduce a multitype Galton-Watson process and a macro process. The models are applied to the process of generating predecessors and their predictions are compared with experimental data.
|
|
| |
|
| |
guest ::
