A Lightweight 256-Bit Hash Function for Hardware and Low-End Devices: Lesamnta-LW

This paper proposes a new lightweight 256-bit hash function Lesamnta-LW with claimed security levels of at least 2120 with respect to collision, preimage, and second preimage attacks. We adopt the Merkle-Damgard domain extension; the compression function is constructed from a dedicated AES-based block cipher using the LW1 mode, for which a security reduction can be proven. In terms of lightweight implementations, Lesamnta-LW offers a competitive advantage over other 256-bit hash functions. Our size-optimized hardware implementation of Lesamnta-LW requires only 8.24 Kgates on 90 nm technology. Our software implementation of Lesamnta-LW requires only 50 bytes of RAM and runs fast on short messages on 8-bit CPUs.

[1]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[2]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[3]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[4]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[5]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[6]  Bruce Schneier One-way hash functions , 1991 .

[7]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[8]  Ingrid Verbauwhede,et al.  Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks , 2006, ESAS.

[9]  Dongvu Tonien,et al.  Birthday Paradox for Multi-Collisions , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[11]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[12]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[13]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[14]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[15]  Hideki Imai,et al.  On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[16]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[17]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[18]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[19]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[20]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[21]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[22]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[23]  William Allen Simpson,et al.  PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[24]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[25]  Earl E. Swartzlander,et al.  ASIC evaluation of ECHO hash function , 2009, 2009 IEEE International SOC Conference (SOCC).

[26]  María Naya-Plasencia,et al.  Quark: A Lightweight Hash , 2010, CHES.

[27]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[28]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[29]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[30]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[31]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[32]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.

[33]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[34]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[35]  Orr Dunkelman,et al.  Another Look at Complementation Properties , 2010, FSE.

[36]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[37]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[38]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[39]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[40]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[41]  María Bárbara Álvarez Torres,et al.  On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops , 2004, Lecture Notes in Computer Science.

[42]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[43]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[44]  Bart Preneel,et al.  MAME: A Compression Function with Reduced Hardware Requirements , 2007, CHES.

[45]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[46]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[47]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[48]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[49]  Georg Neubauer,et al.  Compact Hardware Implementations of the SHA-3 Candidates ARIRANG, BLAKE, Gröstl, and Skein , 2009, IACR Cryptol. ePrint Arch..