Research topic of the day: Choosing a #hashfunction for 2030 and beyond - https://kerkour.com/fast-secure-hash-function-sha256-sha512-sha3-blake3
TLDR: #blake3 is cool & let's hope it picks up steam, #sha512 is the winner for integrating into current projects.
Tree Hash EXchange format (THEX)
#TreeHashExchangeFormat #THEX #ContentAddressing #HashFunction #HashTree
N. Mouha and C. Celi, "A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm"¹
This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.
#ResearchPapers #IACR #Cryptanalysis #CVE202237454 #SHA3 #Keccak #HashFunction #Vulnerability
__
¹ https://eprint.iacr.org/2023/331
This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.
@badtuple Urgh, yes, hash functions are such an interesting and delicate topic!
Upper-bound for collision probability can be calculated for so called universal hash functions:
https://en.wikipedia.org/wiki/Universal_hashing
Not sure, if it is possible with other kind of hash functions, though.
I can highly recommend the following resource by Tomek Czajka
How to pick a hash function, part 1:
https://sortingsearching.com/2020/05/21/hashing.html
How to pick a hash function, part 2:
https://sortingsearching.com/2020/06/28/hashing-part-2.html
1/2
"There is a very real advantage here when it comes to security against quantum computers: While most currently used schemes would be broken by a large enough quantum computer running Shor’s algorithm, no generic quantum attacks (better than Grover’s algorithm) are known against hash functions. As long as we can build a quantum-secure hash function, we can plug it into a hash-based signature scheme and prove security."
Hash-based digital signatures (almost) from scratch
https://medium.com/@georgwiese/hash-based-digital-signatures-almost-from-scratch-da57e54dd774
AFOC
@reiver ⊼ (Charles) 
Darren
cynicalsecurity 
Jan 
kowsvc 
