跳到主要內容

臺灣博碩士論文加值系統

(54.173.214.227) 您好!臺灣時間:2022/01/29 14:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:周志賢
研究生(外文):Jue-Sam Chou
論文名稱:單向雜湊函數的設計和應用
論文名稱(外文):ON DESIGN OF ONE-WAY HASH FUNCTION AND ITS APPLICATION
指導教授:葉義雄葉義雄引用關係
指導教授(外文):Yi-Shiung Yeh
學位類別:博士
校院名稱:國立交通大學
系所名稱:資訊工程系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:118
中文關鍵詞:單向雜湊函數網路玩牌位元協定塊狀加密標準
外文關鍵詞:one-way hash functionmental poker gamebit commitmentAES
相關次數:
  • 被引用被引用:1
  • 點閱點閱:500
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
一個好的雜粹函數可在密碼方向提供很多的應用。在本篇論文中,首先我們偍出一些新的雜粹函數,之後應用雜湊函數的觀念,來探討在網路上玩牌的問題。
首先我們針對RIPEMD-160來設計出一個可輸出1285,192,256三種位元長度的雜湊函數,我們稱之為RIPEMD-X。由於分析和計算能力的不斷擴增,我們提出了一個加強型的RIPEMD-X叫做keyed/unkeyed RIPEMD-X,它比原先的RIPEMD-128和 RIPEMD-256更安全且更有彈性,我們研究所用的方法是使用一個存放參數的表格PHT,將PHT中的參數取出當RIPEMD-X的初始值,而存取PHT參數的方法是用資料結構中的雜湊技巧。因此經由不重複且任意排列的方式存取PHT中的參數,可增進RIPEMD-X的安全性。
之後,一些有名的塊狀加密演算法,如DES被用來產生新的雜湊函數。而AES被用來當作是下20、30年間加密的標準,它強調安全性、簡單性與執行效率。由於RC6曾入圍AES選拔的前5名之一,且作者宣稱RC6的回合金鑰(round key)是由輸入金鑰字(input key word)以單向的方式產生,因此我們出一個以RC6加密演算法為基礎的雜湊演算法叫RC雜湊函數,RC雜湊函數的強度也就大部分依賴於RC6加密演算法,我們所提出的RC雜湊函數可建立128位元輸出,同時,我們也建立了可輸出192及256位元的RC雜湊函數,此外,我們亦提出了一個新的雜湊函數建立在AES(Rajndael)上。
最後,我們探討雜湊函數在網路玩牌上的應用,我們知道對於這方面很多的密碼學家,提出了他們的解決方法,他們的方法不是太過複雜,計算過於費時,且不易懂,就是用排列的方式,而排列的方式是有很多毛病的,換句話說,還沒有一個很好的方法既適合多人玩,且快速易懂又完美。為了改進現有的技巧,我是提出2個方法,一是雜湊函數為基礎的方法,因為我們知道雜湊值具有協定值的特性,即提出後無法改變其值,且雜湊函數具有運算快速的特性,另一個是位元協定的方法,這兩種方法都配合RSA密碼方法使用,它不但觀念簡單而且免去了其它方法為模擬協定值(如一張牌的背面)而設計的繁雜且耗時的方法。
A tight hash function can be a strong support for many cryptographic applications. In this dissertation, we intend to propose some new hash functions. After that, we use the concept of hash function for the application of mental poker game.
Firstly, we propose an adaption from RIPEMD-160 to RIPEMD-128, 192, 256 (RIPEMD-X) for providing an alternative length for some applications, such as the input key length of AES. Furthermore, due to the progress in cryptanalysis and computing capability, we propose a strengthened keyed/unkeyed RIPEMD-X with changeable parameters, a more safety and flexible one-way function. Our research method is using hash table to substitute RIPEMD-X initial parameters flexibly. Therefore, we can use parameters flexibly and collision free, as a result, it increases security by permuting parameters.
Secondly, certain famous block cipher algorithms, such as DES, are chosen to modify as new hash algorithms. Due to the fact that RC6 had ever been the most hopeful candidate encryption algorithm of AES which emphasizes on the security, simplicity and performance of the algorithm and will be the standard for the next two or more decades, and that the round keys of RC6 are generated from the input key words by a certain amount of “one way” claimed by the authors, we describe a hash function named RC hash function based on the use of underlying RC6 encryption algorithm. It is thus natural that the strength of our proposed scheme relies to a large extent on the RC6 encryption algorithm. The RC hash function in our study can generate 128-bit output. Furthermore, we also give the variant of RC hash function that can output 192 and 256 bits, respectively. Besides, we also propose a new hash function based on Rijndael block cipher which is selected as AES algorithm.
Finally, many specialists in cryptography have attempted to propose protocols for mental poker so far, most of the methods proposed are based on the composition of each player’s private permutation of cards or on the complex cryptosystem that is already existed or developed by the proposer. Yet, each one is either too complicated or has some drawbacks in it. In other words, no solution has come to reality. To improve the schemes proposed so far, we construct a hash-based method, i.e. using a hash code as a commitment value and a bit commitment scheme, both are used along with the RSA cryptosystem to implement the mental poker game. It is not only simple but also concise in concept.
ABSTRCT IN CHINESEI
ABSTRACTIII
AcknowledgmentsV
TABLE OF CONTENTSVI
LIST OF FIGURESXI
LIST OF TABLESXI
CHAPTER 1 INTRODUCTION1
1.1 Hash Function1
1.2 Digit Signature3
1.3 Cryptographic Protocol5
CHAPTE 2 SOME FAMOUS ONE-WAY HASH FUNCTIONS7
2.1 Background7
2.2 Padding and Parsing Action8
2.3 MD5, SHA series, RIPEMD series9
2.3.1 MD59
2.3.2 SHA (Secure Hash Algorithm) series9
2.3.2.1 SHA9
2.3.2.2 SHA-19
2.3.2.3 SHA-210
2.3.3 RIPEMD series11
2.3.3.1 RIPEMD-16011
2.3.3.2 RIPEMD-32011
2.3.3.3 RIPEMD-X11
2.3.3.3.1 Method11
2.3.3.3.2 Advantages16
CHAPTER 3 PARAMERIZED DEDICATED ONE-WAY HASH FUNCTION18
3.1 Motivations18
3.2 The Keyed Concept History18
3.3 Keyed/unkeyed One-way Hash Functions19
3.3.1 Keyed Hash Function20
3.3.2 Unkeyed Hash Function22
3.4 Keyed/unkeyed MD5, SHA and RIPEMD-X23
3.4.1 Keyed/unkeyed MD525
3.4.2 Keyed/unkeyed SHA26
3.4.3 keyed/unkeyed RIPEMD-X27
3.4.3.1 Preparation Work28
3.4.3.2 Keyed/unkeyed RIPEMD-X Algorithm30
3.4.3.3 Complexity and Security Analysis33
3.4.3.3.1 Complexity33
3.4.3.3.2 Security33
3.4.4 Discussion34
3.5 Keyed/unkeyed SHA-235
CHAPTER 4 SYMMETRIC CIPHER-BASED ONE-WAY HASH FUNCTION36
4.1 Background36
4.2 DES Hash Function37
4.3 AES Hash Function37
4.3.1 AES Selection38
4.4 RC6 Hash Function39
4.4.1 Description of RC640
4.4.2 Adapt RC6 to a Hash Function40
4.4.2.1 About the Message to be Hashed40
4.4.2.2 About RC Hash Function41
4.4.2.3 RC Hash Function Algorithm41
4.4.2.4 A Variant of RC Hash Function42
4.4.2.5 Security Analysis45
4.5 Rijndael Hash Function45
4.5.1 Description of Rijndael46
4.5.2 Adapt Rijndael to a Hash Function46
4.5.2.1 About Message to Be Hashed46
4.5.2.2 Define the State and the Key47
4.5.2.3 The Rijndael-X Hash Algorithm48
4.5.2.4 Security Analysis48
4.6 Whirlpool49
4.7 Discussion50
4.8 Parameterized AES Hash Function50
CHAPTER 5 APPLICATIONS52
5.1 Applications of Using One-Way Hash Function52
5.2 Mental Poker Game52
5.2.1 Problem Description and History53
5.2.1.1 Problem Description53
5.2.1.1.1 Mental Poker Game53
5.2.1.1.2 Fragile Permutation-based Poker54
5.2.1.2 History56
5.2.2 Specifications58
5.2.2.1 The Specifications of the Mental Poker Game58
5.2.2.2 Card Sets and Operations58
5.2.2.2.1 Definition of Private Card Set58
5.2.2.2.2 Definition of Public Card Sets59
5.2.2.2.3 Operations59
5.2.3 Notations and Definitions59
5.2.4 A Bit Commitment Scheme61
5.2.4.1 The Basic Concept of our Method and its Advantages61
5.2.4.1.1 Basic Concept61
5.2.4.1.2 Method and Advantages62
5.2.4.2 Proposed Scheme63
5.2.4.2.1 Card Expression64
5.2.4.2.2 Elementary Operations64
5.2.4.2.2.1 TTP Shuffling Cards (Preparing a New Deck) (OP1)64
5.2.4.2.2.2 TTP Distributing Cards to Players (OP2)64
5.2.4.2.2.3 Pi Exchanging a Card with Pj (OP3)65
5.2.4.2.2.4 Pi Revealing a Card to Tabopen (OP4)66
5.2.4.2.2.5 Pi Discarding a Card to sets, Discard or Usedpi (OP5)66
5.2.4.2.2.6 Pi Reading a Card from Tabopen (OP6)66
5.2.4.2.2.7 Pi Reading a Card from the Deck (OP7)67
5.2.4.2.2.8 Pi Reading a Card from pj (OP8)67
5.2.4.2.2.9 Pi Passing (OP9)67
5.2.4.2.3 Game Playing67
5.2.4.2.3.1 Initializing Phase67
5.2.4.2.3.2 Playing Phase68
5.2.4.2.3.3 Checking Phase68
5.2.4.2.4 Example68
5.2.4.3 Analysis and Comparison68
5.2.4.3.1 Analysis68
5.2.4.3.2 Comparison70
5.2.4.4 Discussion71
5.2.4.4.1 Collusion Problem71
5.2.4.4.2 Why TTP Needed71
5.2.4.4.3 Why iSB Not in the Form Ssi(j, B), When Pj Wants to Select a Card From Hpi.73
5.2.4.4.4 Environment of the Game73
5.2.5 A Hash-based Scheme74
5.2.5.1 Proposed Scheme74
5.2.5.1.1 The Deck75
5.2.5.1.2 Primary Operations75
5.2.5.1.3 Playing the Game78
5.2.5.1.4 Example79
5.2.5.2 Analysis80
5.2.5.3 Discussion80
CHAPTER 6 CONCLUSION82
6.1 Summary82
6.2 Future Study83
REFERENCES85
Appendix A: The Algorithm of MD591
A.1 The algorithm of MD5 [5]91
Appendix B: The Algorithms of SHA Series93
B.1 The algorithm of SHA [3]93
B.2 The algorithms, SHA-256, SHA-512 and SHA-384 of SHA-294
B.2.1 SHA-25697
B.2.1.1 SHA-256 Preprocessing98
B.2.1.2 SHA-256 Hash Computation98
B.2.2 SHA-512100
B.2.2.1 SHA-512 Preprocessing100
B.2.2.2 SHA-512 Hash Computation100
B.2.3 SHA-384102
Appendix C: The Algorithms of RIPEMD Series103
C.1 The algorithm of RIPEMD-160 [7]103
C.2 The algorithm of RIPEMD-320104
Appendix D: The Algorithm of Whirlpool107
D.1 Description of the WHIRLPOOL primitive [48]107
D.2 Input and Output107
D.3 The Nonlinear Layer γ107
D.4 The Cyclical Permutation π107
D.5 The Linear Diffusion Layer θ108
D.6 The Key Addition σ[k]108
D.7 The Round Constants cr108
D.8 The Round Function r[k]109
D.9 The Key Schedule109
D.10 The Internal Block Cipher W109
D.11 Padding and MD-strengthening109
D.12 The Compression Function110
D.13 Message Digest Computation110
Appendix E: DES Hash Function111
E.1 Some Insecure Systems:111
E.2 Another Possible Hash Function by D. Davies111
Appendix F: Description of RC6 Bock Cipher112
F.1 RC6-w/r/b Parameters:112
F.2 Encryption:112
F.3 Decryption:113
F.4 Key Expansion Algorithm114
Appendix G: Description of Rijndael Block Cipher115
G.1 Round Transformation116
G.2 Key Expansion117
G.3 Cipher Algorithm118
[1]Bruce Schneier, Applied cryptography, 2nd Ed, John Wiley & Sons, Inc., U.S.A, 1996.
[2]Bart Preneel, etl., State of the Art in Applied cryptography, Lecture Notes in Computer Science, 1528, Springer, 1997.
[3]Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, Inc., 1997
[4]R. Rivest: "The MD5 Message Digest Algorithm," RFC1321, Apr. 1992.
[5]http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
[6]Hans Dobbertin: "The Status of MD5 After a Recent Attack," CryptoBytes Vol. 2 No. 2, Summer, 1996. Available at http://www.rsasecurity.com/rsalabs/cryptobytes
[7]Bart Preneel, Antoon Bosselaers, and Hans Dobbertin, "The Cryptographic Hash Function RIPEMD-160," The Technical Newsletter, RSA Laboratories, Autumn 1997, pp. 9-14.
[8]http:// www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
[9]http://www.ietf.org/rfc/rfc2403.txt
[10] Ellis Horowitz and Sartaj Sahni: Fundamentals of DATA STRUCTURES IN PASCAL, Computer Science Press, Inc., 1984.
[11] Roberts S. Winternitz: “Producing A One-Way Function From DES,” Advances in Cryptology 1991-1997, Electronic Proceedings of the Cryto and Eurocrypt conferences, Springer-Verlog, 1998.
[12] Mohammad Peyravian, Allen Roginsky and Nev Zunic, “Hash-Based Encryption System”, Computers & Security Vol.18, No.4, 1999, pp.345-350,
[13]http://www.itl.nist.gov/fipspubs/fip46-2.htm
[14]Ronald L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin, "The RC6 block Cipher," RSA Laboratories, 2955 Campus Drive, Suite 400, San Mateo, CA 94403, USA.
[15]http://www.ietf.org/rfc/rfc2040.txt
[16]http://csrc.nist.gov/encryption/aes
[17]http://www.esat.kuleuven.ac.be/~rijmen/rijndael/answer.pdf
[18]Joan Daemen, Lars Knudsen and Vicent Rijmen: “The block cipher Square,” Fast Software Encryption, LNCS 1267,E. Biham, Ed.,Springer-Verlag, 1997, pp.149-165.
[19]Lars R. Knudsen: “Truncated and higher order differentials,” Fast Software Encryption, LNCS 1008,B. Preneel, Ed.,Springer-Verlag, 1995, pp.196-211.
[20]Bert den Bore and Antoon Bosselaers: "Collisions for the compression function of MD5," Advances in Cryptology Eurocrypt ''93,Lecture Notes in Computer Science, Vol.773, Springer-Verlag,1994, pp.293-304.
[21]Simson Garfinkal: PGP: Pretty Good Privacy , O''Reilly & Associates, Inc.
[22]William Stallings: Cryptography and network Security, Principles and Practrice, Prentice hall, 1999, pp356-374.
[23]ftp://ftp.no.pgpi.com/pub/pgp
[24]http://www.pgpi.org/
[25]http://www.pgp.net/pgpnet/pgp-faq/
[26]Douglas R. Stinson, CRYPTOGRAPHY-Theory and Practice, CRC Press, 1995.
[27]Arto Salomaa, Public-K ey Cryptography, 2nd edition, Springer, 1996.
[28]Banary, I. And Furedi, Z., “ Mental Poker With Three or More Players,” Information and Control, 59, 1983, pp. 84-93.
[29]William Stallings, Cryptography and Network Security, Principles and Practrice, Prentice Hall, 1999.
[30]Shamir, A., Rivest, R. and Adleman, L., “ Mental poker,” MIT Technical Report, 1978.
[31]Lipton, D., “Cheating at Mental Poker,” Advances in Cryptology 1981-1997: Electronic Proc. Of the Crypto and Eurocrypt Conferences 1981-1997, Kevin S. McCureley and Claus Dieter Ziegler, eds., Lecture Notes in Computer Science 1440 Springer.
[32]Goldwasser, S. and Micali, S., “ Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information,” Proceedings of the 14th Annual ACM symp. On Theory of Computing, ACM-SIGACT, May 1982, pp. 365-377.
[33]Fortune, S. and Merrit, M., “ Poker Protocols,” Advances in Cryptology: Pro. Of CRYPTO 84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer Science 196, Spring-Verlag, Berlin, 1985, pp. 454-464.
[34]Yung, M., “ Cryptoprotocols: Subscription to a Public Key, The Secret Blocking and The Multi-Player Mental Poker Game,” Advances in Cryptology: Proc. Of CRYPTO 84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer Science 196, Spring-Verlag, Berlin, 1985, pp.439-453.
[35]Crépeau, C., “ A Secure Poker Protocol That Minimizes the Effect of Player Coalitions,” Advances in Cryptology: Proc. Of CRYPTO 85, H. C. Williams, ed., Lecture Notes in Computer Science 218, Spring-Verlag, 1986, pp. 73-86.
[36]Crépeau, C., “ A Zero-Knowledge Poker Protocol that Achieves Confidentiality of the Players’ Strategy, or How to Achieve an Electronic Poker Face,” theses in Advances in Cryptology: Proc. Of CRYPTO 86, A. Odlyzko, ed., Spring-Verlag, 1987.
[37]Kaoru Kurosawa, et al, “ General Public Key Residue Cryptosystems and Mental Poker Protocols,” Advances in Cryptology: Proc. Of EUROCRPT,90, Workshop on the Theory and Application of Cryptographic Techniques, Aarhus, Denmark, May 21-24, 1990, Proceedings, Lecture Notes in Computer Science Vol. 473 Springer 1991.
[38]Kaoru Kurosawa, Yutaka katayama and Wakaha Ogata, “ Reshuffleable and Laziness Tolerant Mental Poker Game,” IEICE Trans. Fundamentals, Vol. E80-A, No. 1, January 1997.
[39]Chris Hall and Bruce Schneier, “ Remote Electronic Gambling,” Computer Security Applications Conference, 1997. Proceedings., 13 th Annual, 1997 Page(s):232-238.
[40]Weiliang Zhao and Vijay Varadharajan and Yi Mu, “ Fair On-line Gambling,” Computer Security Applications, 2000. ACSAC ’00. 16th Annual Conference, 2000 Page(s):394-400
[41]Hatsukazu TANAKA, “ Simply Implemented Identity-Based Non-Interactive Key Sharing,” Information Theory, 1995. Proceedings., 1995 IEEE International Symposium on, 1995 Page(s):357
[42]Hatsukazu TANAKA, “ Security Certified Identity-Based Non-Interactive Key Sharing,” Information Theory, 1994. Proceedings., 1994 IEEE International Symposium on, 1994 Page(s):495
[43]Sangjoon Park, Yongdae Kim, Sangjin Lee and Kwangjo Kim, “ Attacks on Tanaka’s Non-interactive Key Sharing Scheme,” Information Theory, 1995. Proceedings., 1995 IEEE International Symposium on, 1995 Page(s):356
[44]Steven H. Low and Nicholas F. Maxemchuk, “ Collusion Analysis of Cryptographic Protocols,” IEEE Global Telecommunications Conference, V 1, Nov 18-22, 1996, pp.1-5.
[45]Steven H. Low and Nicholas F. Maxemchuk, “ An Algorithm to Compute Collusion Paths,” IEEE INFOCOM, V 2, Apr 7-12, 1997, pp.745-751.
[46]Giuseppe Ateniese, Michael Steiner, and Gene Tsudik, “ New Multiparty Authentication Services and Key Agreement Protocols,” IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 18, NO. 4, APRIL 2000.
[47]http://csrc.nist.gov/encryption/shs/dfips-180-2.pdf
[48]http://planeta.terra.com.br/informatica/paulobarreto/whirlpool.html
[49]Tsu-Miin Hsieh, Yi-Shiung Yeh, Chu-Hsing Lin, and Ssu-Heng Tuan, “One-way Hash Functions with Changeable Parameters,“ Information Sciences 118, 1999, pp. 223-239.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top