Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]

@

Journal of Information Science and Engineering, Vol. 24 No. 5, pp. 1485-1504 (September 2008)

Automated Design of Cryptographic Hash Schemes by Evolving Highly-Nonlinear Functions

Juan M. Estevez-Tapiador, Julio C. Hernandez-Castro, Pedro Peris-Lopez and Arturo Ribagorda
Department of Computer Science
Carlos III University of Madrid
28911 Leganes, Madrid, Spain
E-mail: {jestevez; jcesar; pperis; arturo}@inf.uc3m.es

In the last years, a number of serious flaws and vulnerabilities have been found in classic cryptographic hash functions such as MD4 and MD5. More recently, similar attacks have been extended to the widely used SHA-1, to such an extent that nowadays is prudent to switch to schemes such as SHA-256 and Whirlpool. Nevertheless, many cryptographers believe that all the SHA-related schemes could be vulnerable to variants of the same attacks, for all these schemes have been largely influenced by the design of the MD4 hash function. In this paper, we present a general framework for the automated design of cryptographic block ciphers and hash functions by using Genetic Programming. After a characterization of the search space and the fitness function, we evolve highly nonlinear and extremely efficient functions that can be used as the core components of a cryptographic construction. As an example, a new block cipher named Wheedham is proposed. Following the Miyaguchi-Preneel construction, this block cipher is then used as the compression function of a new hash scheme producing digests of 512 bits. We present a security analysis of our proposal and a comparison in terms of performance with the most promising alternatives in the near future: SHA-512 and Whirlpool. The results show that automatically-obtained schemes such as those presented are competitive both in security and speed.

Keywords: hash function, block cipher, non-linear functions, cryptography and coding, evolutionary computation, information security

Full Text () Retrieve PDF document (200809_13.pdf)

Received October 31, 2006; revised March 28, 2007; accepted May 2, 2007.
Communicated by Tzong-Chen Wu.