Information Technology Reference
In-Depth Information
In this paper we propose a modified expansion scheme for Tangle that im-
proves security, specifically directed to prevent the attacks that were successful
against the original version of this hash function. First, we describe the origi-
nal message expansion scheme submitted to NIST and analyze its main flaws
in section 2. Then we describe and analyze the proposed alternative scheme
(section 3). Finally we present some open problems (section 4) and conclusions
(section 5).
2 Preliminaries
The original message expansion function of Tangle is described in the following.
It is based on a simple matrix based pseudorandom generator that is seeded with
the input message and creates a sequence of words of the length required by the
compression function (4096 bits). A description of Tangle in greater detail can
be found on the submission documentation ([2]).
2.1 Original Message Expansion
The message expansion function expands the 128 words of message block
M
into
2
R
words (two words per round of the compression function, as required by each
digest size). For this purpose a small matrix based pseudorandom generator is
used.
The following non-linear functions are used in the specification:
F
1
(
x, y, z
)=(
x ∧
(
y ∨ z
))
∨
(
y ∧ z
)
F
2
(
x, y, z
)=(
¬y ∧
(
x ∨ z
))
∨
(
x ∧ z
)
FR
1
(
x
)=rotl(
x,
3)
⊕
rotl(
x,
13)
⊕
rotl(
x,
29)
FR
2
(
x
)=rotl(
x,
5)
rotl(
x,
27)
S
box
(
x
)=S-boxlookupof
x
, multiplicative inverse in
GF
(2
8
)
⊕
rotl(
x,
19)
⊕
Generator Description.
The generator has 8 state words,
X
0
,X
1
,...,X
7
,
and is iterated
X
i
=
A
X
i−
1
and
A
=
PAP
−
1
,where
⎛
⎝
⎞
⎠
01000000
00100000
00010000
00001000
00000100
00000010
00000001
10111000
A
=
,
Search WWH ::
Custom Search