The goal of this project is to build an automated framework to search for cryptographic trails, or for properties related to these trails, for the largest family of symmetric ciphers/hash functions as possible. The crypto community will benefit from this research, as a systematic analysis of new and old design will be performed in an automated way. For instance, this might be of interest in public competitions, such as the ongoing Lightweight Standardization Process proposed by NIST.
The most common hash functions and block ciphers exploit a combination of basic mathematical operations such as modular addition, bitwise XOR, polynomial multiplication, and so on. Ciphers --- e.g. AES, SHA-2, SHA-1, RIPEMD, PRESENT and so on --- executed every day by millions of users deeply rely on these operations. Improving them would mean (a) making cryptographic primitives more efficient from a user point of view and (b) evaluating the ability of malicious users to mount a brute-force attack. This is of vital importance for saving devices' resources and measuring the strength of a cipher.
HMAC is one of the oldest cryptographic primitives largely in use to provide authentication and integrity. Its default implementation is HMAC-SHA-1, which renders the full construction potentially weak, due to the well-known underlying weaknesses of SHA-1 (non-collision resistance, for details refer to Stevens M., Bursztein E., Karpman P., Albertini A., Markov Y., "The First Collision for Full SHA-1", Advances inCryptology - CRYPTO 2017, LNCS 10401, 2017). Although SHA-1 has been deprecated and in 2017 the first collision for full SHA-1 has been found, HMAC-SHA-1 is considered secure and it is widely used in cryptographic protocols, software and libraries (open source and not). This because the security of the message authentication mechanism does not only depend on cryptographic properties of a hash function H, but also on the message authentication property of the compression function of H when applied to single blocks. Due to the high complexity of the approaches described in literature, finding an HMAC-SHA-1 collision seems to be impractical as well as a preimage attack against full SHA-1. Nevertheless, reducing the costs of finding these attacks would be of great interest for the crypto community.
Il progetto e' finalizzato a promuovere un forte impatto culturale sul territorio e sul tessuto sociale, a partire dalla cultura dell'immagine e della fotografia. Gli obiettivi del progetto saranno (a) la sperimentazione di un modello inedito di certificazione estetica (Dipartimento di Beni Culturali e Ambientali); (b) la tutela dei diritti d'autore di giovani artisti attraverso tecniche crittografiche largamente implementate in sistemi basati su blockchain (Dipartimento di Informatica); (c) la valorizzazione di nuovi talenti artistici (Accademia di Brera). Particolare attenzione verra' anche dedicata all'attivita' didattica e alla formazione di una nuova figura professionale. L'obiettivo sara' quello di formare certificatori che sappiano valorizzare nuovi percorsi artistici/tecnici, superare i limiti imposti dal mercato dell'arte tradizionale e agire sul territorio nel mercato del lavoro. Infine, la divulgazione al pubblico dei risultati ottenuti avverra' attraverso la realizzazione di una serie di mostre sul territorio in luoghi non convenzionali.
Several cryptographic schemes base their security upon the hardness of the discrete logarithm problem for elliptic curves (ECDLP). In recent years many papers have appeared investigating the classical discrete logarithm problem for elliptic curves, exploiting the multivariate polynomial approach with the use of the celebrated summation polynomials, introduced by Semaev in 2004. However, with a notable exception by Petit et al. in 2016, all numerous specialized papers have investigated only the composite-field case, leaving apart the laborious prime-field case. Recently, a variation of Semaev's original approach for the prime-field case was proposed. Such a variation outperforms both the original Semaev's method and Petit's specialized algorithm. It reaches the improvement by reducing the necessary Groebner basis computations to only one basis calculation. In this project, the research group focuses on the analysis of systems arising from the application of the algorithm in to instances of the ECDLP. The best known algorithms (in terms of efficiency) for computing Groebner Basis are F4 and F5. However, they are "general purpose", i.e. usable for every system of polynomial equations. Consequently, as the cardinality of the base field of the considered elliptic curve grows, it becomes infeasible to solve the corresponding system with F4 and F5. Nevertheless, systems of our interest are very specific, since they are composed by a summation polynomial Sm and univariate polynomials of low degrees. Our aim is to identify recurring patterns, applying F4 to systems arising from elliptic curves field defined over a base field with more than 2^25 elements. Recurrings will lead to an F4's variation, particularly suitable, in terms of efficiency, for systems of cryptographic interest. Improvements on F4 needs to be tested on elliptic curves having domain parameters of cryptographic interest.
Passwords are widely used to protect secret data or to gain access to specific resources. Full disk encryption, authentication to web services, authentication to mobile devices, are examples of real applications. For sake of security, passwords should be strong enough to prevent well-know attacks, in particular dictionary and brute force attacks. Unfortunately, user-chosen passwords are generally short and lacks enough entropy. For these reasons, passwords cannot be directly used as a key to implement secure cryptographic systems. A possible solution to these issues is to adopt a password-based key derivation function (KDF), that is a function which takes a source of initial keying material and derives from it one or more pseudo-random keys. By applying a KDF to a user password, we (1) allow to increase the size of a cryptographic key, (2) allow legitimate users to spend a moderate amount of time on key derivation, and (3) slow down a brute force attack as much as possible. In this research project we analyze algorithms and cryptographic primitives used to generate keys with the aim to find weaknesses and suggest possible solutions. Particular attention will be paid to security [3,4] and performance matters [1,2,5].
[1] A.Visconti, S.Bossi, H.Ragab, A.Calo'. On the Weaknesses of PBKDF2. In Proceedings of the 14th International Conference on Cryptology and Network Security (CANS 2015), LNCS 9476, pp.119--126 pdf.
[2] S.Bossi, A.Visconti. What Users Should Know About Full Disk Encryption Based on LUKS. In Proceedings of the 14th International Conference on Cryptology and Network Security (CANS 2015), LNCS 9476, pp.225--237 pdf.
[3] L.Casati, A.Visconti, Exploiting a Bad User Practice to Retrieve Data Leakage on Android Password Managers In Advances in Intelligent Systems and Computing, 11th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2017), LNCS 612.
[4] L.Casati, A.Visconti, The Dangers of Rooting: Data Leakage Detection in Android Application Mobile Information Systems, Article ID 6020461, ISSN 1574-017X, Feb 2018. pdf.
[5] A.Visconti, F.Gorla Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2 . pdf.