当前位置: X-MOL 学术IEEE Trans. Reliab. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Finding Bugs in Cryptographic Hash Function Implementations
IEEE Transactions on Reliability ( IF 5.0 ) Pub Date : 2018-09-01 , DOI: 10.1109/tr.2018.2847247
Nicky Mouha 1 , Mohammad S Raunak 2 , D Richard Kuhn 1 , Raghu Kacker 1
Affiliation  

Cryptographic hash functions are security-critical algorithms with many practical applications, notably in digital signatures. Developing an approach to test them can be particularly difficult, and bugs can remain unnoticed for many years. We revisit the National Institute of Standards and Technology hash function competition, which was used to develop the SHA-3 standard, and apply a new testing strategy to all available reference implementations. Motivated by the cryptographic properties that a hash function should satisfy, we develop four tests. The Bit-Contribution Test checks if changes in the message affect the hash value, and the Bit-Exclusion Test checks that changes beyond the last message bit leave the hash value unchanged. We develop the Update Test to verify that messages are processed correctly in chunks, and then use combinatorial testing methods to reduce the test set size by several orders of magnitude while retaining the same fault-detection capability. Our tests detect bugs in 41 of the 86 reference implementations submitted to the SHA-3 competition, including the rediscovery of a bug in all submitted implementations of the SHA-3 finalist BLAKE. This bug remained undiscovered for seven years, and is particularly serious because it provides a simple strategy to modify the message without changing the hash value returned by the implementation. We detect these bugs using a fully automated testing approach.

中文翻译:

在加密散列函数实现中查找错误

加密散列函数是具有许多实际应用的安全关键算法,特别是在数字签名中。开发一种方法来测试它们可能特别困难,而且 bug 可能会被忽视多年。我们重新审视了用于制定 SHA-3 标准的美国国家标准与技术研究院哈希函数竞赛,并将新的测试策略应用于所有可用的参考实现。受散列函数应满足的加密属性的启发,我们开发了四个测试。位贡献测试检查消息中的更改是否影响散列值,位排除测试检查超出最后一个消息位的更改是否使散列值保持不变。我们开发了更新测试来验证消息是否以块的形式正确处理,然后使用组合测试方法将测试集大小减少几个数量级,同时保持相同的故障检测能力。我们的测试在提交给 SHA-3 竞赛的 86 个参考实现中的 41 个中检测到错误,包括在所有提交的 SHA-3 决赛入围者 BLAKE 实现中重新发现错误。这个错误七年来一直没有被发现,而且特别严重,因为它提供了一种简单的策略来修改消息而不改变实现返回的哈希值。我们使用全自动测试方法检测这些错误。包括在所有提交的 SHA-3 决赛入围者 BLAKE 实现中重新发现错误。这个错误七年都没有被发现,而且特别严重,因为它提供了一种简单的策略来修改消息而不改变实现返回的哈希值。我们使用全自动测试方法检测这些错误。包括在所有提交的 SHA-3 决赛入围者 BLAKE 实现中重新发现错误。这个错误七年都没有被发现,而且特别严重,因为它提供了一种简单的策略来修改消息而不改变实现返回的哈希值。我们使用全自动测试方法检测这些错误。
更新日期:2018-09-01
down
wechat
bug