Skip to main content
SpringerLink
Log in

Cryptanalysis of Tav-128 Hash Function

  • Conference paper
Progress in Cryptology - INDOCRYPT 2010 (INDOCRYPT 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6498))

Included in the following conference series:

Abstract

Many RFID protocols use cryptographic hash functions for their security. The resource constrained nature of RFID systems forces the use of light weight cryptographic algorithms. Tav-128 is one such 128-bit light weight hash function proposed by Peris-LopezĀ et al. for a low-cost RFID tag authentication protocol. Apart from some statistical tests for randomness by the designers themselves, Tav-128 has not undergone any other thorough security analysis. Based on these tests, the designers claimed that Tav-128 does not posses any trivial weaknesses. In this article, we carry out the first third party security analysis of Tav-128 and show that this hash function is neither collision resistant nor second preimage resistant. Firstly, we show a practical collision attack on Tav-128 having a complexity of 237 calls to the compression function and produce message pairs of arbitrary length which produce the same hash value under this hash function. We then show a second preimage attack on Tav-128 which succeeds with a complexity of 262 calls to the compression function. Finally, we study the constituent functions of Tav-128 and show that the concatenation of nonlinear functions A and B produces a 64-bit permutation from 32-bit messages. This could be a useful light weight primitive for future RFID protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: A lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol.Ā 6225, pp. 1ā€“15. Springer, Heidelberg (2010)

    ChapterĀ  Google ScholarĀ 

  2. Baldwin, B., Byrne, A., Hamilton, M., Hanley, N., McEvoy, R.P., Pan, W., Marnane, W.P.: FPGA implementations of SHA-3 candidates: Cubehash, grostl, LANE, shabal and spectral hash. In: NĆŗƱez, A., Carballo, P.P. (eds.) 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools, DSD, pp. 783ā€“790. IEEE Computer Society, Los Alamitos (2009)

    Google ScholarĀ 

  3. Bertasi, P., Bressan, M., Peserico, E.: Yet Another Fast Stable Sorting Software. In: Experimental Algorithms. LNCS, vol.Ā 5526, pp. 76ā€“78. Springer, Heidelberg (2009)

    ChapterĀ  Google ScholarĀ 

  4. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol.Ā 4727, pp. 450ā€“466. Springer, Heidelberg (2007)

    ChapterĀ  Google ScholarĀ 

  5. Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash Functions and RFID Tags: Mind the Gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol.Ā 5154, pp. 283ā€“299. Springer, Heidelberg (2008)

    ChapterĀ  Google ScholarĀ 

  6. Brassard, G.: CRYPTO 1989. LNCS, vol.Ā 435. Springer, Heidelberg (1990)

    MATHĀ  Google ScholarĀ 

  7. Choi, E.Y., Lee, S.-M., Lee, D.H.: Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol.Ā 3823, pp. 945ā€“954. Springer, Heidelberg (2005)

    ChapterĀ  Google ScholarĀ 

  8. DamgĆ„rd, I.: A Design Principle for Hash Functions. In: Brassard [6], pp. 416ā€“427

    Google ScholarĀ 

  9. Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), Athens, Greece, pp. 56ā€“66. IEEE Computer Society Press, Los Alamitos (September 2005)

    Google ScholarĀ 

  10. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol.Ā 3156, pp. 357ā€“370. Springer, Heidelberg (2004)

    ChapterĀ  Google ScholarĀ 

  11. Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol.Ā 4277, pp. 372ā€“381. Springer, Heidelberg (2006)

    ChapterĀ  Google ScholarĀ 

  12. Gaj, K., Homsirikamol, E., Rogawski, M.: Fair and comprehensive methodology for comparing hardware performance of fourteen round two SHA-3 candidates using FPGAs. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol.Ā 6225, pp. 264ā€“278. Springer, Heidelberg (2010)

    ChapterĀ  Google ScholarĀ 

  13. Henrici, D., MĆ¼ller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: PerCom Workshops, pp. 149ā€“153. IEEE Computer Society, Los Alamitos (2004)

    Google ScholarĀ 

  14. Kelsey, J., Schneier, B.: Second Preimages on n-bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.Ā 3494, pp. 474ā€“490. Springer, Heidelberg (2005)

    ChapterĀ  Google ScholarĀ 

  15. Markle, R.: One way Hash Functions and DES. In: Brassard [6], pp. 428ā€“446

    Google ScholarĀ 

  16. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997), http://www.cacr.math.waterloo.ca/hac/

    MATHĀ  Google ScholarĀ 

  17. National Institute of Standards and Technology. Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family (November 2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf with the Docket No: 070911510751201 (Accessed on 22/09/2010)

  18. NIST. FIPS PUB 180-2-Secure Hash Standard (August 2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf (accessed on 23/09/2010)

  19. NIST. Second Round Candidates. Official notification from NIST (2009), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html (accessed on 22/09/2010)

  20. Peris-Lopez, P., Castro, J.C.H., EstĆ©vez-Tapiador, J.M., Ribagorda, A.: An Efficient Authentication Protocol for RFID Systems Resistant to Active Attacks. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol.Ā 4809, pp. 781ā€“794. Springer, Heidelberg (2007)

    ChapterĀ  Google ScholarĀ 

  21. Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol.Ā 3450, pp. 70ā€“84. Springer, Heidelberg (2005)

    ChapterĀ  Google ScholarĀ 

  22. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., MĆ¼ller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol.Ā 2802, pp. 201ā€“212. Springer, Heidelberg (2004)

    ChapterĀ  Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology, Kharagpur, WB, India

    Ashish Kumar

  2. Indraprastha Institute of Information Technology-Delhi, New Delhi, India

    Somitra Kumar Sanadhya

  3. Technical University of Denmark, Denmark

    Praveen Gauravaram

  4. Iran University of Science and Technology, Tehran, Iran

    Masoumeh SafkhaniĀ &Ā Majid Naderi

Authors
  1. Ashish Kumar
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Somitra Kumar Sanadhya
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Praveen Gauravaram
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  4. Masoumeh Safkhani
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  5. Majid Naderi
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario, Canada

    Guang Gong

  2. Indian Statistical Institute, Applied Statistics Unit, 203 B. T. Road, 700108, Kolkata, India

    Kishan Chand Gupta

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kumar, A., Sanadhya, S.K., Gauravaram, P., Safkhani, M., Naderi, M. (2010). Cryptanalysis of Tav-128 Hash Function. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17401-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17400-1

  • Online ISBN: 978-3-642-17401-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation