1. Graph-Based Cryptographic Hash Functions Dan Nichols Advisor: Dr. MukkaiKrishnamoorthy Rensselaer Polytechnic Institute May 6th, 2011

2. Introduction Cryptographic hash function A mathematical function with some special properties which make it useful for security and authentication We write f(m) = d where m is the message or input and d is the digestor output. The message is a string of any size; the digest is a string of a fixed length determined by the hash function. Used for: Message integrity checking Password authentication

3. Without a cryptographic hash function Login prompt Computer Hard Drive List of Passwords: Alice Palice Bob Pbob … Username Password check Permission to access computer system

4. With a cryptographic hash function Login prompt Computer Hard Drive Username Password List of Digests: Alice f(Palice) Bob f(Pbob) … f Username f(Password) check Permission to access computer system

5. Cryptographic Hash Functions A cryptographic hash function f must have three special properties: Preimage resistance: Given a digest d, it is very hard to find a message m such that d = f(m) Second preimage resistance: Given a message m1, it is very hard to find another message m2 such that f(m1) = f(m2). Collision resistance: It must be very hard to find any two messages m1 and m2 such that f(m1) = f(m2).

6. Cryptographic Hash Functions What does it mean for breaking a cryptosystem to be “very hard”? Generally, it means that solving the problem would take more time and resources (computing power) than those available to anyone who would want to solve it. But this isn’t really a mathematical definition; it is dependent on political and economic factors. A cryptographic hash function that is provably secure is one that can be mathematically proven to be at least as hard as certain very difficult mathematical problems. most commonly-used hash functions like SHA-1 are not provably secure.

7. Provably Secure Cryptographic Hash Functions One possible hash function to consider is the function HamHash, proposed by MaikeMassierer in a bachelor’s thesis. Massierer argues that this function is provably secure. HamHash is based on a mathematical problem called the Hamiltonian Cycle Problem, or HCP.

8. Hamiltonian Cycle Problem The Hamiltonian Cycle Problem is as follows: Given a graph G, does G contain a cycle which passes through every node in the graph exactly once and contains no duplicate edges? If so, we say G is Hamiltonian. This problem is NP-complete Example Hamiltonian Cycle Credit: Wikipedia

9. HamHash HamHash creates as its digest a large Hamiltonian graph. The function HamHash is made up of three parts: RED CYC GRAPH HamHash RED CYC GRAPH message digest

10. RED Input: binary string m (message) Output: binary string m’ of length l This function reduces the message to a fixed size in a secure way Massierer suggests using an existing hash function like SHA-256

11. CYC Input: binary string m’ of length l Output: n-permutation N representing a Hamiltonian cycle This function maps the string m’ to a permutation on n vertices, which corresponds to a Hamiltonian cycle There are (n-1)!/2 possible permutations after accounting for duplicate cycles, so we need to choose n such that 2l ≤ (n-1)!/2

12. GRAPH Input: n-permutation N representing a Hamiltonian cycle Output: graph adjacency matrix G (this is the digest of HamHash) This function adds many randomly chosen edges to the Hamiltonian cycle N These edges disguise the Hamiltonian cycle, making it (hopefully) very hard to find

13. HamHash Overview Binary string 𝑚 RED truncation Binary string, length 𝑙 𝑚′ Mapping to an n-permutation, which represents a Hamiltonian cycle CYC 𝑁 Hamiltonian cycle GRAPH Adding random edges Graph (adjacency matrix) 𝐺

14. HamHash Functionality To authenticate using a normal, deterministic hash function, we would calculate f(m) and check to see whether f(m) = d. With HamHash, we instead calculate the Hamiltonian cycle associated with m using RED and CYC and check to see if this cycle is contained in the digest graph G.

15. How secure is HamHash? Massierer argues that HamHash is provably secure because finding a pre-image for a given digest graph G requires finding a Hamiltonian cycle in G. Therefore breaking HamHash is at least as difficult as the HCP, which is known to be mathematically very difficult. However, the problem is that while HCP is very hard in the worst case, in reality most instances of HCP can be solved quickly. This is similar to the Subset-Sum Problem, which has been suggested for cryptographic applications in the past There exist algorithms for HCP which are quick and successful for nearly all graphs

16. Empirical testing We generated many random graphs similar to those produced by HamHash, of varying size and density We tested a heuristic algorithm proposed by Bollobás, Fenner, and Frieze, modified by Keydar, and implemented in C++ by Nivasch. Based on our data, the SemiHam algorithm was nearly always successful in finding a Hamiltonian cycle very quickly. It only failed for some very sparse graphs, as expected. A backtracking algorithm would be better suited to these graphs.

17. Empirical testing p Time (µs) n

18. Conclusions In practice, given a digest graph G, it is fairly easy for an attacker to find a Hamiltonian cycle in this graph and therefore to determine the output of the function RED HamHash is not suitable for practical use It is still possible that some other more complex hash function based on the HCP could be better Designing a provably secure cryptographic hash function is harder than it seems It’s not enough to just use a mathematical problem that is theoretically difficult; we need one that is hard in practice. HamHash RED CYC GRAPH message digest

19. End Thank you for your attention