Dmitry Khovratovich

Last updated
Dmitry Khovratovich
NationalityRussian
Alma mater Moscow State University
Occupation cryptographer
Known for Equihash, Argon2

Dmitry Khovratovich is a Russian cryptographer, currently a Lead Cryptographer for the Dusk Network, researcher for the Ethereum Foundation, and member of the International Association for Cryptologic Research. [1]

Contents

Biography

Khovratovich, together with Alex Biryukov, developed the Equihash proof-of-work algorithm which is currently being used as consensus mechanism for the Zcash cryptocurrency, and the Argon2 key derivation function, which won the Password Hashing Competition in July 2015. [2] He is the publisher of several cryptanalysis papers for a number of mainstream cyphers, such as the first cryptanalytic attack on full-round AES-192 and AES-256 which is faster than a brute-force attack, [3] an attack on the RadioGatún cryptographic primitive, [4] and also the current best cryptanalysis on Skein, [5] a candidate for the SHA-3 competition.

In 2014, he published a research about the deanonymisation of clients in the Bitcoin P2P network [6]

Selected publications

Awards

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

<span class="mw-page-title-main">International Data Encryption Algorithm</span> Symmetric-key block cipher

In cryptography, the International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher, the Proposed Encryption Standard (PES).

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

<span class="mw-page-title-main">MD4</span> Cryptographic hash function

The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" stands for "Message Digest".

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

<span class="mw-page-title-main">Boomerang attack</span> Form of cryptanalysis

In cryptography, the boomerang attack is a method for the cryptanalysis of block ciphers based on differential cryptanalysis. The attack was published in 1999 by David Wagner, who used it to break the COCONUT98 cipher.

Alex Biryukov is a cryptographer, currently a full professor at the University of Luxembourg.

<span class="mw-page-title-main">Skein (hash function)</span> Cryptographic hash function

Skein is a cryptographic hash function and one of five finalists in the NIST hash function competition. Entered as a candidate to become the SHA-3 standard, the successor of SHA-1 and SHA-2, it ultimately lost to NIST hash candidate Keccak.

<span class="mw-page-title-main">Threefish</span> Block cipher

Threefish is a symmetric-key tweakable block cipher designed as part of the Skein hash function, an entry in the NIST hash function competition. Threefish uses no S-boxes or other table lookups in order to avoid cache timing attacks; its nonlinearity comes from alternating additions with exclusive ORs. In that respect, it is similar to Salsa20, TEA, and the SHA-3 candidates CubeHash and BLAKE.

The NIST hash function competition was an open competition held by the US National Institute of Standards and Technology (NIST) to develop a new hash function called SHA-3 to complement the older SHA-1 and SHA-2. The competition was formally announced in the Federal Register on November 2, 2007. "NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES)." The competition ended on October 2, 2012, when NIST announced that Keccak would be the new SHA-3 hash algorithm.

In cryptography, rotational cryptanalysis is a generic cryptanalytic attack against algorithms that rely on three operations: modular addition, rotation and XOR — ARX for short. Algorithms relying on these operations are popular because they are relatively cheap in both hardware and software and run in constant time, making them safe from timing attacks in common implementations.

This article summarizes publicly known attacks against cryptographic hash functions. Note that not all entries may be up to date. For a summary of other hash function parameters, see comparison of cryptographic hash functions.

This article summarizes publicly known attacks against block ciphers and stream ciphers. Note that there are perhaps attacks that are not publicly known, and not all entries may be up to date.

PRESENT is a lightweight block cipher, developed by the Orange Labs (France), Ruhr University Bochum (Germany) and the Technical University of Denmark in 2007. PRESENT was designed by Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and C. Vikkelsoe. The algorithm is notable for its compact size.

A biclique attack is a variant of the meet-in-the-middle (MITM) method of cryptanalysis. It utilizes a biclique structure to extend the number of possibly attacked rounds by the MITM attack. Since biclique cryptanalysis is based on MITM attacks, it is applicable to both block ciphers and (iterated) hash-functions. Biclique attacks are known for having weakened both full AES and full IDEA, though only with slight advantage over brute force. It has also been applied to the KASUMI cipher and preimage resistance of the Skein-512 and SHA-2 hash functions.

<span class="mw-page-title-main">EnRUPT</span>

EnRUPT is a block cipher and a family of cryptographic algorithms based on XXTEA. EnRUPT hash function was submitted to SHA-3 competition but it wasn't selected to the second round.

In cryptography, a known-key distinguishing attack is an attack model against symmetric ciphers, whereby an attacker who knows the key can find a structural property in cipher, where the transformation from plaintext to ciphertext is not random. There is no common formal definition for what such a transformation may be. The chosen-key distinguishing attack is strongly related, where the attacker can choose a key to introduce such transformations.

Prince is a block cipher targeting low latency, unrolled hardware implementations. It is based on the so-called FX construction. Its most notable feature is the alpha reflection: the decryption is the encryption with a related key which is very cheap to compute. Unlike most other "lightweight" ciphers, it has a small number of rounds and the layers constituting a round have low logic depth. As a result, fully unrolled implementation are able to reach much higher frequencies than AES or PRESENT. According to the authors, for the same time constraints and technologies, PRINCE uses 6–7 times less area than PRESENT-80 and 14–15 times less area than AES-128.

In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security", where n-bit security means that the attacker would have to perform 2n operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key.

In cryptography, a memory-hard function (MHF) is a function that costs a significant amount of memory to efficiently evaluate. It differs from a memory-bound function, which incurs cost by slowing down computation through memory latency. MHFs have found use in key stretching and proof of work as their increased memory requirements significantly reduce the computational efficiency advantage of custom hardware over general-purpose hardware compared to non-MHFs.

References

  1. "Dmitry Khovratovich". www.iacr.org. Retrieved 2018-10-15.
  2. "Password Hashing Competition". password-hashing.net. Retrieved 2018-10-15.
  3. 1 2 Biryukov, Alex; Khovratovich, Dmitry (2009-12-02). "Related-Key Cryptanalysis of the Full AES-192 and AES-256". Advances in Cryptology – ASIACRYPT 2009. Lecture Notes in Computer Science. Vol. 5912. Springer-Verlag. pp. 1–18. doi:10.1007/978-3-642-10366-7_1. ISBN   9783642103650. S2CID   2938420.
  4. Khovratovich, Dmitry (2008-12-14). "Two Attacks on RadioGatún". Progress in Cryptology - INDOCRYPT 2008. Lecture Notes in Computer Science. Vol. 5365. pp. 53–66. doi:10.1007/978-3-540-89754-5_5. ISBN   978-3-540-89753-8.
  5. 1 2 Khovratovich, Dmitry; Rechberger, Christian; Savelieva, Alexandra (2011). "Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 7549. pp. 244–263. doi:10.1007/978-3-642-34047-5_15. ISBN   978-3-642-34046-8. S2CID   32262663.
  6. 1 2 Biryukov, Alex; Khovratovich, Dmitry; Pustogarov, Ivan (2014-11-03). "Deanonymisation of Clients in Bitcoin P2P Network". Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM. pp. 15–29. arXiv: 1405.7418 . doi:10.1145/2660267.2660379. ISBN   9781450329576. S2CID   207217947.
  7. Biryukov, Alex; Khovratovich, Dmitry (2016-08-10). Egalitarian computing. USENIX Association. pp. 315–326. ISBN   9781931971324.
  8. "Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications – IEEE Conference Publication". doi:10.1109/EuroSP.2016.31. S2CID   15014453.{{cite journal}}: Cite journal requires |journal= (help)
  9. Biryukov, Alex; Khovratovich, Dmitry (2017-04-28). "Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem". Ledger. 2: 1–30. doi: 10.5195/LEDGER.2017.48 . ISSN   2379-5980.
  10. Alex, Biryukov; Dmitry, Khovratovich (December 2015). Tradeoff Cryptanalysis of Memory-Hard Functions. Springer. ISBN   9783662487990.
  11. "Rotational Cryptanalysis of ARX Revisited". www.iacr.org. Retrieved 2018-10-15.
  12. Biryukov, Alex; Bouillaguet, Charles; Khovratovich, Dmitry (2014), "Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract)", Advances in Cryptology – ASIACRYPT 2014, Lecture Notes in Computer Science, vol. 8874, Springer Berlin Heidelberg, pp. 63–84, doi: 10.1007/978-3-662-45611-8_4 , ISBN   9783662456101
  13. Perrin, Léo; Khovratovich, Dmitry (2015), "Collision Spectrum, Entropy Loss, T-Sponges, and Cryptanalysis of GLUON-64", Fast Software Encryption, Lecture Notes in Computer Science, vol. 8540, Springer Berlin Heidelberg, pp. 82–103, CiteSeerX   10.1.1.646.5918 , doi:10.1007/978-3-662-46706-0_5, ISBN   9783662467053
  14. Biryukov, Alex; Khovratovich, Dmitry (2014-10-12). "PAEQ: Parallelizable Permutation-Based Authenticated Encryption". Information Security. Lecture Notes in Computer Science. Vol. 8783. pp. 72–89. doi:10.1007/978-3-319-13257-0_5. ISBN   978-3-319-13256-3.
  15. Khovratovich, Dmitry (2014-02-25). "Key Wrapping with a Fixed Permutation". Topics in Cryptology – CT-RSA 2014. Lecture Notes in Computer Science. Vol. 8366. pp. 481–499. CiteSeerX   10.1.1.301.8763 . doi:10.1007/978-3-319-04852-9_25. ISBN   978-3-319-04851-2.
  16. Khovratovich, Dmitry (2012-12-02). "Bicliques for Permutations: Collision and Preimage Attacks in Stronger Settings". Advances in Cryptology – ASIACRYPT 2012. Asiacrypt'12. Vol. 7658. Springer-Verlag. pp. 544–561. doi:10.1007/978-3-642-34961-4_33. ISBN   9783642349607.
  17. Knellwolf, Simon; Khovratovich, Dmitry (2012), "New Preimage Attacks against Reduced SHA-1", Advances in Cryptology – CRYPTO 2012, Lecture Notes in Computer Science, vol. 7417, Springer Berlin Heidelberg, pp. 367–383, doi: 10.1007/978-3-642-32009-5_22 , ISBN   9783642320088
  18. "Narrow-Bicliques: cryptanalysis of full IDEA". ResearchGate. Retrieved 2018-10-15.
  19. Bogdanov, Andrey; Khovratovich, Dmitry; Rechberger, Christian (2011-12-04). "Biclique Cryptanalysis of the Full AES". Advances in Cryptology – ASIACRYPT 2011. Lecture Notes in Computer Science. Vol. 7073. Springer-Verlag. pp. 344–371. doi:10.1007/978-3-642-25385-0_19. ISBN   9783642253843.
  20. Khovratovich, Dmitry; Nikolić, Ivica; Rechberger, Christian (2010-02-12). "Rotational Rebound Attacks on Reduced Skein". Advances in Cryptology - ASIACRYPT 2010. Lecture Notes in Computer Science. Vol. 27. pp. 1–19. doi:10.1007/978-3-642-17373-8_1. ISBN   978-3-642-17372-1.{{cite book}}: |journal= ignored (help)
  21. Khovratovich, Dmitry; Nikolić, Ivica (2010-06-27). "Rotational Cryptanalysis of ARX". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 6147. pp. 333–346. doi:10.1007/978-3-642-13858-4_19. ISBN   978-3-642-13857-7.
  22. Biryukov, Alex; Dunkelman, Orr; Keller, Nathan; Khovratovich, Dmitry; Shamir, Adi (2010-05-30). "Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds". Advances in Cryptology – EUROCRYPT 2010. Lecture Notes in Computer Science. Vol. 6110. Springer-Verlag. pp. 299–319. doi:10.1007/978-3-642-13190-5_15. ISBN   978-3642131899.
  23. Khovratovich, Dmitry; Nikolic, Ivica; Weinmann, Ralf-Philipp (2009-02-22). "Meet-in-the-Middle Attacks on SHA-3 Candidates". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 5665. pp. 228–245. doi:10.1007/978-3-642-03317-9_14. ISBN   978-3-642-03316-2.
  24. "Université du Luxembourg – SnT Team Wins Big at Hackathon". wwwen.uni.lu. Retrieved 2018-10-15.
  25. "dblp: ASIACRYPT 2010". dblp.org. Retrieved 2018-10-15.
  26. Luxembourg, Université du. "Prix de la meilleure thèse pour un cryptographe russe". Université du Luxembourg. Retrieved 2018-10-15.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.