Top Qs
Timeline
Chat
Perspective

LSH (hash function)

Cryptographic hash function From Wikipedia, the free encyclopedia

Remove ads

LSH is a cryptographic hash function designed in 2014 by South Korea to provide integrity in general-purpose software environments such as PCs and smart devices.[1] LSH is one of the cryptographic algorithms approved by the Korean Cryptographic Module Validation Program (KCMVP). And it is the national standard of South Korea (KS X 3262).

Specification

Summarize
Perspective

The overall structure of the hash function LSH is shown in the following figure.

Thumb
Overall structure of LSH

The hash function LSH has the wide-pipe Merkle-Damgård structure with one-zeros padding. The message hashing process of LSH consists of the following three stages.

  1. Initialization:
    • One-zeros padding of a given bit string message.
    • Conversion to 32-word array message blocks from the padded bit string message.
    • Initialization of a chaining variable with the initialization vector.
  2. Compression:
    • Updating of chaining variables by iteration of a compression function with message blocks.
  3. Finalization:
    • Generation of an -bit hash value from the final chaining variable.
  • function Hash function LSH
  • input: Bit string message
  • output: Hash value
  • procedure

One-zeros padding of

Generation of message blocks , where from the padded bit string

for to do

end for

return

The specifications of the hash function LSH are as follows.

More information Digest size in bits ( ...

Initialization

Let be a given bit string message. The given is padded by one-zeros, i.e., the bit ‘1’ is appended to the end of , and the bit ‘0’s are appended until a bit length of a padded message is , where and is the smallest integer not less than .

Let be the one-zeros-padded -bit string of . Then is considered as a -byte array , where for all . The -byte array converts into a -word array as follows.

From the word array , we define the 32-word array message blocks as follows.

The 16-word array chaining variable is initialized to the initialization vector .

The initialization vector is as follows. In the following tables, all values are expressed in hexadecimal form.

More information , ...
More information , ...
More information , ...
More information , ...
More information , ...
More information , ...

Compression

In this stage, the 32-word array message blocks , which are generated from a message in the initialization stage, are compressed by iteration of compression functions. The compression function has two inputs; the -th 16-word chaining variable and the -th 32-word message block . And it returns the -th 16-word chaining variable . Here and subsequently, denotes the set of all -word arrays for .

The following four functions are used in a compression function:

  • Message expansion function
  • Message addition function
  • Mix function
  • Word-permutation function

The overall structure of the compression function is shown in the following figure.

Thumb
Compression function of LSH

In a compression function, the message expansion function generates 16-word array sub-messages from given . Let be a temporary 16-word array set to the -th chaining variable . The -th step function having two inputs and updates , i.e., . All step functions are proceeded in order . Then one more operation by is proceeded, and the -th chaining variable is set to . The process of a compression function in detail is as follows.

  • function Compression function
  • input: The -th chaining variable and the -th message block
  • output: The -th chaining variable
  • procedure

for to do

end for

return

Here the -th step function is as follows.

The following figure shows the -th step function of a compression function.

Thumb
The -th step function

Message Expansion Function MsgExp

Let be the -th 32-word array message block. The message expansion function generates 16-word array sub-messages from a message block . The first two sub-messages and are defined as follows.

The next sub-messages are generated as follows.

Here is the permutation over defined as follows.

More information The permutation ...

Message Addition Function MsgAdd

For two 16-word arrays and , the message addition function is defined as follows.

Mix Function Mix

The -th mix function updates the 16-word array by mixing every two-word pair; and for . For , the mix function proceeds as follows.

Here is a two-word mix function. Let and be words. The two-word mix function is defined as follows.

  • function Two-word mix function
  • input: Words and
  • output: Words and
  • procedure

;;

;

;;

;;

return , ;

The two-word mix function is shown in the following figure.

Thumb
Two-word mix function

The bit rotation amounts , , used in are shown in the following table.

More information Bit rotation amounts ...

The -th 8-word array constant used in for is defined as follows. The initial 8-word array constant is defined in the following table. For , the -th constant is generated by for .

More information Initial 8-word array constant ...

Word-Permutation Function WordPerm

Let be a 16-word array. The word-permutation function is defined as follows.

Here is the permutation over defined by the following table.

More information The permutation ...

Finalization

The finalization function returns -bit hash value from the final chaining variable . When is an 8-word variable and is a -byte variable, the finalization function performs the following procedure.

Here, denotes , the sub-bit string of a word for . And denotes , the sub-bit string of a -bit string for .

Remove ads

Security

LSH is secure against known attacks on hash functions up to now. LSH is collision-resistant for and preimage-resistant and second-preimage-resistant for in the ideal cipher model, where is a number of queries for LSH structure.[1] LSH-256 is secure against all the existing hash function attacks when the number of steps is 13 or more, while LSH-512 is secure if the number of steps is 14 or more. Note that the steps which work as security margin are 50% of the compression function.[1]

Remove ads

Performance

Summarize
Perspective

LSH outperforms SHA-2/3 on various software platforms. The following table shows the speed performance of 1MB message hashing of LSH on several platforms.

More information LSH-256- ...
  1. Intel Core i7-4770K @ 3.5GHz (Haswell), Ubuntu 12.04 64-bit, GCC 4.8.1 with “-m64 -mavx2 -O3”
  2. Intel Core i7-2600K @ 3.40GHz (Sandy Bridge), Ubuntu 12.04 64-bit, GCC 4.8.1 with “-m64 -msse4 -O3”
  3. Intel Core 2 Quad Q9550 @ 2.83GHz (Yorkfield), Windows 7 32-bit, Visual studio 2012
  4. AMD FX-8350 @ 4GHz (Piledriver), Ubuntu 12.04 64-bit, GCC 4.8.1 with “-m64 -mxop -O3”
  5. Samsung Exynos 5250 ARM Cortex-A15 @ 1.7GHz dual core (Huins ACHRO 5250), Android 4.1.1
  6. Qualcomm Snapdragon 800 Krait 400 @ 2.26GHz quad core (LG G2), Android 4.4.2
  7. Qualcomm Snapdragon 800 Krait 400 @ 2.3GHz quad core (Samsung Galaxy S4), Android 4.2.2
  8. Qualcomm Snapdragon 400 Krait 300 @ 1.7GHz dual core (Samsung Galaxy S4 mini), Android 4.2.2

The following table is the comparison at the platform based on Haswell, LSH is measured on Intel Core i7-4770k @ 3.5 GHz quad core platform, and others are measured on Intel Core i5-4570S @ 2.9 GHz quad core platform.

More information Algorithm, Message size in bytes ...

The following table is measured on Samsung Exynos 5250 ARM Cortex-A15 @ 1.7 GHz dual core platform.

More information Algorithm, Message size in bytes ...
Remove ads

Test vectors

Test vectors for LSH for each digest length are as follows. All values are expressed in hexadecimal form.

LSH-256-224("abc") = F7 C5 3B A4 03 4E 70 8E 74 FB A4 2E 55 99 7C A5 12 6B B7 62 36 88 F8 53 42 F7 37 32

LSH-256-256("abc") = 5F BF 36 5D AE A5 44 6A 70 53 C5 2B 57 40 4D 77 A0 7A 5F 48 A1 F7 C1 96 3A 08 98 BA 1B 71 47 41

LSH-512-224("abc") = D1 68 32 34 51 3E C5 69 83 94 57 1E AD 12 8A 8C D5 37 3E 97 66 1B A2 0D CF 89 E4 89

LSH-512-256("abc") = CD 89 23 10 53 26 02 33 2B 61 3F 1E C1 1A 69 62 FC A6 1E A0 9E CF FC D4 BC F7 58 58 D8 02 ED EC

LSH-512-384("abc") = 5F 34 4E FA A0 E4 3C CD 2E 5E 19 4D 60 39 79 4B 4F B4 31 F1 0F B4 B6 5F D4 5E 9D A4 EC DE 0F 27 B6 6E 8D BD FA 47 25 2E 0D 0B 74 1B FD 91 F9 FE

LSH-512-512("abc") = A3 D9 3C FE 60 DC 1A AC DD 3B D4 BE F0 A6 98 53 81 A3 96 C7 D4 9D 9F D1 77 79 56 97 C3 53 52 08 B5 C5 72 24 BE F2 10 84 D4 20 83 E9 5A 4B D8 EB 33 E8 69 81 2B 65 03 1C 42 88 19 A1 E7 CE 59 6D

Remove ads

Implementations

LSH is free for any use public or private, commercial or non-commercial. The source code for distribution of LSH implemented in C, Java, and Python can be downloaded from KISA's cryptography use activation webpage.[2]

KCMVP

LSH is one of the cryptographic algorithms approved by the Korean Cryptographic Module Validation Program (KCMVP).[3]

Standardization

LSH is included in the following standard.

  • KS X 3262, Hash function LSH (in Korean)[4]

References

Loading content...
Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.

Remove ads