Now Reading
A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Different NIST-Accredited Algorithm

A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Different NIST-Accredited Algorithm

2023-03-06 19:27:45

Paper 2023/331

A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Different NIST-Accredited Algorithm

Nicky Mouha, Strativia, Largo, MD, USA
Christopher Celi, Nationwide Institute of Requirements and Expertise, Gaithersburg, MD, USA
Summary

This paper describes a vulnerability in a number of implementations of the Safe Hash Algorithm 3 (SHA-3) which have been launched by its designers. The vulnerability has been current for the reason that final-round replace of Keccak was submitted to the Nationwide Institute of Requirements and Expertise (NIST) SHA-3 hash operate competitors in January 2011, and is current within the eXtended Keccak Code Package deal (XKCP) of the Keccak group. It impacts all software program tasks which have built-in this code, such because the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that enables attacker-controlled values to be eXclusive-ORed (XORed) into reminiscence (with none restrictions on values to be XORed and even far past the situation of the unique buffer), thereby making many commonplace safety measures in opposition to buffer overflows (e.g., canary values) fully ineffective. First, we offer Python and PHP scripts that trigger segmentation faults when susceptible variations of the interpreters are used. Then, we present how this vulnerability can be utilized to assemble second preimages and preimages for the implementation, and we offer a specifically constructed file that, when hashed, permits the attacker to execute arbitrary code on the sufferer’s machine. The vulnerability applies to all hash worth sizes, and all 64-bit Home windows, Linux, and macOS working techniques, and can also influence cryptographic algorithms that require SHA-3 or its variants, such because the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Replace-Last Take a look at (IUFT) to detect this vulnerability in implementations.

See Also

BibTeX

@misc{cryptoeprint:2023/331,
      creator = {Nicky Mouha and Christopher Celi},
      title = {A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Different NIST-Accredited Algorithm},
      howpublished = {Cryptology ePrint Archive, Paper 2023/331},
      yr = {2023},
      word = {url{https://eprint.iacr.org/2023/331}},
      url = {https://eprint.iacr.org/2023/331}
}

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top