D.A. Bobrovskiy1, V.M. Fomichev2

1 Financial University under the Government of the Russian Federation (Moscow, Russia)
2 Federal Research Center “Computer Science and Control” of RAS (Moscow, Russia)
2 Safety Code LLC (Moscow, Russia)
1 dabobrovskiy@gmail.com, 2 fomichev.2016@yandex.ru

Integrity checking of the stored data of high-availability information and communication networks ensures the reliability of nationally critical activity areas and is a necessary element of ensuring the safety and continuity of such systems. At the same time, when the integrity check of execution operating environment, when real-time auditing of system components etc. is performed, when it is necessary to check integrity of a set of files of different sizes, integrity checking occupies a considerable part of computer resources, in particular, processor time.

The existing approaches of verification (checksum) computation on the basis of keyless or key hash functions and block ciphers in the MAC mode, although they meet modern requirements to cryptographic strength, they have high computational complexity and are not suitable for solving applied problems of ensuring the integrity of large amounts of data, for example, in operating systems consisting of tens of thousands of files. Another approach is the application of non-cryptographic methods using cyclic or linear codes that detect and/or correct errors. Such algorithms are highly efficient, but they have a significant disadvantage: there are computationally simple methods of constructing collisions for them, i.e. methods of selecting pairs of input data that have identical hash values, which may also be unacceptable in integrity assurance tasks.

This paper proposes the development of a class of high-performance integrity check algorithms based on a special class of shift registers – additive generators, which provides a trade-off between performance and cryptographic properties.

Objective. Selection of parameters of algorithms for computing authentication codes, which provide high performance and acceptable cryptographic stability, in particular, with respect to the attack of finding the second prototype.

Reasonable parameters of a high-performance algorithm for checksum computation are proposed. The performance and cryptographic properties of the constructed algorithm are evaluated, including the complexity of the attack of finding the second hash value prototype. The proposed algorithm is compared with other algorithms based on alternative approaches.

The proposed class of algorithms can be used to check the integrity of various sets of files of different sizes.

Bobrovskiy D.A., Fomichev V.M. About choosing parameters of a high-performance algorithm integrity control algorithm for large data arrays. Highly Available Systems. 2024. V. 20. № 3. P. 28−36. DOI: https://doi.org/ 10.18127/j20729472-202403-03 (in Russian)

1. Preneel B. Cryptographic hash functions. European Transactions on Telecommunications. 1994. V. 5(4). P.431–448.
2. Damgård I.B. A design principle for hash functions. In Conference on the Theory and Application of Cryptology. New York, NY: Springer New York. 1989. August. p. 416–427.
3. Yasuda K. How to Fill Up Merkle-Damgård Hash Functions. In: Pieprzyk, J. (eds) Advances in Cryptology – ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science. 2008. V. 5350. Springer, Berlin, Heidelberg.
4. Bellare M., Canetti R., Krawczyk H. Keying hash functions for message authentication. In Advances in Cryptology—CRYPTO’96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22. 1996 Proceedings 16. Springer Berlin Heidelberg. 1996. P. 1–15.
5. Fomichev V., Bobrovskiy D., Koreneva A., Nabiev T., Zadorozhny D. Data integrity algorithm based on additive generators and hash function. J. Comput Virol Hack Tech. 2021. https://doi.org/10.1007/s11416-021-00405-y.
6. Koreneva A.M., Fomichev V.M. Peremeshivayushchie svojstva modificirovannyh additivnyh generatorov. Diskretn. analiz i issled. oper. 2017. V. 24:2. P. 32–52; J. Appl. Industr. Math. 2017. V. 11:2. P. 215–226 (in Russian).
7. Hasan H.A., Al-Layla H.F., Ibraheem F.N. A review of hash function types and their applications. Wasit Journal of Computer and Mathematics Science. 2022. № 1(3). P. 75–88.
8. Mittelbach A., Fischlin M. The theory of hash functions and random oracles. An Approach to Modern Cryptography, Cham: Springer Nature. 2021.
9. Nabeel N., Habaebi M.H., Islam M.R. Security analysis of LNMNT-lightweight crypto hash function for IoT. IEEE Access. 2021. V. 9. P. 165754–165765.
10. Wang Y., Gu N. Classification of Hash Functions Based on Anti-Attack Ability. 2023 International Conference on Networking and Network Applications (NaNA). Qingdao. China. 2023. P. 440–446.
11. Ying Hu, Guang Cheng, Yongning Tang, Feng Wang, A practical design of hash functions for IPv6 using multi-objective genetic programming, Computer Communications. 2020. V. 162. P. 160–168.
12. Sharma M., Jain P., Kakrania A., Choubey H., Lavanya K. Distributed Secure File Storage System Using Cryptography. In: Saini H., Sayal R., Buyya R., Aliseri G. (eds.) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems. 2020. V. 103. Springer, Singapore.