Paper 2017/891
Finding Bugs in Cryptographic Hash Function Implementations
Nicky Mouha and Mohammad S Raunak and D. Richard Kuhn and Raghu Kacker
Abstract
Developing an approach to test cryptographic hash function implementations can be particularly difficult, and bugs can remain unnoticed for a very long time. We revisit the NIST SHA-3 hash function competition, and apply a new testing strategy to all available reference implementations. Motivated by the cryptographic properties that a hash function should satisfy, we develop four types of tests. The Bit-Contribution Test checks if changes in the message affect the hash value, and the Bit-Exclusion Test checks that changes beyond the last bit of the message leave the hash value unchanged. We develop the Metamorphic Update Test to verify that messages are processed correctly in chunks, and then use combinatorial testing methods to reduce the test set size by several orders of magnitude while retaining the same fault detection capability. Our tests detect bugs in 41 of the 86 reference implementations submitted to the SHA-3 competition, including the rediscovery of a bug in all submitted implementations of the SHA-3 finalist BLAKE. This bug remained undiscovered for seven years, and is particularly serious because it provides a simple strategy to modify the message without changing the hash value that is returned by the implementation. We will explain how to detect this type of bug, using a simple and fully-automated testing approach.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Cryptographic AlgorithmCryptographic Hash FunctionCombinatorial TestingMetamorphic TestingSHA-3 Competition
- Contact author(s)
- nicky @ mouha be
- History
- 2018-05-04: revised
- 2017-09-17: received
- See all versions
- Short URL
- https://ia.cr/2017/891
- License
-
CC BY