Blockchain-based Internet of Things (IoT) applications require flexible, fast, and low-power hashing hardware to ensure IoT data integrity and maintain blockchain network confidentiality. However, existing hashing hardware poses challenges in achieving high performance and low power and limits flexibility to compute multiple hash functions with different message lengths. This paper introduces the flexible and energy-efficient crypto-processor (FECP) to achieve high flexibility, high speed, and low power with high hardware efficiency for blockchain-based IoT applications. To achieve these goals, three new techniques are proposed, namely the crypto arithmetic logic unit (Crypto-ALU), dual buffering extension (DBE), and local data memory (LDM) scheduler. The experiments on ASIC show that the FECP can perform various hash functions with a power consumption of 0.239-0.676W, a throughput of 10.2-3.35Gbps, energy efficiency of 4.44-14.01Gbps/W, and support up to 8916-bit message input. Compared to state-of-art works, the proposed FECP is 1.65-4.49 times, 1.73-21.19 times, and 1.48-17.58 times better in throughput, energy efficiency, and energy-delay product (EDP), respectively.

In many multimedia applications, image encryption has to be conducted prior to image compression. This paper proposes a JPEG-friendly perceptual encryption method, which enables to be conducted prior to JPEG and Motion JPEG compressions. The proposed encryption scheme can provides approximately the same compression performance as that of JPEG compression without any encryption, where both gray scale images and color ones are considered. It is also shown that the proposed scheme consists of four block-based encryption steps, and provide a reasonably high level of security. Most of conventional perceptual encryption schemes have not been designed for international compression standards, but this paper focuses on applying the JPEG and Motion JPEG standards, as one of the most widely used image compression standards. In addition, this paper considers an efficient key management scheme, which enables an encryption with multiple keys to be easy to manage its keys.

In this article, the security of double-block-length hash functions with the rate 1 is analyzed, whose compression functions are composed of block ciphers with their key length twice larger than their block length. First, the analysis by Satoh, Haga and Kurosawa is investigated, and it is shown that there exists a case uncovered by their analysis. Second, a large class of compression functions are defined, and it is shown that they are at most as secure as those of single-block-length hash functions. Finally, some candidate hash functions are given which are possibly optimally collision-resistant.

Cryptographic unkeyed hash functions should satisfy preimage resistance, second-preimage resistance and collision resistance. In this article, weak second-preimage resistance and weak collision resistance are defined following the definition of weak one-wayness. Preimage resistance is one-wayness of cryptographic hash functions. The properties of weak collision resistance is discussed in this article. The same kind of results can be obtained for weak second-preimage resistance. Weak collision resistance means that the probability of failing to find a collision is not negligible, while collision resistance means that the success probability is negligible. It is shown that there really exist weakly collision resistant hash functions if collision resistant ones exist. Then, it is shown that weak collision resistance is amplifiable, that is, collision resistant hash functions can be constructed from weakly collision resistant ones. Unfortunately, the method of amplification presented in this article is applicable only to a certain kind of hash functions. However, the method is applicable to hash functions based on discrete logarithms. This implies that collision resistant hash functions can be obtained even if the discrete logarithm problem is much easier than is believed and only weakly intractable, that is, exponentiation modulo a prime is weakly one-way.

Recently, Lin et al. addressed two weaknesses of a new strong-password authentication scheme, the SAS protocol, and then proposed an improved one called the OSPA (Optimal Strong-Password Authentication) protocol. However, we find that both the OSPA protocol and the SAS protocol are vulnerable to the stolen-verifier attack.