Second Preimages for Iterated Hash Functions Based on a b-Block Bypass
نویسندگان
چکیده
In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instantiated with DESX but AES should rather be used. However, we use the instantiation of this hash scheme with DESX to introduce a new property of iterated hash functions, namely a so-called b-block bypass. We will show that if an iterated hash function possesses a b-block bypass, then this implies that second preimages can be constructed. Additionally, the attacker has more degrees of freedom for constructing the second preimage.
منابع مشابه
Second Preimages for Iterated Hash Functions and Their Implications on MACs
In this article, we focus on second preimages for iterated hash functions. More precisely, we introduce the notion of a b-block bypass which is closely related to the notion of second preimage but specifies additional properties. We will then give two examples of iterated hash functions to which this notion applies: a double-block length hash function and a single-block length hash function. Fu...
متن کاملA (Second) Preimage Attack on the GOST Hash Function
In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a...
متن کاملSecond Preimages on n-bit Hash Functions for Much Less than 2 Work
We expand a previous result of Dean [Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damg̊ardMerkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2-message-block message with about k × 2n/2+1+2n−k+1 work. Using RIPEMD-160 as an example, our attack can find a second preimage for a 2 byte message in about 2 work, rath...
متن کاملEdon-R(256, 384, 512) - an Efficient Implementation of Edon-R} Family of Cryptographic Hash Functions
We have designed three fast implementations of a recently proposed family of hash functions Edon–R. They produce message digests of length n = 256, 384, 512 bits and project security of 2 n 2 hash computations for finding collisions and 2 hash computations for finding preimages and second preimages. The design is not the classical Merkle-Damg̊ard but can be seen as wide-pipe iterated compression...
متن کاملHash function security:cryptanalysis of the Very Smooth Hash and multicollisions in generalised iterated hash functions
In recent years, the amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilise. One of these is hash functions, which are used to compute short hash values from messages of any length. In...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006