Second Preimages for Iterated Hash Functions and Their Implications on MACs
نویسندگان
چکیده
In this article, we focus on second preimages for iterated hash functions. More precisely, we introduce the notion of a b-block bypass which is closely related to the notion of second preimage but specifies additional properties. We will then give two examples of iterated hash functions to which this notion applies: a double-block length hash function and a single-block length hash function. Furthermore, we look at NMAC and HMAC and show the implications of a b-block bypass regarding forgery attacks. As a result it turns out that the impact of second preimages for NMAC and HMAC heavily depends on how the second preimages are constructed.
منابع مشابه
Second Preimages for Iterated Hash Functions Based on a b-Block Bypass
In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instan...
متن کاملA (Second) Preimage Attack on the GOST Hash Function
In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a...
متن کاملHash function security:cryptanalysis of the Very Smooth Hash and multicollisions in generalised iterated hash functions
In recent years, the amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilise. One of these is hash functions, which are used to compute short hash values from messages of any length. In...
متن کاملMDx-MAC and Building Fast MACs from Hash Functions
We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and ...
متن کاملEdon-R(256, 384, 512) - an Efficient Implementation of Edon-R} Family of Cryptographic Hash Functions
We have designed three fast implementations of a recently proposed family of hash functions Edon–R. They produce message digests of length n = 256, 384, 512 bits and project security of 2 n 2 hash computations for finding collisions and 2 hash computations for finding preimages and second preimages. The design is not the classical Merkle-Damg̊ard but can be seen as wide-pipe iterated compression...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007