We provide a second preimage attack on all n-bit iterated hash functions with Damgard-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2-messageblock message with about k× 2 + 2n−k+1 work. Using SHA1 as an example, our attack can find a second preimage for a 2 byte message in 2 work, rather than the previously expected 2 work. We also provide slig...

In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instan...

We investigate the relation between preimage multiplicity and topological entropy for continuous maps. An argument originated by Misiurewicz and Przytycki shows that if every regular value of a C1 map has at least m preimages then the topological entropy of the map is at least log m. For every integer, there exist continuous maps of the circle with entropy zero for which every point has at leas...

In this paper we propose the Grindahl hash functions, which are based on components of the Rijndael algorithm. To make collision search sufficiently difficult, this design has the important feature that no low-weight characteristics form collisions, and at the same time it limits access to the state. We propose two concrete hash functions, Grindahl-256 and Grindahl512 with claimed security leve...

We discuss cellular automata over arbitrary finitely generated groups. We call a cellular automaton post-surjective if for any pair of asymptotic configurations, every preimage of one is asymptotic to a preimage of the other. The well known dual concept is pre-injectivity: a cellular automaton is pre-injective if distinct asymptotic configurations have distinct images. We prove that pre-injecti...

In this paper, we provide an improved method on preimage attacks of standard 3-round Keccak-224/256. Our is based the work by Li and Sun. Their strategy to find a 2-block instead 1-block one constructing first second message blocks in two stages. Under strategy, they design new linear structure for 2-round Keccak-224/256 with 194 degrees freedom left, which able construct block complexity 231/2...