This paper studies two types of attacks on the hash function Shabal. The first attack is a low-weight pseudo collision attack on Shabal. Since a pseudo collision attack is trivial for Shabal, we focus on a low-weight pseudo collision attack. It means that only low-weight difference in a chaining value is considered. By analyzing the difference propagation in the underlying permutation, we can c...

In this paper, we present the first cryptographic preimage attack on the full MD5 hash function. This attack, with a complexity of 2, generates a pseudo-preimage of MD5 and, with a complexity of 2, generates a preimage of MD5. The memory complexity of the attack is 2×11 words. Our attack is based on splice-and-cut and localcollision techniques that have been applied to step-reduced MD5 and othe...

MD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash function (MD5, SHA-1, SHA-2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision attacks are known, but it is still believed to be a one-way function. In this paper we show a partial pseudo-preimage attack on the compression...

TCS SHA-3 is a family of four cryptographic hash functions that are covered by an US patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard, compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and t...

This paper evaluates the preimage resistance of the Tiger hash function. We will propose a pseudo-preimage attack on its compression function up to 23 steps with a complexity of 2, which can be converted to a preimage attack on 23-step Tiger hash function with a complexity of 2. The memory requirement of these attacks is 2 words. Our pseudo-preimage attack on the Tiger compression function adop...

This paper studies functional-graph-based (second) preimage attacks against hash combiners. By exploiting more properties of cyclic nodes of functional graph, we find an improved preimage attack against the XOR combiner with a complexity of 2, while the previous best-known complexity is 2. Moreover, we find the first generic second-preimage attack on Zipper hash with an optimal complexity of 2.

Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random functions. We give a new non-ada...

We propose an improved preimage attack on one-block MD4 with the time complexity 2 MD4 compression function operations, as compared to 2 in [3]. We research the attack procedure in [3] and formulate the complexity for computing a preimage attack on one-block MD4. We attain the result mainly through the following two aspects with the help of the complexity formula. First, we continue to compute ...

In this work, we revisit the security analysis of AES-128 instantiated hash modes. We use biclique cryptanalysis technique as our basis for the attack. The traditional biclique approach used for key recovery in AES (and preimage search in AES based compression function) cannot be applied directly to hash function settings due to restrictions imposed on message input due to padding. Under this c...

Parallel FFT-Hashing was designed by C. P. Schnorr and S. Vaudenay in 1993. The function is a simple and light weight hash algorithm with 128-bit digest. Its basic component is a multi-permutation which helps in proving its resistance to collision attacks. In this work we show a preimage attack on Parallel FFT-Hashing with complexity 2 + 2 and memory 2 which is less than the generic complexity ...