CellHash [3] and SubHash [4] were suggested by J. Daemen, R. Govaerts and J. Vandewalle in 1991 and 1992. SubHash is an improved version from CellHash. They have 257-bit internal state and 256-bit hash output. In this paper, we show a preimage attack on CellHash (SubHash) with the complexity 2 and the memory 2 for any t (with the complexity about 2 and the memory size 2). Even though we modify ...

In this paper, we present a preimage attack on reduced ver­ sions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating CNF (conjunctive normal form) which is passed to the SAT solver PrecoSAT [2]. We found preimages for some reduced versions of the function and showed that full Keccak function is secure against the presented attack.

Based on the analysis made by van Oorschot and Wiener for the complexity of parallel memoryless collision search [5], we show that the memoryless meet-in-the-middle attack which is one part of the whole preimage attack of Khovratovich et. al. [3] on EDON-R hash function has complexity bigger than 2n.

The cryptographic hash function Maraca was submitted to the NIST SHA-3 competition [4] by Jenkins [3]. In this work, we show a practical preimage attack on Maraca. Our attack has been implemented and verified experimentally. This shows that Maraca does not achieve several important security properties which a secure cryptographic hash function is expected to offer.

In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of the SHA-3 competition. We present cryptanalytic results on 10 out of 14 rounds of the hash function SHAvite-3-512, and on the full 14 round compression function of SHAvite-3-512. We show a second preimage attack on the hash function reduced to 10 rounds with a complexity of 2 compression function e...

Dithered hash functions were proposed by Rivest as a method to mitigate second preimage attacks on Merkle-Damg̊ard hash functions. Despite that, second preimage attacks against dithered hash functions were proposed by Andreeva et al. One issue with these second preimage attacks is their huge memory requirement in the precomputation and the online phases. In this paper, we present new second prei...

In this paper we propose the Grindahl hash functions, which are based on components of the Rijndael algorithm. To make collision search sufficiently difficult, this design has the important feature that no low-weight characteristics form collisions, and at the same time it limits access to the state. We propose two concrete hash functions, Grindahl-256 and Grindahl512 with claimed security leve...

At EUROCRYPT 2006, Kelsey and Kohno proposed the so-called chosen target forced-prefix (CTFP) preimage attack, where for any challenge prefix P, attacker can generate a suffix S such that H(P∥S) = y some hash value published in advance by attacker. Consequently, pretend to predict event represented P she did not know before, thus this type of attack is also known as Nostradamus attack. ASIACRYP...

The hash function Blue Midnight Wish (BMW) is a candidate in the SHA-3 competition organized by the U.S. National Institute of Standards and Technology (NIST). BMW was selected for the second round of the competition, but the algorithm was tweaked in a number of ways. In this paper we describe cryptanalysis on the original version of BMW, as submitted to the SHA-3 competition in October 2008. T...

In this paper, we investigate the properties of iterative non-injective functions and the security of primitives where they are used. First, we introduce the Collision Probability Spectrum (cps) parameter to quantify how far from a permutation a function is. In particular, we show that the output size decreases linearly with the number of iterations whereas the collision trees grow quadraticall...