In this paper we attack round-reduced Keccak hash function with a technique called rotational cryptanalysis. We focus on Keccak variants proposed as SHA-3 candidates in the NIST’s contest for a new standard of cryptographic hash function. Our main result is a preimage attack on 4-round Keccak and a 5-round distinguisher on Keccak-f [1600] permutation — the main building block of Keccak hash fun...

This paper presents a efficient proposal for iterating hash functions to prevent the main of generic attacks such as Multicollisions Attack,Second Preimage Attack and Herding Attack.Based on this proposal,it’s possible that a secure hash function can be built with iterating compression functions . The proposal mainly contains a method called ” Shifting Whole Message”,it regroups the cascaded me...

We expand a previous result of Dean [Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damg̊ardMerkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2-message-block message with about k × 2n/2+1+2n−k+1 work. Using RIPEMD-160 as an example, our attack can find a second preimage for a 2 byte message in about 2 work, rath...

Many applications using cryptographic hash functions do not require collision resistance, but some kind of preimage resistance. That’s also the reason why the widely used SHA-1 continues to be recommended in all applications except digital signatures after 2010. Recent work on preimage and second preimage attacks on reduced SHA-1 succeeding up to 48 out of 80 steps (with results barely below th...

The recently started SHA-3 competition in order to find a new secure hash standard and thus a replacement for SHA-1/SHA-2 has attracted a lot of interest in the academic world as well as in industry. There are 51 round one candidates building on sometimes very different principles. In this paper, we show how to attack two of the 51 round one hash functions. The attacks have in common that they ...

Abstract. The Zémor-Tillich hash function has remained unbroken since its introduction at CRYPTO’94. We present the first generic collision and preimage attacks against this function, in the sense that the attacks work for any parameters of the function. Their complexity is the cubic root of the birthday bound; for the parameters initially suggested by Tillich and Zémor they are very close to b...

We analyze the security of the SHA-3 finalist BLAKE. The BLAKE hash function follows the HAIFA design methodology, and as such it achieves optimal preimage, second preimage and collision resistance, and is indifferentiable from a random oracle up to approximately 2 assuming the underlying compression function is ideal. In our work we show, however, that the compression function employed by BLAK...

In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korea’s industry. The structure of HAS-160 is similar to SHA-1 but includes some improvements. The encryption mode of HAS-160 is defined similarly as the encryption mode of SHA-1 that is called SHACAL-1. In 2006, Dunkelman et. al. [10] successf...

The authors propose a new type of hash iterative structure ─ the ring-iterative structure with feedback which is subdivided into the single feedback ring iteration and the multiple feedback ring iteration, namely SFRI and MFRI. Prove that SFRI is at least equivalent to the MD structure in security, and MFRI is at least equivalent to SFRI in security (property 1 makes people incline to believe M...