We describe pseudo-collision and pseudo-(second) preimage attacks on the SHA-3 candidate Blue Midnight Wish. The complexity of the pseudo-collision attack is around 2, and the complexity of the pseudo-(second) preimage attack is around 2.

Abstra t. We develop a new generi long-message se ond preimage atta k, based on ombining the te hniques in the se ond preimage atta ks of Dean [8℄ and Kelsey and S hneier [16℄ with the herding atta k of Kelsey and Kohno [15℄. We show that these generi atta ks apply to hash fun tions using the Merkle-Damgård onstru tion with only slightly more work than the previously known atta k, but allow eno...

Given a subset of states $S$ deterministic finite automaton and word $w$, the preimage is all mapped to state in by action $w$. We study three natural problems concerning words giving certain preimages. The first problem whether, for given subset, there exists \emph{extending} (giving larger preimage). second whether \emph{totally extending} whole set as preimage)---equivalently, an \emph{avoid...

This paper studies functional-graph-based (second) preimage attacks against hash combiners. By exploiting more properties of cyclic nodes of functional graph, we find an improved preimage attack against the XOR combiner with a complexity of 2, while the previous best-known complexity is 2. Moreover, we find the first generic second-preimage attack on Zipper hash with an optimal complexity of 2.

The first designs of cryptographic hash functions date back to the late 1970s; more proposals emerged in the 1980s. During the 1990s, the number of hash function designs grew very quickly, but for many of these proposals security flaws were identified. MD5 and SHA-1 were deployed in an ever increasing number of applications, resulting in the name “Swiss army knifes” of cryptography. In spite of...

We provide a symbolic model for protocols using public-key encryption and hash function, and prove that this model is computationally sound: if there is an attack in the computational world, then there is an attack in the symbolic (abstract) model. Our original contribution is that we deal with the security properties, such as anonymity, which cannot be described using a single execution trace,...

The Even-Mansour structure and the chopMD mode are two widely-used strategies in hash function designs. They are adopted by many hash functions including two SHA-3 finalists, the JH hash function and the Grøstl hash function. The Even-Mansour structure combining the chopMD mode is supposed to enhance the security of hash functions against collision and preimage attacks, while our results show t...

This paper shows preimage attacks against reduced SHA-1 up to 57 steps. The best previous attack has been presented at CRYPTO 2009 and was for 48 steps finding a two-block preimage with incorrect padding at the cost of 2 evaluations of the compression function. For the same variant our attacks find a one-block preimage at 2 and a correctly padded two-block preimage at 2 evaluations of the compr...

MD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash function (MD5, SHA-1, SHA-2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision attacks are known, but it is still believed to be a one-way function. In this paper we show a partial pseudo-preimage attack on the compression...