Classical and Quantum Meet-in-the-Middle Nostradamus Attacks on AES-like Hashing

At EUROCRYPT 2006, Kelsey and Kohno proposed the so-called chosen target forced-prefix (CTFP) preimage attack, where for any challenge prefix P, attacker can generate a suffix S such that H(P∥S) = y some hash value published in advance by attacker. Consequently, pretend to predict event represented P she did not know before, thus this type of attack is also known as Nostradamus attack. ASIACRYPT 2022, Benedikt et al. convert al.’s quantum one, reducing time complexity from O(√n · 22n/3) O( 3√n 23n/7). CTFP less investigated literature than (second-)preimage collision attacks lacks dedicated methods. In paper, we propose first based on meet-in-the-middle (MITM) MITM could be up quadratically accelerated setting. According recent works AES-like hashing, build an automatic tool search optimal model tradeoff between offline online phases. We apply our method AES-MMO Whirlpool, obtain round-reduced version these functions. Our are applicable other hashings.