Meet-in-the-Middle Preimage Attacks on Sponge-Based Hashing
نویسندگان
چکیده
The Meet-in-the-Middle (MitM) attack has been widely applied to preimage attacks on Merkle-Damgård (MD) hashing. In this paper, we introduce a generic framework of the MitM sponge-based We find certain bit conditions can significantly reduce diffusion unknown bits and lead longer characteristics. To good or optimal configurations attacks, e.g., conditions, neutral sets, matching points, bit-level MILP-based automatic tools Keccak, Ascon Xoodyak. scale models make them solvable in reasonable time, series properties targeted hashing are considered modelling, such as linear structure CP-kernel for Boolean expression Sbox Ascon. Finally, give an improved 4-round Keccak-512/SHA3, break nearly 10 years’ cryptanalysis record. also first 3-/4-round Ascon-XOF 3-round Xoodyak-XOF.
منابع مشابه
Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool
We study the security of AES in the open-key setting by showing an analysis on hash function modes instantiating AES including Davies-Meyer, Matyas-Meyer-Oseas, and Miyaguchi-Preneel modes. In particular, we propose preimage attacks on these constructions, while most of previous work focused their attention on collision attacks or distinguishers using non-ideal differential properties. This res...
متن کاملHigher-Order Differential Meet-in-the-middle Preimage Attacks on SHA-1 and BLAKE
At CRYPTO 2012, Knellwolf and Khovratovich presented a differential formulation of advanced meet-in-the-middle techniques for preimage attacks on hash functions. They demonstrated the usefulness of their approach by significantly improving the previously best known attacks on SHA-1 from CRYPTO 2009, increasing the number of attacked rounds from a 48-round one-block pseudo-preimage without paddi...
متن کاملMeet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against...
متن کاملAdvanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...
متن کاملQuantum Meet-in-the-Middle Attacks
This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM attacks are then demonstrated against 6 rounds of the generic Feistel construction supporting an ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2023
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-30634-1_6