Practical (Second) Preimage Attacks on TCS_SHA-3
نویسندگان
چکیده
TCS SHA-3 is a family of four cryptographic hash functions that are covered by an US patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard, compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and the first preimage attack requires O(2) time. In addition to these attacks, we also present a negligible-time second preimage attack on a strengthened variant of the TCS SHA-3. All the attacks have negligible memory requirements.
منابع مشابه
Practical (Second) Preimage Attacks on the TCS_SHA-3 Family of Cryptographic Hash Functions
TCS_SHA-3 is a family of four cryptographic hash functions that are covered by a United States patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible t...
متن کاملAdvanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...
متن کاملPreimage Attacks on 3-Pass HAVAL and Step-Reduced MD5
This paper presents preimage attacks on the hash functions 3-pass HAVAL and step-reduced MD5. Introduced in 1992 and 1991 respectively, these functions underwent severe collision attacks, but no preimage attack. We describe two preimage attacks on the compression function of 3-pass HAVAL. The attacks have a complexity of about 2 compression function evaluations instead of 2. We present several ...
متن کاملPractical Hash Functions Constructions Resistant to Generic Second Preimage Attacks Beyond the Birthday Bound
Most cryptographic hash functions rely on a simpler primitive called a compression function, and in nearly all cases, there is a reduction between some of the security properties of the full hash function and those of the compression function. For instance, a celebrated result of Merkle and Damg̊ard from 1989 states that a collision on the hash function cannot be found without finding a collisio...
متن کاملImproved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grostl Hash Function
The Grøstl hash function is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we propose some improved (pseudo) preimage attacks on the Grøstl hash function by using some techniques, such as subspace preimage attack and the guess-and-determine technique. We present the improved pseudo preimage attacks on 5-round Grøstl-256 hash function and 8-round...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013