Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
نویسندگان
چکیده
Shin et al.[4] proposed a new hash function with 160-bit output length at PKC’98. Recently, at FSE 2002, Han et al.[5] cryptanalyzed the hash function proposed at PKC’98 and suggested a method finding a collision pair with probability 2−30, supposing that boolean functions satisfy the SAC(Strict Avalanche Criterion). This paper improves their attack and shows that we can find a collision pair from the original version of the hash function with probability 2−37.13 through the improved method. Furthermore we point out a weakness of the function comes from shift values dependent on message.
منابع مشابه
Improved Collision Attack on the Hash Function Proposed at PKC'98
In this article, we present an improved collision attack on the hash function proposed by Shin et al. at PKC’98. The attack has a complexity of about 2 hash computations, while the previous attack of Chang et al. presented at SAC 2002 has a complexity of about 2 hash computations. In the analysis of the hash function we combined existing approaches with recent results in cryptanalysis of hash f...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملCryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98
In the conference PKC’98, Shin et al. proposed a dedicated hash function of the MD family. In this paper, we study the security of Shin’s hash function. We analyze the property of the Boolean functions, the message expansion, and the data dependent rotations of the hash function. We propose a method for finding the collisions of the modified Shin’s hash function and show that we can find collis...
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کاملCryptanalysis of Reduced-Round Whirlwind (Full Version)
The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launc...
متن کامل