Cryptanalysis of the GOST Hash Function

نویسندگان

  • Florian Mendel
  • Norbert Pramstaller
  • Christian Rechberger
  • Marcin Kontak
  • Janusz Szmidt
چکیده

In this article, we analyze the security of the GOST hash function. The GOST hash function, defined in the Russian standard GOST 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterative structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. As a result of our security analysis of the GOST hash function, we present the first collision attack with a complexity of about 2 evaluations of the compression function. Furthermore, we are able to significantly improve upon the results of Mendel et al. with respect to preimage and second preimage attacks. Our improved attacks have a complexity of about 2 evaluations of the compression function.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function

The GOST hash function family has served as the new Russian national hash standard (GOST R 34.11-2012) since January 1, 2013, and it has two members, i.e., GOST256 and GOST-512 which correspond to two different output lengths. Most of the previous analyses of GOST emphasize on the compression function rather than the hash function. In this paper, we focus on security properties of GOST under th...

متن کامل

Cryptanalysis of GOST R Hash Function

GOST R is the hash function standard of Russia. This paper presents some cryptanalytic results on GOST R. Using the rebound attack technique, we achieve collision attacks on the reduced round compression function. Result on up to 9.5 rounds is proposed, the time complexity is 2 and the memory requirement is 2 bytes. Based on the 9.5-round collision result, a limited birthday distinguisher is pr...

متن کامل

Cryptanalysis of a class of cryptographic hash functions

We apply new cryptanalytical techniques to perform the generic multi-block multicollision, second preimage and herding attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksums. The computational work required to perform these attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksum of message blocks (GOST), intermediate states (3C, MAELSTROM-0, F-Has...

متن کامل

Algebraic Complexity Reduction and Cryptanalysis of GOST

GOST 28147-89 is a well-known Russian government encryption standard. Its large key size of 256 bits at a particularly low implementation cost [77] make that it is widely implemented and used [66, 96, 62, 77, 82]. In 2010 GOST was submitted to ISO to become an international standard. GOST was analysed by Schneier, Biham, Biryukov, Dunkelman, Wagner, various Australian, Japanese, and Russian sci...

متن کامل

A (Second) Preimage Attack on the GOST Hash Function

In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008