A (Second) Preimage Attack on the GOST Hash Function
نویسندگان
چکیده
In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2 compression function evaluations and a memory requirement of about 2 bytes. First, we show how to construct a pseudo-preimage for the compression function of GOST based on its structural properties. Second, this pseudopreimage attack on the compression function is extended to a (second) preimage attack on the GOST hash function. The extension is possible by combining a multicollision attack and a meet-in-the-middle attack on the checksum.
منابع مشابه
Improved (Pseudo) Preimage Attacks on Reduced-Round GOST and Grøstl-256 and Studies on Several Truncation Patterns for AES-like Compression Functions
In this paper, we present improved preimage attacks on the reduced-round GOST hash function family, which serves as the new Russian hash standard, with the aid of techniques such as the rebound attack, the Meet-in-the-Middle preimage attack and the multicollisions. Firstly, the preimage attack on 5-round GOST-256 is proposed which is the first preimage attack for GOST-256 at the hash function l...
متن کاملCryptanalysis of the GOST Hash Function
In this article, we analyze the security of the GOST hash function. The GOST hash function, defined in the Russian standard GOST 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterative structure, a checksum computed over all input message bloc...
متن کاملImproved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function
The GOST hash function family has served as the new Russian national hash standard (GOST R 34.11-2012) since January 1, 2013, and it has two members, i.e., GOST256 and GOST-512 which correspond to two different output lengths. Most of the previous analyses of GOST emphasize on the compression function rather than the hash function. In this paper, we focus on security properties of GOST under th...
متن کاملCryptanalysis of a class of cryptographic hash functions
We apply new cryptanalytical techniques to perform the generic multi-block multicollision, second preimage and herding attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksums. The computational work required to perform these attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksum of message blocks (GOST), intermediate states (3C, MAELSTROM-0, F-Has...
متن کاملPreimage Attacks on Reduced-Round Stribog
In August 2012, the Stribog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). Stribog employs twelve rounds of an AES-based compression function operating in Miyaguchi-Preneel mode. In this paper, we investigate the preimage resistance of the Stribog hash function. Specifically, we apply a meet in the middle preimage attack on the compression functio...
متن کامل