Breaking the Even-Mansour Hash Function: Collision and Preimage Attacks on JH and Grøstl
نویسندگان
چکیده
The Even-Mansour structure and the chopMD mode are two widely-used strategies in hash function designs. They are adopted by many hash functions including two SHA-3 finalists, the JH hash function and the Grøstl hash function. The Even-Mansour structure combining the chopMD mode is supposed to enhance the security of hash functions against collision and preimage attacks, while our results show that it is not possible to achieve this goal with an unbalanced compression function. In this paper, we show generic attacks on the Even-Mansour hash functions including both collision and preimage attacks. Our attacks show the structure flaws of the Even-Mansour hash functions. All these attacks can be applied to specific hash functions based on the Even-Mansour structure. We achieve the first collision and (2nd-)preimage attacks on full JH and Grøstl respectively. For the JH hash function, we achieve collision and (2nd-)preimage attacks on the full JH compression function with a time gain 2. After a simple modification of the padding rules, we obtain full round collision and (2nd-)preimage attacks on the modified JH hash function with a time gain 2. For the Grøstl hash function, we obtain both collision and (2nd-)preimage attacks on the full Grøstl hash function with a limited time gain 2.
منابع مشابه
Attacks on JH, Grstl and SMASH Hash Functions
JH and Grøstl hash functions are two of the five finalists in NIST SHA-3 competition. JH-s and Grøstl-s are based on a 2n bit compression function and the final output is truncated to s bits, where n is 512 and s can be 224,256,384 and 512. Previous security proofs show that JH-s and Grøstl-s are optimal collision resistance without length padding to the last block. In this paper we present col...
متن کاملQuantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein
This paper presents attacks that clearly violate the explicit security claims of 11 of the 14 second-round submissions to the SHA-3 competition: Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein. The attacks are structured-first-preimage attacks, the most devastating type of hash-function attack. The attacks use a quantum computer, but not a particul...
متن کاملImproved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grostl Hash Function
The Grøstl hash function is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we propose some improved (pseudo) preimage attacks on the Grøstl hash function by using some techniques, such as subspace preimage attack and the guess-and-determine technique. We present the improved pseudo preimage attacks on 5-round Grøstl-256 hash function and 8-round...
متن کاملProvable Security Analysis of SHA-3 Candidates
Hash functions are fundamental cryptographic primitives that compress messages of arbitrary length into message digests of a fixed length. They are used as the building block in many important security applications such as digital signatures, message authentication codes, password protection, etc. The three main security properties of hash functions are collision, second preimage and preimage r...
متن کامل(Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others
The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e., we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013