Second Preimage Analysis of Whirlwind
نویسندگان
چکیده
Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of theWhirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity of 2 and memory complexity of 2. We also employ a guess and determine approach to extend the attack to 6 rounds with time and memory complexities of 2 and 2, respectively. Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of 2 and 2 and memory complexity of 2 and 2, respectively.
منابع مشابه
Cryptanalysis of Reduced-Round Whirlwind (Full Version)
The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launc...
متن کاملSecond-Preimage Analysis of Reduced SHA-1
Many applications using cryptographic hash functions do not require collision resistance, but some kind of preimage resistance. That’s also the reason why the widely used SHA-1 continues to be recommended in all applications except digital signatures after 2010. Recent work on preimage and second preimage attacks on reduced SHA-1 succeeding up to 48 out of 80 steps (with results barely below th...
متن کاملImproved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl
Abstract. Grøstl is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we use many techniques to improve the pseudo preimage attack on Grøstl hash function, such as subspace preimage attack and guess-and-determine technique. We present improved pseudo preimage attacks on 5-round Grøstl-256 and 8-round Grøstl-512 respectively. The complexity of the a...
متن کاملPseudo-cryptanalysis of Blue Midnight Wish
We describe pseudo-collision and pseudo-(second) preimage attacks on the SHA-3 candidate Blue Midnight Wish. The complexity of the pseudo-collision attack is around 2, and the complexity of the pseudo-(second) preimage attack is around 2.
متن کاملFunctional Graph Revisited: Updates on (Second) Preimage Attacks on Hash Combiners
This paper studies functional-graph-based (second) preimage attacks against hash combiners. By exploiting more properties of cyclic nodes of functional graph, we find an improved preimage attack against the XOR combiner with a complexity of 2, while the previous best-known complexity is 2. Moreover, we find the first generic second-preimage attack on Zipper hash with an optimal complexity of 2.
متن کامل