Cryptanalysis of Double-Block-Length Hash Mode MJH
نویسندگان
چکیده
A double-block-length (DBL) hash mode of block ciphers, MJH has been proved to be collision-resistant in the ideal cipher model upto 22n/3−log n queries. In this paper we provide first cryptanalytic results for MJH. We show that a collision attack on MJH has the time complexity below the birthday bound. When block ciphers with 128-bit blocks are used, it has time complexity around 2, which is to be compared to the birthday attack having complexity 2. We also give a preimage attack on MJH. It has the time complexity of 2 with n-bit block ciphers, which is to be compared to the brute force attack having complexity 2.
منابع مشابه
Cryptanalysis of Some Double-Block-Length Hash Modes of Block Ciphers with n-Bit Block and n-Bit Key
In this paper, we make attacks on DBL (Double-Block-Length) hash modes of block ciphers with n-bit key and n-bit block. Our preimage attack on the hash function of MDC-4 scheme requires the time complexity 2, which is significantly improved compared to the previous results. Our collision attack on the hash function of MJH scheme has time complexity less than 2 for n = 128. Our preimage attack o...
متن کاملMJH: A Faster Alternative to MDC-2
In this paper, we introduce a new class of double-block-length hash functions. Using the ideal cipher model, we prove that these hash functions, dubbed MJH, are asymptotically collision resistant up to O(2n(1− ) query complexity for any > 0 in the iteration, where n is the block size of the underlying blockcipher. When based on n-bit key blockciphers, our construction, being of rate 1/2, provid...
متن کاملA new (n, n) Blockcipher based Hash Function for Short Messages
We propose a new (n, n) double block length hash function where collision and preimage security bound is respectively O ( 2 ) and O ( 2 ) . The strategic point of this scheme is able to handle short message tn (t < 1) bit, which is very significant issue for RFID tag security. It is known that the RFID tag needs to proceed short message but MDC-2, MDC-4, MJH are not properly suitable for meetin...
متن کاملOpen problems in hash function security
A cryptographic hash function compresses arbitrarily long messages to digests of a short and fixed length. Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or permutations. This modular design approach allows for a rigorous security analysis via me...
متن کاملAttacks on JH, Grstl and SMASH Hash Functions
JH and Grøstl hash functions are two of the five finalists in NIST SHA-3 competition. JH-s and Grøstl-s are based on a 2n bit compression function and the final output is truncated to s bits, where n is 512 and s can be 224,256,384 and 512. Previous security proofs show that JH-s and Grøstl-s are optimal collision resistance without length padding to the last block. In this paper we present col...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012