On the Complexity of Khovratovich et.al's Preimage Attack on Edon-R
نویسندگان
چکیده
Based on the analysis made by van Oorschot and Wiener for the complexity of parallel memoryless collision search [5], we show that the memoryless meet-in-the-middle attack which is one part of the whole preimage attack of Khovratovich et. al. [3] on EDON-R hash function has complexity bigger than 2n.
منابع مشابه
Two Attacks on RadioGatún
We investigate the security of the hash function design called RadioGatún in a recently proposed framework of sponge functions. We show that previously introduced symmetric trails can hardly be used to construct collisions and to find a second preimage efficiently. As a generalization of truncated differentials, trails with linear and non-linear restrictions on differences are proposed. We use ...
متن کاملCryptanalysis of EnRUPT
In this paper we present a preimage attack on EnRUPT512. We exploit the fact that the internal state is only a little bit larger than the critical security level: 1152 bits against 1024 bits. The absence of a message expansion and a fairly simple compression function allow us to fix the values for some state words and thus reduce the size of birthday state space in the meet-in-the-middle attack...
متن کاملSpeeding up Collision Search for Byte-Oriented Hash Functions
We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases — all) trail conditions are always satisfied thus significantly reducing the number of trials and ...
متن کاملNew Preimage Attacks against Reduced SHA-1
This paper shows preimage attacks against reduced SHA-1 up to 57 steps. The best previous attack has been presented at CRYPTO 2009 and was for 48 steps finding a two-block preimage with incorrect padding at the cost of 2 evaluations of the compression function. For the same variant our attacks find a one-block preimage at 2 and a correctly padded two-block preimage at 2 evaluations of the compr...
متن کاملHigher-Order Differential Meet-in-the-middle Preimage Attacks on SHA-1 and BLAKE
At CRYPTO 2012, Knellwolf and Khovratovich presented a differential formulation of advanced meet-in-the-middle techniques for preimage attacks on hash functions. They demonstrated the usefulness of their approach by significantly improving the previously best known attacks on SHA-1 from CRYPTO 2009, increasing the number of attacked rounds from a 48-round one-block pseudo-preimage without paddi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009