Functional Graph Revisited: Updates on (Second) Preimage Attacks on Hash Combiners
نویسندگان
چکیده
This paper studies functional-graph-based (second) preimage attacks against hash combiners. By exploiting more properties of cyclic nodes of functional graph, we find an improved preimage attack against the XOR combiner with a complexity of 2, while the previous best-known complexity is 2. Moreover, we find the first generic second-preimage attack on Zipper hash with an optimal complexity of 2.
منابع مشابه
New Attacks on the Concatenation and XOR Hash Combiners
We study the security of the concatenation combiner H1(M)‖H2(M) for two independent iterated hash functions with n-bit outputs that are built using the Merkle-Damg̊ard construction. In 2004 Joux showed that the concatenation combiner of hash functions with an n-bit internal state does not offer better collision and preimage resistance compared to a single strong n-bit hash function. On the other...
متن کاملProvable Second Preimage Resistance Revisited
Most cryptographic hash functions are iterated constructions, in which a mode of operation specifies how a compression function or a fixed permutation is applied. The Merkle-Damg̊ard mode of operation is the simplest and more widely deployed mode of operation, yet it suffers from generic second preimage attacks, even when the compression
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کاملImproved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grostl Hash Function
The Grøstl hash function is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we propose some improved (pseudo) preimage attacks on the Grøstl hash function by using some techniques, such as subspace preimage attack and the guess-and-determine technique. We present the improved pseudo preimage attacks on 5-round Grøstl-256 hash function and 8-round...
متن کاملPractical (Second) Preimage Attacks on TCS_SHA-3
TCS SHA-3 is a family of four cryptographic hash functions that are covered by an US patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard, compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and t...
متن کامل