The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launc...

The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e., we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10...

This paper proposes preimage attacks on hash function HAVAL whose output length is 256 bits. This paper has three main contributions; a preimage attack on 3-pass HAVAL at the complexity of 2, a preimage attack on 4-pass HAVAL at the complexity of 2, and a preimage attack on 5-pass HAVAL reduced to 151 steps at the complexity of 2. Moreover, we optimize the computational order for brute-force at...

We propose a generic way for deriving an identification (ID) scheme secure against concurrent man-in-the-middle attacks from a key encapsulation mechanism (KEM) secure against chosen ciphertext attacks on one-wayness (one-way-CCA). Then we give a concrete one-way-CCA secure KEM based on the Computational Diffie-Hellman (CDH) assumption. In that construction, the Twin Diffie-Hellman technique of...

We study the security of AES in the open-key setting by showing an analysis on hash function modes instantiating AES including Davies-Meyer, Matyas-Meyer-Oseas, and Miyaguchi-Preneel modes. In particular, we propose preimage attacks on these constructions, while most of previous work focused their attention on collision attacks or distinguishers using non-ideal differential properties. This res...

In this paper, we propose an enhanced version of the HB-MP authentication protocol, called the HB-MP protocol. The HB-MP protocol is a lightweight authentication protocol that is suitable for use in passive radio frequency identification (RFID) systems. The HB-MP protocol overcomes the man-in-the-middle attack to which the basic HB-MP protocol is vulnerable while maintaining its suitability to ...

The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e., we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10...

In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a...

In theory of mind research, there is a long standing dispute about whether children come to understand the subjectivity of both desires and beliefs at the same time (around age 4), or whether there is an asymmetry such that desires are understood earlier. To address this issue, 3-year olds’ understanding of situations in which two persons have mutually incompatible desires was tested in two stu...