Differential Cryptanalysis of Reduced Rounds of GOST
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
How Easy is Collision Search. New Results and Applications to DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Preimage and collision attacks on MD2
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Cryptanalysis of the full HAVAL with 4 and 5 passes
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
A study of the MD5 attacks: insights and improvements
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Cryptanalysis of the GOST Hash Function
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Preimages for Reduced SHA-0 and SHA-1
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Preimage attacks on step-reduced SM3 hash function
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2225compression function evaluations and a memory requirement of about 238bytes.First, we show how to construct a pseudo-preimage for the compression function of GOST based on its structural properties. Second, this pseudo-preimage attack on the compression function is extended to a (second) preimage attack on the GOST hash function. The extension is possible by combining a multicollision attack and a meet-in-the-middle attack on the checksum.