Speeding up Collision Search for Byte-Oriented Hash Functions

Authors:
Dmitry Khovratovich;Alex Biryukov;Ivica Nikolic
Affiliations:
University of Luxembourg,;University of Luxembourg,;University of Luxembourg,
Venue:
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Year:
2009

Citing 10
Cited 7

Hash functions based on block ciphers: a synthetic approach

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
Collisions on SHA-0 in One Hour

Fast Software Encryption
The Hash Function Family LAKE

Fast Software Encryption
Cryptanalysis of GRINDAHL

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Cryptanalysis of FORK-256

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
The Grindahl hash functions

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption

Improved algebraic cryptanalysis of QUAD, Bivium and Trivium via graph partitioning on equation systems

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Attacks on hash functions based on generalized Feistel: application to reduced-round Lesamnta and SHAvite-3512

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Cache timing analysis of RC4

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Practical attacks on the maelstrom-0 compression function

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Automatic search of attacks on round-reduced AES and applications

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, Camellia, Khazad and others

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on keccak-224 and keccak-256

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases -- all) trail conditions are always satisfied thus significantly reducing the number of trials and the overall complexity. The method is illustrated with the collision and second preimage attacks on the compression functions based on Rijndael. We show that slow diffusion in the Rijndael (and AES) key schedule allows to run an attack on a version with a 13-round compression function, and the S-boxes do not prevent the attack. We finally propose how to modify the key schedule to resist the attack and provide lower bounds on the complexity of the generic differential attacks for our modification.