Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
The Wide Trail Design Strategy
Proceedings of the 8th IMA International Conference on Cryptography and Coding
Collisions on SHA-0 in One Hour
Fast Software Encryption
Fast Software Encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Practical attacks on the maelstrom-0 compression function
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Automatic search of attacks on round-reduced AES and applications
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on keccak-224 and keccak-256
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases -- all) trail conditions are always satisfied thus significantly reducing the number of trials and the overall complexity. The method is illustrated with the collision and second preimage attacks on the compression functions based on Rijndael. We show that slow diffusion in the Rijndael (and AES) key schedule allows to run an attack on a version with a 13-round compression function, and the S-boxes do not prevent the attack. We finally propose how to modify the key schedule to resist the attack and provide lower bounds on the complexity of the generic differential attacks for our modification.