Hash functions and Cayley graphs
Designs, Codes and Cryptography
Group-theoretic hash functions
Proceedings of the First French-Israeli Workshop on Algebraic Coding
Weaknesses in the SL2(IFs2) Hashing Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Attacking the SL2 Hashing Scheme
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Note on the Hash Function of Tillich and Zémor
Proceedings of the Third International Workshop on Fast Software Encryption
On the Security of the Hashing Scheme Based on SL2
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Full Cryptanalysis of LPS and Morgenstern Hash Functions
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Cryptographic Hash Functions from Expander Graphs
Journal of Cryptology
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Hash functions and graphs with large girths
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Collisions for the LPS expander graph hash function
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Hi-index | 0.00 |
After 15 years of unsuccessful cryptanalysis attempts by the research community, Grassl et al. have recently broken the collision resistance property of the Tillich-Zémor hash function. In this paper, we extend their cryptanalytic work and consider the preimage resistance of the function. We present two algorithms for computing preimages, each algorithm having its own advantages in terms of speed and preimage lengths. We produce theoretical and experimental evidence that both our algorithms are very efficient and succeed with a very large probability on the function parameters. Furthermore, for an important subset of these parameters, we provide a full proof that our second algorithm always succeeds in deterministic cubic time. Our attacks definitely break the Tillich-Zémor hash function and show that it is not even one-way. Nevertheless, we point out that other hash functions based on a similar design may still be secure.