Preimages for the Tillich-Zémor hash function

Authors:
Christophe Petit;Jean-Jacques Quisquater
Affiliations:
UCL Crypto Group, Universit catholique de Louvain, Louvain-la-Neuve, Belgium;UCL Crypto Group, Universit catholique de Louvain, Louvain-la-Neuve, Belgium
Venue:
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Year:
2010

Citing 12
Cited 0

Hash functions and Cayley graphs

Designs, Codes and Cryptography
Group-theoretic hash functions

Proceedings of the First French-Israeli Workshop on Algebraic Coding
Weaknesses in the SL2(IFs2) Hashing Scheme

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Hashing with SL_2

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Attacking the SL2 Hashing Scheme

ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Note on the Hash Function of Tillich and Zémor

Proceedings of the Third International Workshop on Fast Software Encryption
On the Security of the Hashing Scheme Based on SL2

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Full Cryptanalysis of LPS and Morgenstern Hash Functions

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Cryptographic Hash Functions from Expander Graphs

Journal of Cryptology
Hard and Easy Components of Collision Search in the Zémor-Tillich Hash Function: New Attacks and Reduced Variants with Equivalent Security

CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Hash functions and graphs with large girths

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Collisions for the LPS expander graph hash function

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

After 15 years of unsuccessful cryptanalysis attempts by the research community, Grassl et al. have recently broken the collision resistance property of the Tillich-Zémor hash function. In this paper, we extend their cryptanalytic work and consider the preimage resistance of the function. We present two algorithms for computing preimages, each algorithm having its own advantages in terms of speed and preimage lengths. We produce theoretical and experimental evidence that both our algorithms are very efficient and succeed with a very large probability on the function parameters. Furthermore, for an important subset of these parameters, we provide a full proof that our second algorithm always succeeds in deterministic cubic time. Our attacks definitely break the Tillich-Zémor hash function and show that it is not even one-way. Nevertheless, we point out that other hash functions based on a similar design may still be secure.