Practical attacks on the maelstrom-0 compression function

Authors:
Stefan Kölbl;Florian Mendel
Affiliations:
Graz University of Technology, Graz, Austria;Graz University of Technology, Graz, Austria
Venue:
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Year:
2011

Citing 10
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
Speeding up Collision Search for Byte-Oriented Hash Functions

CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Collisions for 70-step SHA-1: on the full cost of collision search

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Constructing secure hash functions by enhancing merkle-damgård construction

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present attacks on the compression function of Maelstrom-0. It is based on the Whirlpool hash function standardized by ISO and was designed to be a faster and more robust enhancement. We analyze the compression function and use differential cryptanalysis to construct collisions for reduced variants of the Maelstrom-0 compression function. The attacks presented in this paper are of practical complexity and show significant weaknesses in the construction compared to its predecessor. The methods used are based on recent results in the analysis of AES-based hash functions.