Second preimages for SMASH

Authors:
Mario Lamberger;Norbert Pramstaller;Christian Rechberger;Vincent Rijmen
Affiliations:
Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria
Venue:
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Year:
2007

Citing 10
Cited 3

Hash functions based on block ciphers: a synthetic approach

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The First Two Rounds of MD4 are Not One-Way

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
A new MAC construction alred and a specific instance ALPHA-MAC

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
SMASH – a cryptographic hash function

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Preimage and collision attacks on MD2

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
The second-preimage attack on MD4

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Breaking a new hash function design strategy called SMASH

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

A (Second) Preimage Attack on the GOST Hash Function

Fast Software Encryption
Preimages for Reduced SHA-0 and SHA-1

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Second preimages for iterated hash functions and their implications on MACs

ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article presents a rare case of a deterministic second preimage attack on a cryptographic hash function. Using the notion of controllable output differences, we show how to construct second preimages for the SMASH hash functions. If the given preimage contains at least n+1 blocks, where n is the output length of the hash function in bits, then the attack is deterministic and requires only to solve a set of n linear equations. For shorter preimages, the attack is probabilistic.