Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The First Two Rounds of MD4 are Not One-Way
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
A new MAC construction alred and a specific instance ALPHA-MAC
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
SMASH – a cryptographic hash function
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Preimage and collision attacks on MD2
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
The second-preimage attack on MD4
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Breaking a new hash function design strategy called SMASH
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
A (Second) Preimage Attack on the GOST Hash Function
Fast Software Encryption
Preimages for Reduced SHA-0 and SHA-1
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Second preimages for iterated hash functions and their implications on MACs
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Hi-index | 0.00 |
This article presents a rare case of a deterministic second preimage attack on a cryptographic hash function. Using the notion of controllable output differences, we show how to construct second preimages for the SMASH hash functions. If the given preimage contains at least n+1 blocks, where n is the output length of the hash function in bits, then the attack is deterministic and requires only to solve a set of n linear equations. For shorter preimages, the attack is probabilistic.