Preimage attacks on step-reduced SM3 hash function

Authors:
Jian Zou;Wenling Wu;Shuang Wu;Bozhan Su;Le Dong
Affiliations:
State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China,Graduate University of Chinese Academy of Sciences, Beijing, P.R. China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China
Venue:
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Year:
2011

Citing 16
Cited 2

Handbook of Applied Cryptography

Handbook of Applied Cryptography
The First Two Rounds of MD4 are Not One-Way

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Preimages for Reduced-Round Tiger

Research in Cryptology
A (Second) Preimage Attack on the GOST Hash Function

Fast Software Encryption
MD4 is Not One-Way

Fast Software Encryption
Preimage Attacks on Step-Reduced MD5

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Preimages for Reduced SHA-0 and SHA-1

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Preimage Attacks on 3, 4, and 5-Pass HAVAL

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Preimage Attacks on Reduced Tiger and SHA-2

Fast Software Encryption
Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Selected Areas in Cryptography
Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5

Selected Areas in Cryptography
Preimages for Step-Reduced SHA-2

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Preimage and pseudo-collision attacks on step-reduced SM3 hash function

Information Processing Letters
Finding collisions for round-reduced SM3

CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a preimage attack on SM3 hash function reduced to 30 steps. SM3 is an iterated hash function based on the Merkle-Damgård design. It is a hash function used in applications such as the electronic certification service system in China. Our cryptanalysis is based on the Meet-in-the-Middle (MITM) attack. We utilize several techniques such as initial structure, partial matching and message compensation to improve the standard MITM preimage attack. Moreover, we use some observations on the SM3 hash function to optimize the computation complexity. Overall, a preimage of 30 steps SM3 hash function can be computed with a complexity of 2249 SM3 compression function computation, and requires a memory of 216. As far as we know, this is yet the first preimage result on the SM3 hash function.