(Pseudo) preimage attack on round-reduced grøstl hash function and others

Authors:
Shuang Wu;Dengguo Feng;Wenling Wu;Jian Guo;Le Dong;Jian Zou
Affiliations:
State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China;Institute for Infocomm Research, Singapore;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China
Venue:
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Year:
2012

Citing 14
Cited 2

A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Differential Collisions in SHA-0

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
MD4 is Not One-Way

Fast Software Encryption
Preimage Attacks on 3, 4, and 5-Pass HAVAL

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Selected Areas in Cryptography
Preimages for Step-Reduced SHA-2

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Improved preimage attack for 68-step HAS-160

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Meet-in-the-middle attacks on reduced-round XTEA

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Improved meet-in-the-middle cryptanalysis of KTANTAN

ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Bicliques for permutations: collision and preimage attacks in stronger settings

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e., we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10)-round Grøstl-256 has a complexity of (2244.85,2230.13) (in time and memory) and pseudo preimage attack on 8(out of 14)-round Grøstl-512 has a complexity of (2507.32,2507.00). To the best of our knowledge, our attacks are the first (pseudo) preimage attacks on round-reduced Grøstl hash function, including its compression function and output transformation. These results are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki. We also improve the time complexities of the preimage attacks against 5-round Whirlpool and 7-round AES hashes by Sasaki in FSE 2011.