37 research outputs found
Joux multicollisions attack in sponge construction
Cryptographic hash functions take an unfixed size of input and
produce a fixed size of an output. A hash function usually has
two main components: a compression function and mode of
operation. Sponge construction is one of the main operations of
modes of used in modern cryptographic hash function. In this
paper, we present multicollisions attack in sponge construction.
In 2004, Joux [3] presented multicollision attack in iterated
hash function. Our attack is similar to Joux attack but
specifically for sponge construction1. We show that finding
multicollisions in sponge construction of messages that hash to
the same value, is not harder finding ordinary collisions. Then,
we use this attack as a tool to prove that concatenating more
than one hash function in order to increase the security level
does not yield to more secure construction
MOIM: a novel design of cryptographic hash function
A hash function usually has two main components: a compression function or
permutation function and mode of operation. In this paper, we propose a new concrete
novel design of a permutation based hash functions called MOIM. MOIM is based on
concatenating two parallel fast wide pipe constructions as a mode of operation designed
by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state
is significantly larger than the size of the output. And the permutations functions used
in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally
inspired from Rijndael design (AES). As a consequence there is a very strong confusion
and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and
Joux attack in two defense security levels
Quantum Multicollision-Finding Algorithm
The current paper presents a new quantum algorithm for finding multicollisions, often denoted by -collisions, where an -collision for a function is a set of distinct inputs having the same output value. Although it is fundamental in cryptography, the problem of finding multicollisions has not received much attention \emph{in a quantum setting}. The tight bound of quantum query complexity for finding -collisions of random functions has been revealed to be , where is the size of a codomain. However, neither the lower nor upper bound is known for -collisions. The paper first integrates the results from existing research to derive several new observations, e.g.~-collisions can be generated only with quantum queries for a small constant . Then a new quantum algorithm is proposed, which finds an -collision of any function that has a domain size times larger than the codomain size. A rigorous proof is given to guarantee that the expected number of quantum queries is for a small constant , which matches the tight bound of for and improves the known bounds, say, the above simple bound of
New Second Preimage Attacks on Dithered Hash Functions with Low Memory Complexity
Dithered hash functions were proposed by Rivest as a method
to mitigate second preimage attacks on Merkle-Damgard hash functions.
Despite that, second preimage attacks against dithered hash functions
were proposed by Andreeva et al. One issue with these second preimage
attacks is their huge memory requirement in the precomputation and the
online phases. In this paper, we present new second preimage attacks on
the dithered Merkle-Damgard construction. These attacks consume significantly
less memory in the online phase (with a negligible increase in
the online time complexity) than previous attacks. For example, in the
case of MD5 with the Keranen sequence, we reduce the memory complexity
from about 2^51 blocks to about 2^26.7 blocks (about 545 MB). We also
present an essentially memoryless variant of Andreeva et al. attack. In
case of MD5-Keranen or SHA1-Keranen, the offline and online memory
complexity is 2^15.2 message blocks (about 188–235 KB), at the expense
of increasing the offline time complexity
Современные стандарты алгоритмов хэширования
Рассматриваются принципы построения хэш-функций. Представлена конструкция Меркла – Дамграда и её модификации Wide Pipe, Fast Wide Pipe, HAIFA. Описывается последняя разработка в области построения хэш-функций – криптографическая губка. Приведены примеры современных стандартов алгоритмов хэширования и их особенности
Slide Attacks on a Class of Hash Functions
Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatún. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatún, MAC, sponge function.
Enhancing the Security Level of SHA-1 by Replacing the MD Paradigm
Cryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-0, SHA-1 and RIPEMD-160 are built on Merkle-Damgard iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions and their underlying Merkle-Damgard construction. In this paper we propose a hash function which follows design principle of SHA-1 and is based on dither construction. Its compression function takes three inputs and generates a single output of 160-bit length. An extra input to a compression function is generated through a fast pseudo-random function. Dither construction shows strong resistance against major generic and other cryptanalytic attacks. The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail. It is exhaustedly compared with SHA-1 because hash functions from SHA-2 and SHA-3 are of higher bit length and known to be more secure than SHA-1. It is shown that the proposed hash function has high sensitivity to an input message and is secure against different cryptanalytic attacks
Improving Generic Attacks Using Exceptional Functions
Over the past ten years, there have been many attacks on symmetric constructions using the statistical properties of random functions. Initially, these attacks targeted iterated hash constructions and their combiners, developing a wide array of methods based on internal collisions and on the average behavior of iterated random functions. More recently, Gilbert et al. (EUROCRYPT 2023) introduced a forgery attack on so-called duplex-based Authenticated Encryption modes which was based on exceptional random functions, i.e., functions whose graph admits a large component with an exceptionally small cycle.
In this paper, we expand the use of such functions in generic cryptanalysis with several new attacks. First, we improve the attack of Gilbert et al. from to , where is the capacity. This new attack uses a nested pair of functions with exceptional behavior, where the second function is defined over the cycle of the first one. Next, we introduce several new generic attacks against hash combiners, notably using small cycles to improve the complexities of the best existing attacks on the XOR combiner, Zipper Hash and Hash-Twice.
Last but not least, we propose the first quantum second preimage attack against Hash-Twice, reaching a quantum complexity
Quantum Multi-Collision Distinguishers
In EUROCRYPT~2020, Hosoyamada and Sasaki find differential paths with probability can be useful in quantum collision attacks, v.s. for classical collision attacks. This observation led to attacks for more rounds on some AES-like hash functions. In this paper, we quantize the multi-collision distinguisher proposed by Biryukov, Khovratovich, and Nikolic̈ at CRYPTO~2009, and propose quantum multi-collision distinguishers. Compared against the tight bound for quantum multi-collision on ideal functions by Liu and Zhang in EUROCRYPT~2019, we find the probability of useful differential paths can be as low as . This leads to even more attacked rounds than both classical multi-collision distinguishers and quantum collision attacks. To demonstrate the effectiveness, we applied the attack model to AES, Rijndael, and the post-quantum block cipher design Saturnin. Distinguishing attacks are found on the full version of AES-192, AES-256, Rijndael-128-160, and Rijndael-128-224. Other results include 8-round AES-128, 11-round Rijndael-160-192, 12-round Rijndael-160-256, and 10-round Saturnin-256