Second Preimage Analysis of Whirlwind

详细信息    查看全文

• 作者：Riham AlTawy (16)
  Amr M. Youssef (16)
  
  16. Concordia Institute for Information Systems Engineering ; Concordia University ; Montr茅al ; Qu茅bec ; Canada
  
• 关键词：Cryptanalysis ; Hash functions ; Meet in the middle ; Second preimage attack ; Whirlwind
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：8957
• 期：1
• 页码：311-328
• 全文大小：2,782 KB
• 参考文献：1. The National Hash Standard of the Russian Federation GOST R 34.11-2012. Russian Federal Agency on Technical Regulation and Metrology report (2012). https://www.tc26.ru/en/GOSTR34112012/GOST_R_34_112012_eng.pdf
  2. AlTawy, R, Youssef, AM Preimage attacks on reduced-round stribog. In: Pointcheval, D, Vergnaud, D eds. (2014) Progress in Cryptology 鈥?AFRICACRYPT 2014. Springer, Heidelberg, pp. 109-125 CrossRef
  3. Aoki, K, Guo, J, Matusiewicz, K, Sasaki, Y, Wang, L Preimages for step-reduced SHA-2. In: Matsui, M eds. (2009) Advances in Cryptology 鈥?ASIACRYPT 2009. Springer, Heidelberg, pp. 578-597 CrossRef
  4. Aoki, K, Sasaki, Y Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S eds. (2009) Advances in Cryptology - CRYPTO 2009. Springer, Heidelberg, pp. 70-89 CrossRef
  5. Aoki, K, Sasaki, Y Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, RM, Keliher, L, Sica, F eds. (2009) Selected Areas in Cryptography. Springer, Heidelberg, pp. 103-119 CrossRef
  6. Barreto, P, Nikov, V, Nikova, S, Rijmen, V, Tischhauser, E (2010) Whirlwind: a new cryptographic hash function. Des. Codes Crypt. 56: pp. 141-162 CrossRef
  7. Bertoni, G, Daemen, J, Peeters, M, Assche, G On the indifferentiability of the sponge construction. In: Smart, NP eds. (2008) Advances in Cryptology 鈥?EUROCRYPT 2008. Springer, Heidelberg, pp. 181-197 CrossRef
  8. Daemen, J, Rijmen, V (2002) The Design of Rijndael: AES- The Advanced Encryption Standard. Springer, Berlin
  9. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schl盲ffer, M., Thomsen, S.S.: Gr酶stl a SHA-3 candidate. NIST submission (2008)
  10. Guo, J, Ling, S, Rechberger, C, Wang, H Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M eds. (2010) Advances in Cryptology - ASIACRYPT 2010. Springer, Heidelberg, pp. 56-75 CrossRef
  11. Hong, D, Koo, B, Sasaki, Y Improved preimage attack for 68-step HAS-160. In: Lee, D, Hong, S eds. (2010) Information, Security and Cryptology 鈥?ICISC 2009. Springer, Heidelberg, pp. 332-348 CrossRef
  12. Indesteege, S.: The Lane hash function. Submission to NIST (2008). http://www.cosic.esat.kuleuven.be/publications/article-1181.pdf
  13. Knudsen, LR, Wagner, D Integral cryptanalysis. In: Daemen, J, Rijmen, V eds. (2002) Fast Software Encryption. Springer, Heidelberg, pp. 112-127 CrossRef
  14. Lamberger, M, Mendel, F, Rechberger, C, Rijmen, V, Schl盲ffer, M Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M eds. (2009) Advances in Cryptology 鈥?ASIACRYPT 2009. Springer, Heidelberg, pp. 126-143 CrossRef
  15. Leurent, G MD4 is not one-way. In: Nyberg, K eds. (2008) Fast Software Encryption. Springer, Heidelberg, pp. 412-428 CrossRef
  16. Matyukhin, D., Rudskoy, V., Shishkin, V.: A perspective hashing algorithm. In: RusCrypto (2010). (in Russian)
  17. Mendel, F, Rechberger, C, Schl盲ffer, M, Thomsen, SS The rebound attack: cryptanalysis of reduced Whirlpool and Gr酶stl. In: Dunkelman, O eds. (2009) Fast Software Encryption. Springer, Heidelberg, pp. 260-276 CrossRef
  18. Mendel, F, Rechberger, C, Schl盲ffer, M, Thomsen, SS Rebound attacks on the reduced Gr酶stl hash function. In: Pieprzyk, J eds. (2010) Topics in Cryptology - CT-RSA 2010. Springer, Heidelberg, pp. 350-365 CrossRef
  19. Menezes, AJ, Oorschot, PC, Vanstone, SA (2010) Handbook of Applied Cryptography. CRC Press, Boca Raton
  20. NIST. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register, vol. 72(212) November 2007. http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
  21. Rijmen, V., Barreto, P.S.L.M.: The Whirlpool hashing function. NISSIE submission (2000)
  22. Sasaki, Y Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A eds. (2011) Fast Software Encryption. Springer, Heidelberg, pp. 378-396 CrossRef
  23. Sasaki, Y, Aoki, K Finding preimages in full MD5 faster than exhaustive search. In: Joux, A eds. (2009) Advances in Cryptology - EUROCRYPT 2009. Springer, Heidelberg, pp. 134-152 CrossRef
  24. Sasaki, Y, Wang, L, Wu, S, Wu, W Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks. In: Wang, X, Sako, K eds. (2012) Advances in Cryptology 鈥?ASIACRYPT 2012. Springer, Heidelberg, pp. 562-579 CrossRef
  25. Tischhauser, E.W.: Mathematical aspects of symmetric-key cryptography. Ph.D. thesis, Katholieke Universiteit Leuven, May 2012. http://www.cosic.esat.kuleuven.be/publications/thesis-201.pdf
  26. Wang, X, Yin, YL, Yu, H Finding collisions in the full SHA-1. In: Shoup, V eds. (2005) Advances in Cryptology 鈥?CRYPTO 2005. Springer, Heidelberg, pp. 17-36 CrossRef
  27. Wang, X, Yu, H How to break MD5 and other hash functions. In: Cramer, R eds. (2005) Advances in Cryptology 鈥?EUROCRYPT 2005. Springer, Heidelberg, pp. 19-35 CrossRef
  28. Wu, H.: The hash function JH (2011). http://www3.ntu.edu.sg/home/wuhj/research/jh/jh-round3.pdf
  29. Wu, S, Feng, D, Wu, W, Guo, J, Dong, L, Zou, J (Pseudo) Preimage attack on round-reduced Gr酶stl hash function and others. In: Canteaut, A eds. (2012) Fast Software Encryption. Springer, Heidelberg, pp. 127-145 CrossRef
  
• 作者单位：Information Security and Cryptology
• 丛书名：978-3-319-16744-2
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of the Whirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity of \(2^{385}\) and memory complexity of \(2^{128}\) . We also employ a guess and determine approach to extend the attack to 6 rounds with time and memory complexities of \(2^{496}\) and \(2^{112}\) , respectively. Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of \(2^{449}\) and \(2^{505}\) and memory complexity of \(2^{128}\) and \(2^{112}\) , respectively.