A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Filters
Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
Then we improve the best collision attack on reduced GOST-256 (resp. GOST-512) from 5 rounds to 6.5 (resp. 7.5) rounds. ...
To the best of our knowledge, all of our results are the best cryptanalytic results on GOST and Whirlpool in terms of the number of rounds analyzed under the hash function setting. ...
We would like to thank the anonymous reviewers of ACNS 2014 for their valuable comments and suggestions. ...
doi:10.1007/978-3-319-07536-5_18
fatcat:7dfk6vbp6nebxj3im22au4fnvi
Cryptanalysis of GOST R hash function
2014
Information Processing Letters
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
GOST R is the hash function standard of Russia. This paper presents some cryptanalytic results on GOST R. ...
Using the rebound attack technique, we achieve collision attacks on the reduced round compression function. ...
Rebound Attack on GOST R Compression Function The rebound attack is a hash function analyzing technique which was first proposed by Mendel et al. in [5] to attack round-reduced Grøstl and Whirlpool. ...
doi:10.1016/j.ipl.2014.07.007
fatcat:77gbs4i7uzgspfswpyidpaujcq
WHIRLBOB, the Whirlpool Based Variant of STRIBOB
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
We finally present some discussion and analysis on the relationships between WHIRL-BOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik. ...
WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. ...
Acknowledgements We thank Oleksandr Kazymyrov, Vasily Shishkin, Bart Preneel, and Paulo Barreto for their helpful comments. ...
doi:10.1007/978-3-319-26502-5_8
fatcat:shutbnhanbdahequdswry3u6wa
Preimage Analysis of the Maelstrom-0 Hash Function
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Using our approach, preimages of the 6-round reduced Maelstrom-0 hash function are generated with time complexity of 2 505 and memory complexity of 2 112 . ...
on the compression function into a preimage attack on the hash function. ...
Acknowledgment The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper. ...
doi:10.1007/978-3-319-24126-5_7
fatcat:ik66ccianvblpmgsdxzbo5ttda
Preimage Attacks on Reduced-Round Stribog
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Finally, employing 2 t multicollision, we show that preimages of the 5 and 6-round reduced hash function can be generated with time complexity of 2 481 and 2 505 , respectively. ...
In August 2012, the Stribog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). ...
Lastly, a pseudo preimage attack on the 6-round Whirlpool compression function and a memoryless preimage attack on the reduced hash function were proposed in [21] . ...
doi:10.1007/978-3-319-06734-6_7
fatcat:uevc7llknreapgy36xwl77uoiq
Second Preimage Analysis of Whirlwind
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of 2 449 and 2 505 and memory ...
More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity ...
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper. ...
doi:10.1007/978-3-319-16745-9_17
fatcat:usi7fzjqebg5bfx36di6xvwe5u
Rebound Attacks on Stribog
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). ...
Finally, the compression function is analyzed and a 7.75 round semi freestart collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 50 out of ...
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper. ...
doi:10.1007/978-3-319-12160-4_11
fatcat:6tmu3catgbh2hfpzrdcrbelf2y
A Collision Attack on a Double-Block-Length Compression Function Instantiated with 8-/9-Round AES-256
2016
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
This paper presents the first non-trivial collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: where ∥ represents concatenation ...
For the instantiation with AES-256 reduced from 14 rounds to 8 rounds, it is effective if the constant c has at most four non-zero bytes at some specific positions, and the time complexity is 2 64 or 2 ...
This work was supported by JSPS KAKENHI Grant Numbers 21240001 and 25330150. It was also supported by Grant-in-Aid for Scientific Research (C) (15K00183) and (15K00189). ...
doi:10.1587/transfun.e99.a.14
fatcat:z2hucpb3dnhotai2ubqs5kcepe
A Meet in the Middle Attack on Reduced Round Kuznyechik
2015
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
The algorithm updates a 128-bit state for nine rounds using a 256-bit key. In this paper, we present a meet-in-the-middle attack on the 5-round reduced cipher. ...
Our attack is based on the differential enumeration approach, where we propose a distinguisher for the middle rounds and match a sequence of state differences at its output. ...
Additionally, MitM preimage attacks on hash functions have been presented on HAS-160 [17] , Whirlpool [22] , Whirlwind [5] , and Streebog [4] . ...
doi:10.1587/transfun.e98.a.2194
fatcat:t67kextbdzbc3caw4l7odk7jxa
Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs
2017
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Finally, we show how to cryptanalyze and find a decomposition of generic SPN construction for which the inner-components are secret. All the attacks are the best to date. ...
With the same technique we attack 6 (out of 8) rounds of Khazad, the legacy 64-bit blockcipher. ...
In contrast to its counterpart, the hash function Streebog [Fed12] , Kuznyechik has not been officially submitted for the third-party cryptanalysis. ...
doi:10.13154/tosc.v2016.i2.226-247
dblp:journals/tosc/BiryukovKP16
fatcat:alfmeli7qbbw7j5w2gqwzpw2ki
Report from Dagstuhl Seminar 14021 Symmetric Cryptography
unpublished
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Key Recovery Attack against HMAC/NMAC with Reduced Whirlpool Jian Guo (Nanyang TU -Singapore, SG) We presented the first key recovery attack against HMAC instantiated with Whirlpool hash function. ...
Combining the generic state recovery attack developed recently, and progress in preimage attacks against Whirlpool, we are able to recover the original key with Whirlpool reduced to 6 rounds, and equivalent ...
In contrast to Keyak, Ketje works at the round function level and cryptanalysis requires ad-hoc techniques for the function as a whole. ...
fatcat:pvut5djxa5dkhghoo3s5kh6qba