Filters








11 Hits in 3.9 sec

Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function [chapter]

Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li
2014 Lecture Notes in Computer Science  
Then we improve the best collision attack on reduced GOST-256 (resp. GOST-512) from 5 rounds to 6.5 (resp. 7.5) rounds.  ...  To the best of our knowledge, all of our results are the best cryptanalytic results on GOST and Whirlpool in terms of the number of rounds analyzed under the hash function setting.  ...  We would like to thank the anonymous reviewers of ACNS 2014 for their valuable comments and suggestions.  ... 
doi:10.1007/978-3-319-07536-5_18 fatcat:7dfk6vbp6nebxj3im22au4fnvi

Cryptanalysis of GOST R hash function

Zongyue Wang, Hongbo Yu, Xiaoyun Wang
2014 Information Processing Letters  
GOST R is the hash function standard of Russia. This paper presents some cryptanalytic results on GOST R.  ...  Using the rebound attack technique, we achieve collision attacks on the reduced round compression function.  ...  Rebound Attack on GOST R Compression Function The rebound attack is a hash function analyzing technique which was first proposed by Mendel et al. in [5] to attack round-reduced Grøstl and Whirlpool.  ... 
doi:10.1016/j.ipl.2014.07.007 fatcat:77gbs4i7uzgspfswpyidpaujcq

WHIRLBOB, the Whirlpool Based Variant of STRIBOB [chapter]

Markku-Juhani O. Saarinen, Billy Bob Brumley
2015 Lecture Notes in Computer Science  
We finally present some discussion and analysis on the relationships between WHIRL-BOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.  ...  WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm.  ...  Acknowledgements We thank Oleksandr Kazymyrov, Vasily Shishkin, Bart Preneel, and Paulo Barreto for their helpful comments.  ... 
doi:10.1007/978-3-319-26502-5_8 fatcat:shutbnhanbdahequdswry3u6wa

Preimage Analysis of the Maelstrom-0 Hash Function [chapter]

Riham AlTawy, Amr M. Youssef
2015 Lecture Notes in Computer Science  
Using our approach, preimages of the 6-round reduced Maelstrom-0 hash function are generated with time complexity of 2 505 and memory complexity of 2 112 .  ...  on the compression function into a preimage attack on the hash function.  ...  Acknowledgment The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper.  ... 
doi:10.1007/978-3-319-24126-5_7 fatcat:ik66ccianvblpmgsdxzbo5ttda

Preimage Attacks on Reduced-Round Stribog [chapter]

Riham AlTawy, Amr M. Youssef
2014 Lecture Notes in Computer Science  
Finally, employing 2 t multicollision, we show that preimages of the 5 and 6-round reduced hash function can be generated with time complexity of 2 481 and 2 505 , respectively.  ...  In August 2012, the Stribog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012).  ...  Lastly, a pseudo preimage attack on the 6-round Whirlpool compression function and a memoryless preimage attack on the reduced hash function were proposed in [21] .  ... 
doi:10.1007/978-3-319-06734-6_7 fatcat:uevc7llknreapgy36xwl77uoiq

Second Preimage Analysis of Whirlwind [chapter]

Riham AlTawy, Amr M. Youssef
2015 Lecture Notes in Computer Science  
Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of 2 449 and 2 505 and memory  ...  More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity  ...  The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper.  ... 
doi:10.1007/978-3-319-16745-9_17 fatcat:usi7fzjqebg5bfx36di6xvwe5u

Rebound Attacks on Stribog [chapter]

Riham AlTawy, Aleksandar Kircanski, Amr M. Youssef
2014 Lecture Notes in Computer Science  
In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012).  ...  Finally, the compression function is analyzed and a 7.75 round semi freestart collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 50 out of  ...  The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper.  ... 
doi:10.1007/978-3-319-12160-4_11 fatcat:6tmu3catgbh2hfpzrdcrbelf2y

A Collision Attack on a Double-Block-Length Compression Function Instantiated with 8-/9-Round AES-256

Jiageng CHEN, Shoichi HIROSE, Hidenori KUWAKADO, Atsuko MIYAJI
2016 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
This paper presents the first non-trivial collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: where ∥ represents concatenation  ...  For the instantiation with AES-256 reduced from 14 rounds to 8 rounds, it is effective if the constant c has at most four non-zero bytes at some specific positions, and the time complexity is 2 64 or 2  ...  This work was supported by JSPS KAKENHI Grant Numbers 21240001 and 25330150. It was also supported by Grant-in-Aid for Scientific Research (C) (15K00183) and (15K00189).  ... 
doi:10.1587/transfun.e99.a.14 fatcat:z2hucpb3dnhotai2ubqs5kcepe

A Meet in the Middle Attack on Reduced Round Kuznyechik

Riham ALTAWY, Amr M. YOUSSEF
2015 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
The algorithm updates a 128-bit state for nine rounds using a 256-bit key. In this paper, we present a meet-in-the-middle attack on the 5-round reduced cipher.  ...  Our attack is based on the differential enumeration approach, where we propose a distinguisher for the middle rounds and match a sequence of state differences at its output.  ...  Additionally, MitM preimage attacks on hash functions have been presented on HAS-160 [17] , Whirlpool [22] , Whirlwind [5] , and Streebog [4] .  ... 
doi:10.1587/transfun.e98.a.2194 fatcat:t67kextbdzbc3caw4l7odk7jxa

Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs

Alex Biryukov, Dmitry Khovratovich, Léo Perrin
2017 IACR Transactions on Symmetric Cryptology  
Finally, we show how to cryptanalyze and find a decomposition of generic SPN construction for which the inner-components are secret. All the attacks are the best to date.  ...  With the same technique we attack 6 (out of 8) rounds of Khazad, the legacy 64-bit blockcipher.  ...  In contrast to its counterpart, the hash function Streebog [Fed12] , Kuznyechik has not been officially submitted for the third-party cryptanalysis.  ... 
doi:10.13154/tosc.v2016.i2.226-247 dblp:journals/tosc/BiryukovKP16 fatcat:alfmeli7qbbw7j5w2gqwzpw2ki

Report from Dagstuhl Seminar 14021 Symmetric Cryptography

Frederik Armknecht, Helena Handschuh, Tetsu Iwata, Bart Preneel
unpublished
Key Recovery Attack against HMAC/NMAC with Reduced Whirlpool Jian Guo (Nanyang TU -Singapore, SG) We presented the first key recovery attack against HMAC instantiated with Whirlpool hash function.  ...  Combining the generic state recovery attack developed recently, and progress in preimage attacks against Whirlpool, we are able to recover the original key with Whirlpool reduced to 6 rounds, and equivalent  ...  In contrast to Keyak, Ketje works at the round function level and cryptanalysis requires ad-hoc techniques for the function as a whole.  ... 
fatcat:pvut5djxa5dkhghoo3s5kh6qba