International Workshop on Fast Software Encryption

FSE 2008: Fast Software Encryption pp 224-234

A (Second) Preimage Attack on the GOST Hash Function

  • Florian Mendel
  • Norbert Pramstaller
  • Christian Rechberger
Conference paper

DOI: 10.1007/978-3-540-71039-4_14

Volume 5086 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Mendel F., Pramstaller N., Rechberger C. (2008) A (Second) Preimage Attack on the GOST Hash Function. In: Nyberg K. (eds) Fast Software Encryption. FSE 2008. Lecture Notes in Computer Science, vol 5086. Springer, Berlin, Heidelberg

Abstract

In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2225 compression function evaluations and a memory requirement of about 238 bytes.

First, we show how to construct a pseudo-preimage for the compression function of GOST based on its structural properties. Second, this pseudo-preimage attack on the compression function is extended to a (second) preimage attack on the GOST hash function. The extension is possible by combining a multicollision attack and a meet-in-the-middle attack on the checksum.

Keywords

cryptanalysishash functionspreimage attack
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Florian Mendel
    • 1
  • Norbert Pramstaller
    • 1
  • Christian Rechberger
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria