Slide Attacks on a Class of Hash Functions

  • Michael Gorski
  • Stefan Lucks
  • Thomas Peyrin
Conference paper

DOI: 10.1007/978-3-540-89255-7_10

Volume 5350 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Gorski M., Lucks S., Peyrin T. (2008) Slide Attacks on a Class of Hash Functions. In: Pieprzyk J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg

Abstract

This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle.

To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatún. We finally discuss simple countermeasures as a defense against slide attacks.

Keywords

slide attacks hash function Grindahl RadioGatún MAC sponge function 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Michael Gorski
    • 1
  • Stefan Lucks
    • 1
  • Thomas Peyrin
    • 2
  1. 1.Bauhaus-University WeimarGermany
  2. 2.Orange Labs and University of VersaillesHong Kong