International Workshop on Fast Software Encryption

FSE 2011: Fast Software Encryption pp 378-396

Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool

  • Yu Sasaki
Conference paper

DOI: 10.1007/978-3-642-21702-9_22

Volume 6733 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

We study the security of AES in the open-key setting by showing an analysis on hash function modes instantiating AES including Davies-Meyer, Matyas-Meyer-Oseas, and Miyaguchi-Preneel modes. In particular, we propose preimage attacks on these constructions, while most of previous work focused their attention on collision attacks or distinguishers using non-ideal differential properties. This research is based on the motivation that we should evaluate classical and important security notions for hash functions and avoid complicated attack models that seem to have little relevance in practice. We apply a recently developed meet-in-the-middle preimage approach. As a result, we obtain a preimage attack on 7 rounds of Davies-Meyer AES and a second preimage attack on 7 rounds of Matyas-Meyer-Oseas and Miyaguchi-Preneel AES. Considering that the previous best collision attack only can work up to 6 rounds, the number of attacked rounds reaches the best in terms of the classical security notions. In our attacks, the key is regarded as a known constant, and the attacks thus can work for any key length in common.

Keywords

AEShash functionDavies-MeyerMatyas-Meyer-OseasMiyaguchi-PreneelPGVpreimagemeet-in-the-middleWhirlpool
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Yu Sasaki
    • 1
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan