Advertisement

Cryptanalysis of the LAKE Hash Family

  • Alex Biryukov
  • Praveen Gauravaram
  • Jian Guo
  • Dmitry Khovratovich
  • San Ling
  • Krystian Matusiewicz
  • Ivica Nikolić
  • Josef Pieprzyk
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5665)

Abstract

We analyse the security of the cryptographic hash function LAKE-256 proposed at FSE 2008 by Aumasson, Meier and Phan. By exploiting non-injectivity of some of the building primitives of LAKE, we show three different collision and near-collision attacks on the compression function. The first attack uses differences in the chaining values and the block counter and finds collisions with complexity 233. The second attack utilizes differences in the chaining values and salt and yields collisions with complexity 242. The final attack uses differences only in the chaining values to yield near-collisions with complexity 299. All our attacks are independent of the number of rounds in the compression function. We illustrate the first two attacks by showing examples of collisions and near-collisions.

Keywords

Hash Function Type Attack Compression Function Message Block Cryptographic Hash Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Aumasson, J.-P., Meier, W., Phan, R.: The hash function family LAKE. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 36–53. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Dunkelman, O.: A framework for iterative hash functions – HAIFA. IACR ePrint Archive, Report 2007/278 (2007), http://eprint.iacr.org/2007/278.pdf
  3. 3.
    Biham, E., Dunkelman, O., Bouillaguet, C., Fouque, P.-A.: Re-visiting HAIFA and why you should visit too. In: ECRYPT workshop Hash functions in cryptology: theory and practice (June 2008), http://www.lorentzcenter.nl/lc/web/2008/309/presentations/Dunkelman.pdf (accessed on 11/23/2008)
  4. 4.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system I: The user language. Journal of Symbolic Computation 24(3-4), 235–265 (1997), http://magma.maths.usyd.edu.au/MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1989)Google Scholar
  6. 6.
    Daum, M.: Cryptanalysis of Hash Functions of the MD4-Family. PhD thesis, Ruhr-Universität Bochum (May 2005)Google Scholar
  7. 7.
    Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Kelsey, J., Kohno, T.: Herding Hash Functions and the Nostradamus Attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Matusiewicz, K., Peyrin, T., Billet, O., Contini, S., Pieprzyk, J.: Cryptanalysis of FORK-256. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 19–38. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Mendel, F., Schläffer, M.: Collisions for round-reduced LAKE. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 267–281. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1989)Google Scholar
  13. 13.
    National Institute of Standards and Technology. Secure hash standard (SHS). FIPS 180-2 (August 2002)Google Scholar
  14. 14.
    Paul, S., Preneel, B.: Solving systems of differential equations of addition. In: Boyd, C., Nieto, J.M.G. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 75–88. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Wang, X., Yin, Y.L., Yu, H.: Collision search attacks on SHA-1 (Feburary 13, 2005), http://theory.csail.mit.edu/~yiqun/shanote.pdf
  16. 16.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Alex Biryukov
    • 1
  • Praveen Gauravaram
    • 3
  • Jian Guo
    • 2
  • Dmitry Khovratovich
    • 1
  • San Ling
    • 2
  • Krystian Matusiewicz
    • 3
  • Ivica Nikolić
    • 1
  • Josef Pieprzyk
    • 4
  • Huaxiong Wang
    • 2
  1. 1.University of LuxembourgLuxembourg
  2. 2.School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore
  3. 3.Department of MathematicsTechnical University of DenmarkDenmark
  4. 4.Centre for Advanced Computing - Algorithms and CryptographyMacquarie UniversityAustralia

Personalised recommendations