On Diamond Structures and Trojan Message Attacks

  • Tuomas Kortelainen
  • Juha Kortelainen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8270)


The first part of this paper considers the diamond structures which were first introduced and applied in the herding attack by Kelsey and Kohno [7]. We present a new method for the construction of a diamond structure with 2 d chaining values the message complexity of which is \(\mathrm{O}(2^{\frac{n+d}{2}})\). Here n is the length of the compression function used. The aforementioned complexity was (with intuitive reasoning) suggested to be true in [7] and later disputed by Blackburn et al. in [3]. In the second part of our paper we give new, efficient variants for the two types of Trojan message attacks against Merkle-Damgård hash functions presented by Andreeva et al. [1] The message complexities of the Collision Trojan Attack and the stronger Herding Trojan Attack in [1] are \(\mathrm{O}(2^{\frac{n}{2}+r})\) and \(\mathrm{O}(2^{\frac{2n}{3}}+2^{\frac{n}{2}+r})\), respectively. Our variants of the above two attack types are the Weak Trojan Attack and the Strong Trojan Attack having the complexities \(\mathrm{O}(2^{\frac{n+r}{2}})\) and \(\mathrm{O}(2^{\frac{2n-s}{3}}+2^{\frac{n+r}{2}})\), respectively. Here 2 r is the cardinality of the prefix set and 2 s is the length of the Trojan message in the Strong Trojan Attack.


  1. 1.
    Andreeva, E., Bouillaguet, C., Dunkelman, O., Kelsey, J.: Herding, Second Preimage and Trojan Message Attacks beyond Merkle-Damgård. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 393–414. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second Preimage Attacks on Dithered Hash Functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270–288. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Blackburn, S., Stinson, D., Upadhyay, J.: On the Complexity of the Herding Attack and Some Related Attacks on Hash Functions. Cryptology ePrint Archive, Report 2010/030 (2010),
  4. 4.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  5. 5.
    Hoch, J., Shamir, A.: Breaking the ICE - Finding Multicollisions in Iterated Concatenated and Expanded (ICE) Hash Functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 179–194. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Kelsey, J., Kohno, T.: Herding Hash Functions and the Nostradamus Attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Kortelainen, J., Halunen, K., Kortelainen, T.: Multicollision attacks and generalized iterated hash functions. Journal of Mathematical Cryptology 4, 239–270 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Kortelainen, J., Kortelainen, T., Vesanen, A.: Unavoidable Regularities in Long Words with Bounded Number of Symbol Occurrences. In: Fu, B., Du, D.-Z. (eds.) COCOON 2011. LNCS, vol. 6842, pp. 519–530. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Kortelainen, T., Vesanen, A., Kortelainen, J.: Generalized Iterated Hash Functions Revisited: New Complexity Bounds for Multicollision Attacks. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 172–190. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A. (eds.): Handbook of Applied Cryptology, pp. 321–376 (1996)Google Scholar
  13. 13.
    Merkle, R.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  14. 14.
    Nandi, M., Stinson, D.: Multicollision attacks on some generalized sequential hash functions. IEEE Transactions on Information Theory 53(2), 759–767 (2007)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multicollisions. IEICE Transactions 91A(1), 39–45 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tuomas Kortelainen
    • 1
  • Juha Kortelainen
    • 2
  1. 1.Mathematics Division, Department of Electrical EngineeringUniversity of OuluFinland
  2. 2.Department of Information Processing ScienceUniversity of OuluFinland

Personalised recommendations