Speeding up Collision Search for Byte-Oriented Hash Functions

Khovratovich, Dmitry; Biryukov, Alex; Nikolic, Ivica

doi:10.1007/978-3-642-00862-7_11

Dmitry Khovratovich¹⁷,
Alex Biryukov¹⁷ &
Ivica Nikolic¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5473))

Included in the following conference series:

Cryptographers’ Track at the RSA Conference

1397 Accesses
16 Citations

Abstract

We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases — all) trail conditions are always satisfied thus significantly reducing the number of trials and the overall complexity.

The method is illustrated with the collision and second preimage attacks on the compression functions based on Rijndael. We show that slow diffusion in the Rijndael (and AES) key schedule allows to run an attack on a version with a 13-round compression function, and the S-boxes do not prevent the attack. We finally propose how to modify the key schedule to resist the attack and provide lower bounds on the complexity of the generic differential attacks for our modification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aumasson, J.-P., Meier, W., Phan, R.C.-W.: The hash function family LAKE. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 36–53. Springer, Heidelberg (2008)
Chapter Google Scholar
Bentahar, K., Page, D., Saarinen, M.-J.O., Silverman, J.H., Smart, N.: LASH, Tech. report, NIST Cryptographic Hash Workshop (2006)
Google Scholar
Bertoni, G., Daemen, J., Peeters, M., van Assche, G.: Radiogatun, a belt-and-mill hash function (2006), http://radiogatun.noekeon.org/
De Cannière, C., Rechberger, C.: Finding SHA-1 characteristics: General results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)
Chapter Google Scholar
Cohen, B.: AES-hash, International Organization for Standardization (2001)
Google Scholar
Contini, S., Matusiewicz, K., Pieprzyk, J., Steinfeld, R., Jian, G., San, L., Wang, H.: Cryptanalysis of LASH. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 207–223. Springer, Heidelberg (2008)
Chapter Google Scholar
Daemen, J., Rijmen, V.: AES proposal: Rijndael, Tech. report (1999), http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
Daemen, J., Rijmen, V.: The wide trail design strategy. In: IMA Int. Conf., pp. 222–238 (2001)
Google Scholar
Cryptographic hash project, http://csrc.nist.gov/groups/ST/hash/index.html
FIPS 180-2. secure hash standard (2002), http://csrc.nist.gov/publications/
International Organization for Standardization, The Whirlpool hash function. iso/iec 10118-3:2004 (2004)
Google Scholar
Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The grindahl hash functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007)
Chapter Google Scholar
Manuel, S., Peyrin, T.: Collisions on SHA-0 in one hour. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 16–35. Springer, Heidelberg (2008)
Chapter Google Scholar
Matusiewicz, K., Peyrin, T., Billet, O., Contini, S., Pieprzyk, J.: Cryptanalysis of FORK-256. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 19–38. Springer, Heidelberg (2007)
Chapter Google Scholar
Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551–567. Springer, Heidelberg (2007)
Chapter Google Scholar
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)
Chapter Google Scholar
Rivest, R.L.: The MD5 message-digest algorithm, request for comments (RFC 1320), Internet Activities Board, Internet Privacy Task Force (1992)
Google Scholar
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Chapter Google Scholar
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

University of Luxembourg, Luxembourg
Dmitry Khovratovich, Alex Biryukov & Ivica Nikolic

Authors

Dmitry Khovratovich
View author publications
You can also search for this author in PubMed Google Scholar
Alex Biryukov
View author publications
You can also search for this author in PubMed Google Scholar
Ivica Nikolic
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Theoretical Computer Science, TU Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany
Marc Fischlin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Khovratovich, D., Biryukov, A., Nikolic, I. (2009). Speeding up Collision Search for Byte-Oriented Hash Functions. In: Fischlin, M. (eds) Topics in Cryptology – CT-RSA 2009. CT-RSA 2009. Lecture Notes in Computer Science, vol 5473. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00862-7_11

Download citation

DOI: https://doi.org/10.1007/978-3-642-00862-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00861-0
Online ISBN: 978-3-642-00862-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics