Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Workshop on Fast Software Encryption

FSE 2012: Fast Software Encryption pp 244–263Cite as

  1. Home
  2. Fast Software Encryption
  3. Conference paper
Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family

Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family

  • Dmitry Khovratovich17,
  • Christian Rechberger18 &
  • Alexandra Savelieva19 
  • Conference paper
  • 2550 Accesses

  • 76 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7549)

Abstract

We present a new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions.

The new tool has proved to be widely applicable by inspiring many authors to publish new results of the full versions of AES, KASUMI, IDEA, and Square. In this paper, we show how our concept leads to the first cryptanalysis of the round-reduced Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before.

Keywords

  • SHA-2
  • SHA-256
  • SHA-512
  • Skein
  • SHA-3
  • hash function
  • meet-in-the-middle attack
  • splice-and-cut
  • preimage attack
  • initial structure
  • biclique

This work was supported by the European Commission under contract ICT-2007-216646 (ECRYPT II) and the Federal Target Program “Scientific and scientific-pedagogical personnel of innovative Russia“ in 2009-2013 under contract No. P965 from 27 May, 2010.

Download conference paper PDF

References

  1. Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  2. Aoki, K., Sasaki, Y.: Preimage Attacks on One-Block MD4, 63-Step MD5 and More. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  3. Aoki, K., Sasaki, Y.: Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  4. Aumasson, J.-P., Çalık, Ç., Meier, W., Özen, O., Phan, R.C.-W., Varıcı, K.: Improved Cryptanalysis of Skein. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 542–559. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: RadioGatun, a belt-and-mill hash function. In: NIST Cryptographic Hash Workshop (2006), http://radiogatun.noekeon.org/

  6. Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  7. Biham, E., Dunkelman, O., Keller, N., Shamir, A.: New Data-Efficient Attacks on Reduced-Round IDEA. Cryptology ePrint Archive, Report 2011/417 (2011), http://eprint.iacr.org/

  8. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011), http://eprint.iacr.org/2011/449

    Google Scholar 

  9. De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  10. Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein hash function family, version 1.3 (October 1, 2010)

    Google Scholar 

  11. Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56–75. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  12. Hong, D.: Biclique attack on the full HIGHT. To appear in ICISC 2011 (2011)

    Google Scholar 

  13. Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and Other Non-random Properties for Step-Reduced SHA-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 276–293. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  14. Jia, K., Yu, H., Wang, X.: A meet-in-the-middle attack on the full KASUMI. Cryptology ePrint Archive, Report 2011/466 (2011), http://eprint.iacr.org/

  15. Joux, A., Peyrin, T.: Hash Functions and the (Amplified) Boomerang Attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244–263. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  16. Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  17. Khovratovich, D., Nikolić, I., Rechberger, C.: Rotational Rebound Attacks on Reduced Skein. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 1–19. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  18. Lamberger, M., Mendel, F.: Higher-order differential attack on reduced SHA-256 (2011), http://eprint.iacr.org/2011/037.pdf

  19. Mala, H.: Biclique cryptanalysis of the block cipher SQUARE. Cryptology ePrint Archive, Report 2011/500 (2011), http://eprint.iacr.org/

  20. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  21. Naito, Y., Sasaki, Y., Shimoyama, T., Yajima, J., Kunihiro, N., Ohta, K.: Improved Collision Search for SHA-0. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 21–36. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  22. Neyman, J., Pearson, E.S.: The testing of statistical hypotheses in relation to probabilities a priori. In: Proc. Camb. Phil. Soc. (1933)

    Google Scholar 

  23. NIST. FIPS-180-2: Secure Hash Standard (August 2002), http://www.itl.nist.gov/fipspubs/

  24. Sanadhya, S.K., Sarkar, P.: New Collision Attacks against Up to 24-Step SHA-2. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 91–103. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  25. Sasaki, Y., Aoki, K.: Preimage Attacks on Step-Reduced MD5. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 282–296. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  26. Sasaki, Y., Aoki, K.: Finding Preimages in Full MD5 Faster Than Exhaustive Search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  27. Su, B., Wu, W., Wu, S., Dong, L.: Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE. Cryptology ePrint Archive, Report 2010/355 (2010), http://eprint.iacr.org/

  28. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  29. Yu, H., Chen, J., Jia, K., Wang, X.: Near-Collision Attack on the Step-Reduced Compression Function of Skein-256. Cryptology ePrint Archive, Report 2011/148 (2011), http://eprint.iacr.org/

  30. Chen, S.Z., Xu, T.M.: Biclique Attack of the Full ARIA-256. Cryptology ePrint Archive, Report 2012/011 (2012), http://eprint.iacr.org/

Download references

Author information

Authors and Affiliations

  1. Microsoft Research Redmond, USA

    Dmitry Khovratovich

  2. DTU MAT, Denmark

    Christian Rechberger

  3. National Research University Higher School of Economics, Russia

    Alexandra Savelieva

Authors
  1. Dmitry Khovratovich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Rechberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexandra Savelieva
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INRIA Paris-Rocquencourt, B.P. 105, 78153, Le Chesnay, France

    Anne Canteaut

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Khovratovich, D., Rechberger, C., Savelieva, A. (2012). Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family. In: Canteaut, A. (eds) Fast Software Encryption. FSE 2012. Lecture Notes in Computer Science, vol 7549. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34047-5_15

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-34047-5_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34046-8

  • Online ISBN: 978-3-642-34047-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature