Abstract
The EnRUPT hash functions were proposed by O’Neil, Nohl and Henzen as candidates for the SHA-3 competition, organised by NIST. The proposal contains seven concrete hash functions, each with a different digest length. We present a practical collision attack on each of these seven EnRUPT variants. The time complexity of our attack varies from 236 to 240 round computations, depending on the EnRUPT variant, and the memory requirements are negligible. We demonstrate that our attack is practical by giving an actual collision example for EnRUPT-256.
Article PDF
Similar content being viewed by others
References
A. Canteaut, F. Chabaud, A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans. Inf. Theory 44(1), 367–378 (1998)
F. Chabaud, A. Joux, Differential collisions in SHA-0, in Advances in Cryptology—CRYPTO 1998. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 56–71
S. Indesteege, B. Preneel, Practical collisions for EnRUPT, in Fast Software Encryption—FSE 2009. Lecture Notes in Computer Science, vol. 5665 (Springer, Berlin, 2009), pp. 246–259
D. Khovratovich, I. Nikolic, R.-P. Weinmann, Meet-in-the-middle attacks on SHA-3 candidates, in Fast Software Encryption—FSE 2009. Lecture Notes in Computer Science, vol. 5665 (Springer, Berlin, 2009), pp. 228–245
H. Lipmaa, S. Moriai, Efficient algorithms for computing differential properties of addition, in Fast Software Encryption—FSE 2001. Lecture Notes in Computer Science, vol. 2355 (Springer, Berlin, 2002), pp. 336–350
National Institute, of Standards and Technology, Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register, vol. 72, no. 212, pp. 62212–62220, November 2007
S. O’Neil, K. Nohl, L. Henzen, EnRUPT hash function specification. Submission to the NIST SHA-3 competition, 2008. Available online at http://www.enrupt.com/SHA3/
S. O’Neil, Personal communication, 20 January, 2009
S. O’Neil, EnRUPT. The First SHA-3 Candidate Conference, Leuven, Belgium, February 25–29, 2009. Available online at http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/Feb2009/documents/EnRUPT_2009.pdf
N. Pramstaller, C. Rechberger, V. Rijmen, Exploiting coding theory for collision attacks on SHA-1, in Cryptography and Coding, 10th IMA International Conference. Lecture Notes in Computer Science, vol. 3796 (Springer, Berlin, 2005), pp. 78–95
V. Rijmen, E. Oswald, Update on SHA-1, in Topics in Cryptology—CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376 (Springer, Berlin, 2005), pp. 58–71
A.J. Viterbi, Error bounds for convolutional codes and an asymptotically optimum decoding algorithm. IEEE Trans. Inf. Theory 13(3), 260–269 (1967)
X. Wang, H. Yu, How to break MD5 and other hash functions, in Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 19–35
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Antoine Joux
This paper is an extended version of http://dx.doi.org/10.1007/978-3-642-03317-9_15. This paper was solicited by the Editor-in-Chief as one of the best papers from Fast Sofware Encryption 2009, based on the recommendation of the program committee.
F.W.O. Research Assistant, Fund for Scientific Research—Flanders (Belgium).
Rights and permissions
About this article
Cite this article
Indesteege, S., Preneel, B. Practical Collisions for EnRUPT. J Cryptol 24, 1–23 (2011). https://doi.org/10.1007/s00145-010-9058-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9058-x