Practical Collisions for SHAMATA-256

Indesteege, Sebastiaan; Mendel, Florian; Preneel, Bart; Schläffer, Martin

doi:10.1007/978-3-642-05445-7_1

Cited by 4 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Beyond step 4, if we change the value of W 6 in step 5, we still make the output of step 5 stable by changing the H [4] by a same amount. However this change will be propagated by the right G function in step 1, we can fix this by changing the H [5], H [6] and H [7] by proper values, respectively. This method applies to W 7 in step 5 similarly.…”

Section: Message Adjustmentsmentioning

confidence: 99%

Selected Areas in Cryptography

Jacobson¹,

Rijmen²

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complementation of whole registers turns out to be very useful for constructing high-probability differential characteristics in the function. We use this approach to find near-collisions with Hamming weight 32 for the full compression function as well as collisions for the compression function of ARIRANG reduced to 26 rounds, both with complexity close to 2 0 and memory requirements of only a few words. We use near collisions for the compression function to construct pseudo-collisions for the complete hash functions ARIRANG-224 and ARIRANG-384 with complexity 2 23 and close to 2 0 , respectively. We implemented the attacks and provide examples of appropriate pairs of H, M values. We also provide possible configurations which may give collisions for step-reduced and full ARIRANG.

show abstract

Section: Message Adjustmentsmentioning

confidence: 99%

Selected Areas in Cryptography

Jacobson¹,

Rijmen²

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Google Search (https://www.google.com) still uses MD2 for root certificate. The current best preimage attacks against MD2 are due to Knudsen et al [88] with both time and memory complexity about 2 73 , yet the attacks require more than one message block, which is difficult to be used for forgery. Similar situation happens to the CA certificate using MD5, until the rogue certificate [152] is announced.…”

Section: State Of Artsmentioning

confidence: 99%

Analysis of cryptographic hash functions

Guo¹

View full text Add to dashboard Cite

This thesis concentrates on analysis of cryptographic hash functions, one of the most important primitives used in the modern cryptography. We start with an introduction of the cryptographic hash functions, and a survey on the development of the cryptanalysis tools. To enrich the cryptanalysts' toolbox, we developed several interesting techniques under the framework of differential cryptanalysis, and applied them to LAKE, BLAKE, ARIRANG and BMW to find collisions. We also improved the meet-in-themiddle preimage attacks, one of the most powerful techniques for breaking one-wayness of many functions, and applied these techniques to SHA-2, Tiger, MD4, and HAVAL to find preimages. All these techniques await for further development and applications to other hash functions including the candidates in current SHA-3 competition.

show abstract