Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing
The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the preimage resistance of many hash functions, including but not limited to the full MD5, HAVAL, and Tiger, and reduced SHA-0/1/2. It was also shown to be a threat to hash functions built on block ciphers like AES by Sasa...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/155545 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-155545 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1555452023-02-28T19:17:14Z Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing Bao, Zhenzhen Dong, Xiaoyang Guo, Jian Li, Zheng Shi, Danping Sun, Siwei Wang, Xiaoyun School of Physical and Mathematical Sciences Advances in Cryptology – EUROCRYPT 2021 Science::Mathematics::Discrete mathematics::Cryptography AES Meet-in-the-Middle The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the preimage resistance of many hash functions, including but not limited to the full MD5, HAVAL, and Tiger, and reduced SHA-0/1/2. It was also shown to be a threat to hash functions built on block ciphers like AES by Sasaki in 2011. Recently, such attacks on AES hashing modes evolved from merely using the freedom of choosing the internal state to also exploiting the freedom of choosing the message state. However, detecting such attacks especially those evolved variants is difficult. In previous works, the search space of the configurations of such attacks is limited, such that manual analysis is practical, which results in sub-optimal solutions. In this paper, we remove artificial limitations in previous works, formulate the essential ideas of the construction of the attack in well-defined ways, and translate the problem of searching for the best attacks into optimization problems under constraints in Mixed-Integer-Linear-Programming (MILP) models. The MILP models capture a large solution space of valid attacks; and the objectives of the MILP models are attack configurations with the minimized computational complexity. With such MILP models and using the off-the-shelf solver, it is efficient to search for the best attacks exhaustively. As a result, we obtain the first attacks against the full (5-round) and an extended (5.5-round) version of Haraka-512 v2, and 8-round AES-128 hashing modes, as well as improved attacks covering more rounds of Haraka-256 v2 and other members of AES and Rijndael hashing modes. Ministry of Education (MOE) Nanyang Technological University Accepted version This research is partially supported by the National Natural Science Foundation of China (Grant No. 61802400, 62032014, 61772519, 61961146004), the National Key Research and Development Program of China (Grant No. 2018YFA0704701, 2018YFA0704704), the Chinese Major Program of National Cryptography Development Foundation (No. MMJJ20180101, MMJJ20180102), the Major Program of Guangdong Basic and Applied Research (Grant No. 2019B030302008); Nanyang Technological University in Singapore under Grant 04INS000397C230, Singapore’s Ministry of Education under Grants RG18/19, RG91/20, and MOE2019-T2-1-060; the Gopalakrishnan – NTU Presidential Postdoctoral Fellowship 2020. 2022-03-04T05:29:54Z 2022-03-04T05:29:54Z 2021 Conference Paper Bao, Z., Dong, X., Guo, J., Li, Z., Shi, D., Sun, S. & Wang, X. (2021). Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing. Advances in Cryptology – EUROCRYPT 2021, LNCS 12696, 771-804. https://dx.doi.org/10.1007/978-3-030-77870-5_27 9783030778699 https://hdl.handle.net/10356/155545 10.1007/978-3-030-77870-5_27 2-s2.0-85111365237 LNCS 12696 771 804 en 020509-00001 04INS000397C230 RG18/19 RG91/20 MOE2019-T2-1-060 © 2021 International Association for Cryptologic Research. All rights reserved. This paper was published by Springer in Proceedings of Advances in Cryptology – EUROCRYPT 2021 and is made available with permission of International Association for Cryptologic Research. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics::Discrete mathematics::Cryptography AES Meet-in-the-Middle |
| spellingShingle |
Science::Mathematics::Discrete mathematics::Cryptography AES Meet-in-the-Middle Bao, Zhenzhen Dong, Xiaoyang Guo, Jian Li, Zheng Shi, Danping Sun, Siwei Wang, Xiaoyun Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| description |
The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the preimage resistance of many hash functions, including but not limited to the full MD5, HAVAL, and Tiger, and reduced SHA-0/1/2. It was also shown to be a threat to hash functions built on block ciphers like AES by Sasaki in 2011. Recently, such attacks on AES hashing modes evolved from merely using the freedom of choosing the internal state to also exploiting the freedom of choosing the message state. However, detecting such attacks especially those evolved variants is difficult. In previous works, the search space of the configurations of such attacks is limited, such that manual analysis is practical, which results in sub-optimal solutions. In this paper, we remove artificial limitations in previous works, formulate the essential ideas of the construction of the attack in well-defined ways, and translate the problem of searching for the best attacks into optimization problems under constraints in Mixed-Integer-Linear-Programming (MILP) models. The MILP models capture a large solution space of valid attacks; and the objectives of the MILP models are attack configurations with the minimized computational complexity. With such MILP models and using the off-the-shelf solver, it is efficient to search for the best attacks exhaustively. As a result, we obtain the first attacks against the full (5-round) and an extended (5.5-round) version of Haraka-512 v2, and 8-round AES-128 hashing modes, as well as improved attacks covering more rounds of Haraka-256 v2 and other members of AES and Rijndael hashing modes. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Bao, Zhenzhen Dong, Xiaoyang Guo, Jian Li, Zheng Shi, Danping Sun, Siwei Wang, Xiaoyun |
| format |
Conference or Workshop Item |
| author |
Bao, Zhenzhen Dong, Xiaoyang Guo, Jian Li, Zheng Shi, Danping Sun, Siwei Wang, Xiaoyun |
| author_sort |
Bao, Zhenzhen |
| title |
Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| title_short |
Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| title_full |
Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| title_fullStr |
Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| title_full_unstemmed |
Automatic search of Meet-in-the-Middle preimage attacks on AES-like hashing |
| title_sort |
automatic search of meet-in-the-middle preimage attacks on aes-like hashing |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/155545 |
| _version_ |
1759853823909691392 |