Chosen-prefix collisions on AES-like hashing
Chosen-prefix collision (CPC) attack was first presented by Stevens, Lenstra and de Weger on MD5 at Eurocrypt 2007. A CPC attack finds a collision for any two chosen prefixes, which is a stronger variant of collision attack. CPCs are naturally harder to construct but have larger practical impact tha...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/182550 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-182550 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1825502025-02-10T15:36:11Z Chosen-prefix collisions on AES-like hashing Chen, Shiyao Dong, Xiaoyang Guo, Jian Zhang, Tianyu School of Physical and Mathematical Sciences Digital Trust Centre Computer and Information Science Chosen-prefix collision Related-key rebound attack Chosen-prefix collision (CPC) attack was first presented by Stevens, Lenstra and de Weger on MD5 at Eurocrypt 2007. A CPC attack finds a collision for any two chosen prefixes, which is a stronger variant of collision attack. CPCs are naturally harder to construct but have larger practical impact than (identical-prefix) collisions, as seen from the series of previous works on MD5 by Stevens et al. and SHA-1 by Leurent and Peyrin. Despite its significance, the resistance of CPC attacks has not been studied on AES-like hashing. In this work, we explore CPC attacks on AES-like hashing following the framework practiced on MD5 and SHA-1. Instead of the message modification technique developed for MD-SHA family, we opt for related-key rebound attack to construct collisions for AES-like hashing in view of its effectiveness. We also note that the CPC attack framework can be exploited to convert a specific class of one-block free-start collisions into two-block collisions, which sheds light on the importance of free-start collisions. As a result, we present the first CPC attacks on reduced Whirlpool, Saturnin-hash and AES-MMO/MP in classic and quantum settings, and extend the collision attack on Saturnin-hash from 5 to 6 rounds in the classic setting. As an independent contribution, we improve the memoryless algorithm of solving 3-round inbound phase by Hosoyamada and Sasaki at Eurocrpyt 2020, which leads to improved quantum attacks on Whirlpool. Notably, we find the first 6-round memoryless quantum collision attack on Whirlpool better than generic CNS collision finding algorithm when exponential-size qRAM is not available but exponential-size classic memory is available. Info-communications Media Development Authority (IMDA) Ministry of Education (MOE) National Research Foundation (NRF) Published version his research is supported by the National Research Foundation, Singaporeand Infocomm Media Development Authority under its Trust Tech Funding Initiative, theNatural Science Foundation of China (62272257) and the Ministry of Education in Singaporeunder Grant RG93/23. 2025-02-10T05:37:37Z 2025-02-10T05:37:37Z 2024 Journal Article Chen, S., Dong, X., Guo, J. & Zhang, T. (2024). Chosen-prefix collisions on AES-like hashing. IACR Transactions On Symmetric Cryptology, 2024(4), 64-96. https://dx.doi.org/10.46586/tosc.v2024.i4.64-96 2519-173X https://hdl.handle.net/10356/182550 10.46586/tosc.v2024.i4.64-96 4 2024 64 96 en RG93/23 IACR Transactions on Symmetric Cryptology © 2024 Shiyao Chen, Xiaoyang Dong, Jian Guo, Tianyu Zhang. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science Chosen-prefix collision Related-key rebound attack |
| spellingShingle |
Computer and Information Science Chosen-prefix collision Related-key rebound attack Chen, Shiyao Dong, Xiaoyang Guo, Jian Zhang, Tianyu Chosen-prefix collisions on AES-like hashing |
| description |
Chosen-prefix collision (CPC) attack was first presented by Stevens, Lenstra and de Weger on MD5 at Eurocrypt 2007. A CPC attack finds a collision for any two chosen prefixes, which is a stronger variant of collision attack. CPCs are naturally harder to construct but have larger practical impact than (identical-prefix) collisions, as seen from the series of previous works on MD5 by Stevens et al. and SHA-1 by Leurent and Peyrin. Despite its significance, the resistance of CPC attacks has not been studied on AES-like hashing.
In this work, we explore CPC attacks on AES-like hashing following the framework practiced on MD5 and SHA-1. Instead of the message modification technique developed for MD-SHA family, we opt for related-key rebound attack to construct collisions for AES-like hashing in view of its effectiveness. We also note that the CPC attack framework can be exploited to convert a specific class of one-block free-start collisions into two-block collisions, which sheds light on the importance of free-start collisions. As a result, we present the first CPC attacks on reduced Whirlpool, Saturnin-hash and AES-MMO/MP in classic and quantum settings, and extend the collision attack on Saturnin-hash from 5 to 6 rounds in the classic setting. As an independent contribution, we improve the memoryless algorithm of solving 3-round inbound phase by Hosoyamada and Sasaki at Eurocrpyt 2020, which leads to improved quantum attacks on Whirlpool. Notably, we find the first 6-round memoryless quantum collision attack on Whirlpool better than generic CNS collision finding algorithm when exponential-size qRAM is not available but exponential-size classic memory is available. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Chen, Shiyao Dong, Xiaoyang Guo, Jian Zhang, Tianyu |
| format |
Article |
| author |
Chen, Shiyao Dong, Xiaoyang Guo, Jian Zhang, Tianyu |
| author_sort |
Chen, Shiyao |
| title |
Chosen-prefix collisions on AES-like hashing |
| title_short |
Chosen-prefix collisions on AES-like hashing |
| title_full |
Chosen-prefix collisions on AES-like hashing |
| title_fullStr |
Chosen-prefix collisions on AES-like hashing |
| title_full_unstemmed |
Chosen-prefix collisions on AES-like hashing |
| title_sort |
chosen-prefix collisions on aes-like hashing |
| publishDate |
2025 |
| url |
https://hdl.handle.net/10356/182550 |
| _version_ |
1823807397392547840 |