Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/94168 http://hdl.handle.net/10220/7655 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-94168 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-941682023-02-28T19:38:51Z Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 Guo, Jian Ling, San Rechberger, Christian Wang, Huaxiong School of Physical and Mathematical Sciences DRNTU::Engineering::Computer science and engineering::Computer applications::Physical sciences and engineering We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2188.8 for finding preimages, and 2188.2 for second-preimages. Both have memory requirement of order 28, which is much less than in any other recent preimage attacks on reduced Tiger. Using pre-computation techniques, the time complexity for finding a new preimage or second-preimage for MD4 can now be as low as 278.4 and 269.4 MD4 computations, respectively. The second-preimage attack works for all messages longer than 2 blocks. To obtain these results, we extend the meet-in-the-middle framework recently developed by Aoki and Sasaki in a series of papers. In addition to various algorithm-specific techniques, we use a number of conceptually new ideas that are applicable to a larger class of constructions. Among them are (1) incorporating multi-target scenarios into the MITM framework, leading to faster preimages from pseudo-preimages, (2) a simple precomputation technique that allows for finding new preimages at the cost of a single pseudo-preimage, and (3) probabilistic initial structures, to reduce the attack time complexity. All the techniques developed await application to other hash functions. To illustrate this, we give as another example improved preimage attacks on SHA-2 members. Accepted version 2012-03-22T01:41:03Z 2019-12-06T18:51:56Z 2012-03-22T01:41:03Z 2019-12-06T18:51:56Z 2010 2010 Journal Article Guo, J., Ling, S., Rechberger, C., & Wang, H. (2010). Advanced meet-in-the-middle preimage attacks: first results on full Tiger, and improved results on MD4 and SHA-2. Lecture Notes in Computer Science, 6477, 56-75. https://hdl.handle.net/10356/94168 http://hdl.handle.net/10220/7655 10.1007/978-3-642-17373-8_4 en Lecture notes in computer science © 2010 International Association for Cryptologic Research. This is the author created version of a work that has been peer reviewed and accepted for publication by Lecture Notes in Computer Science, Springer on behalf of International Association for Cryptologic Research. It incorporates referee’s comments but changes resulting from the publishing process, such as copyediting, structural formatting, may not be reflected in this document. The published version is available at: http://dx.doi.org/10.1007/978-3-642-17373-8_4 20 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Computer applications::Physical sciences and engineering |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Computer applications::Physical sciences and engineering Guo, Jian Ling, San Rechberger, Christian Wang, Huaxiong Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| description |
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2188.8 for finding preimages, and 2188.2 for second-preimages. Both have memory requirement of order 28, which is much less than in any other recent preimage attacks on reduced Tiger. Using pre-computation techniques, the time complexity for finding a new preimage or second-preimage for MD4 can now be as low as 278.4 and 269.4 MD4 computations, respectively. The second-preimage attack works for all messages longer than 2 blocks. To obtain these results, we extend the meet-in-the-middle framework recently developed by Aoki and Sasaki in a series of papers. In addition to various algorithm-specific techniques, we use a number of conceptually new ideas that are applicable to a larger class of constructions. Among them are (1) incorporating multi-target scenarios into the MITM framework, leading to faster preimages from pseudo-preimages, (2) a simple precomputation technique that allows for finding new preimages at the cost of a single pseudo-preimage, and (3) probabilistic initial structures, to reduce the attack time complexity. All the techniques developed await application to other hash functions. To illustrate this, we give as another example improved preimage attacks on SHA-2 members. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Guo, Jian Ling, San Rechberger, Christian Wang, Huaxiong |
| format |
Article |
| author |
Guo, Jian Ling, San Rechberger, Christian Wang, Huaxiong |
| author_sort |
Guo, Jian |
| title |
Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| title_short |
Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| title_full |
Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| title_fullStr |
Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| title_full_unstemmed |
Advanced meet-in-the-middle preimage attacks : first results on full Tiger, and improved results on MD4 and SHA-2 |
| title_sort |
advanced meet-in-the-middle preimage attacks : first results on full tiger, and improved results on md4 and sha-2 |
| publishDate |
2012 |
| url |
https://hdl.handle.net/10356/94168 http://hdl.handle.net/10220/7655 |
| _version_ |
1759853587133890560 |