Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6733 LNCS, Issue , 2011, Pages 378-396

  Sasaki, Yu ^a  

^a NTT CORPORATION   (Japan)

Author keywords

AES; Davies Meyer; hash function; Matyas Meyer Oseas; meet in the middle; Miyaguchi Preneel; PGV; preimage; Whirlpool

Indexed keywords

AES; DAVIES-MEYER; MATYAS-MEYER-OSEAS; MEET-IN-THE-MIDDLE; MIYAGUCHI-PRENEEL; PGV; PREIMAGES; WHIRLPOOL; PRE IMAGES;

HASH FUNCTIONS;

SECURITY OF DATA; CRYPTOGRAPHY;

EID: 79959972948     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-21702-9_22     Document Type: Conference Paper

References (36)

1. Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578-597. Springer, Heidelberg (2009)
2. Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70-89. Springer, Heidelberg (2009)
3. Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103-119. Springer, Heidelberg (2009)
4. Aumasson, J.-P., Meier, W., Mendel, F.: Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 120-135. Springer, Heidelberg (2009)
5. Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 299-319. Springer, Heidelberg (2010)
6. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1-18. Springer, Heidelberg (2009)
7. Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231-249. Springer, Heidelberg (2009)
8. Biryukov, A., Nikolić, I.: A new security analysis of AES-128. In: Rump Session of CRYPTO 2009 (2009), http://rump2009.cr.yp.to/
9. Biryukov, A., Nikolić, I.: Automatic search for related-key differential characteristics in byte-oriented block ciphers: Application to AES, camellia, khazad and others. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 322-344. Springer, Heidelberg (2010)
10. Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash functions and RFID tags: Mind the gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283-299. Springer, Heidelberg (2008)
11. De Cannière, C., Rechberger, C.: Preimages for reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179-202. Springer, Heidelberg (2008)
12. Daemen, J., Rijmen, V.: The design of Rijndeal: AES - the Advanced Encryption Standard (AES). Springer, Heidelberg (2002)
13. Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116-126. Springer, Heidelberg (2008)
14. Dunkelman, O., Keller, N.: The effects of the omission of last round's MixColumns on AES. Cryptology ePrint Archive, Report 2010/041 (2010), http://eprint.iacr.org/2010/041
15. Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158-176. Springer, Heidelberg (2010)
16. Gilbert, H., Minier, M.: A collision attack on 7 rounds Rijndael. In: Third AES Candidate Conference (AES3), pp. 230-241. Springer, Heidelberg (2000)
17. Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: Improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365-383. Springer, Heidelberg (2010)
18. Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: First results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56-75. Springer, Heidelberg (2010)
19. Indesteege, S., Preneel, B.: Preimages for reduced-round tiger. In: Lucks, S., Sadeghi, A.-R., Wolf, C. (eds.) WEWoRC 2007. LNCS, vol. 4945, pp. 90-99. Springer, Heidelberg (2008)
20. n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474-490. Springer, Heidelberg (2005)
21. Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315-324. Springer, Heidelberg (2007)
22. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer,M.: Rebound distinguishers: Results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126-143. Springer, Heidelberg (2009)
23. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: The rebound attack and subspace distinguishers: Application to Whirlpool. Cryptology ePrint Archive, Report 2010/198 (2010), http://eprint.iacr.org/2010/ 198
24. Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412-428. Springer, Heidelberg (2008)
25. Lu, J., Dunkelman, O., Keller, N., Kim, J.-S.: New impossible differential attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 279-293. Springer, Heidelberg (2008)
26. Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved cryptanalysis of the reduced grøstl compression function, ECHO permutation and AES block cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16-35. Springer, Heidelberg (2009)
27. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: Cryptanalysis of reduced whirlpool and grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260-276. Springer, Heidelberg (2009)
28. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
29. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368-378. Springer, Heidelberg (1994)
30. Rijmen, V., Barreto, P.S.L.M.: The WHIRLPOOL hashing function. Submitted to NISSIE (September 2000)
31. Sasaki, Y., Aoki, K.: Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253-271. Springer, Heidelberg (2008)
32. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134-152. Springer, Heidelberg (2009)
33. Stam, M.: Blockcipher-based hashing revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67-83. Springer, Heidelberg (2009)
34. U.S. Department of Commerce, National Institute of Standards and Technology. Specification for the ADVANCED ENCRYPTION STANDARD (AES) (Federal Information Processing Standards Publication 197) (2001), http://csrc.nist.gov/ encryption/aes/index.html#fips
35. U.S. Department of Commerce, National Institute of Standards and Technology. Federal Register /Vol. 72, No. 212/Friday, November 2, 2007/Notices (2007), http://csrc.nist.gov/groups/ST/hash/documents/FR-Notice-Nov07.pdf
36. Wei, Y., Lu, J., Hu, Y.: Meet-in-the-middle attack on 8 rounds of AES block cipher under 192 key bits. Cryptology ePrint Archive, Report 2010/537 (2010), http://eprint.iacr.org/2010/537 (appeared in the accepted papers list of ISPEC 2011)