Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Preimage Analysis of the Maelstrom-0 Hash Function

  • Conference paper
  • First Online:
Security, Privacy, and Applied Cryptography Engineering (SPACE 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9354))

Abstract

Maelstrom-0 is the second member of a family of AES-based hash functions whose designs are pioneered by Paulo Baretto and Vincent Rijmen. According to its designers, the function is designed to be an evolutionary lightweight alternative to the ISO standard Whirlpool. In this paper, we study the preimage resistance of the Maelstrom-0 hash function using its proposed 3CM chaining construction. More precisely, we apply a meet-in-the-middle preimage attack on the compression function and combine it with a guess and determine approach which allows us to obtain a 6-round pseudo preimage for a given compression function output with time complexity of 2496 and memory complexity of 2112. Then, we propose a four stage attack in which we adopt another meet-in-the-middle attack and a 2-block multicollision approach to defeat the two additional checksum chains and turn the pseudo preimage attack on the compression function into a preimage attack on the hash function. Using our approach, preimages of the 6-round reduced Maelstrom-0 hash function are generated with time complexity of 2505 and memory complexity of 2112.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 109–125. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  2. AlTawy, R., Youssef, A.M.: Second preimage analysis of whirlwind. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 311–328. Springer, Heidelberg (2015)

    Google Scholar 

  3. Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Barreto, P., Nikov, V., Nikova, S., Rijmen, V., Tischhauser, E.: Whirlwind: a new cryptographic hash function. Designs, Codes and Cryptography 56(2-3), 141–162 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  7. Daemen, J., Rijmen, V.: The Design of Rijndael: AES- The Advanced Encryption Standard. Springer (2002)

    Google Scholar 

  8. Filho, D., Barreto, P., Rijmen, V.: The Maelstrom-0 hash function. In: VI Brazilian Symposium on Information and Computer Systems Security (2006)

    Google Scholar 

  9. Gauravaram, P., Kelsey, J.: Cryptanalysis of a class of cryptographic hash functions. Cryptology ePrint Archive, Report 2007/277 (2007), http://eprint.iacr.org/

  10. Gauravaram, P., Kelsey, J.: Linear-XOR and additive checksums dont protect DamgĂ¥rd-Merkle hashes from generic attacks. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 36–51. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Gauravaram, P., Kelsey, J., Knudsen, L.R., Thomsen, S.: On hash functions using checksums. International Journal of Information Security 9(2), 137–151 (2010)

    Article  Google Scholar 

  12. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. NIST submission (2008)

    Google Scholar 

  13. Gauravaram, P., Millan, W.L., Dawson, E., Viswanathan, K.: Constructing secure hash functions by enhancing Merkle-DamgĂ¥rd construction. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 407–420. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: First results on full Tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56–75. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Hong, D., Koo, B., Sasaki, Y.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332–348. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. Indesteege, S.: The Lane hash function. Submission to NIST (2008), http://www.cosic.esat.kuleuven.be/publications/article-1181.pdf

  17. Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Kölbl, S., Mendel, F.: Practical attacks on the Maelstrom-0 compression function. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 449–461. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  19. Ma, B., Li, B., Hao, R., Li, X.: Improved cryptanalysis on reduced-round GOST and Whirlpool hash function. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 289–307. Springer, Heidelberg (2014)

    Google Scholar 

  20. Matyukhin, D., Rudskoy, V., Shishkin, V.: A perspective hashing algorithm. In: RusCrypto (2010) (in Russian)

    Google Scholar 

  21. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: Cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. NIST: Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. In: Federal Register, vol. 72(212), November 2007, http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf

  23. Rijmen, V., Barreto, P.S.L.M.: The Whirlpool hashing function. NISSIE submission (2000)

    Google Scholar 

  24. Sasaki, Y.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to Whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378–396. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  25. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  26. Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on Whirlpool: Improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  27. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  28. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  29. Wu, H.: The hash function JH (2011), http://www3.ntu.edu.sg/home/wuhj/research/jh/jh-round3.pdf

  30. Wu, S., Feng, D., Wu, W., Guo, J., Dong, L., Zou, J.: (Pseudo) preimage attack on round-reduced Grøstl hash function and others. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 127–145. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada

    Riham AlTawy & Amr M. Youssef

Authors
  1. Riham AlTawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amr M. Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Inst of Tech Kharagpur, Kharagpur, West Bengal, India

    Rajat Subhra Chakraborty

  2. Digital Security Group, Radboud University Nijmegen, Nijmegen, Gelderland, The Netherlands

    Peter Schwabe

  3. Dept. of Computer Science, University of Illinois at Chicago, Chicago, Illinois, USA

    Jon Solworth

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

AlTawy, R., Youssef, A.M. (2015). Preimage Analysis of the Maelstrom-0 Hash Function. In: Chakraborty, R., Schwabe, P., Solworth, J. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2015. Lecture Notes in Computer Science(), vol 9354. Springer, Cham. https://doi.org/10.1007/978-3-319-24126-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24126-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24125-8

  • Online ISBN: 978-3-319-24126-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation