Speeding up Collision Search for Byte-Oriented Hash Functions
- 944 Downloads
We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases — all) trail conditions are always satisfied thus significantly reducing the number of trials and the overall complexity.
The method is illustrated with the collision and second preimage attacks on the compression functions based on Rijndael. We show that slow diffusion in the Rijndael (and AES) key schedule allows to run an attack on a version with a 13-round compression function, and the S-boxes do not prevent the attack. We finally propose how to modify the key schedule to resist the attack and provide lower bounds on the complexity of the generic differential attacks for our modification.
KeywordsHash Function Free Variable Block Cipher Compression Function Round Function
Unable to display preview. Download preview PDF.
- 2.Bentahar, K., Page, D., Saarinen, M.-J.O., Silverman, J.H., Smart, N.: LASH, Tech. report, NIST Cryptographic Hash Workshop (2006)Google Scholar
- 3.Bertoni, G., Daemen, J., Peeters, M., van Assche, G.: Radiogatun, a belt-and-mill hash function (2006), http://radiogatun.noekeon.org/
- 5.Cohen, B.: AES-hash, International Organization for Standardization (2001)Google Scholar
- 7.Daemen, J., Rijmen, V.: AES proposal: Rijndael, Tech. report (1999), http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
- 8.Daemen, J., Rijmen, V.: The wide trail design strategy. In: IMA Int. Conf., pp. 222–238 (2001)Google Scholar
- 9.Cryptographic hash project, http://csrc.nist.gov/groups/ST/hash/index.html
- 10.FIPS 180-2. secure hash standard (2002), http://csrc.nist.gov/publications/
- 11.International Organization for Standardization, The Whirlpool hash function. iso/iec 10118-3:2004 (2004)Google Scholar
- 17.Rivest, R.L.: The MD5 message-digest algorithm, request for comments (RFC 1320), Internet Activities Board, Internet Privacy Task Force (1992)Google Scholar