Abstract
In this paper we show that narrow-pipe SHA-3 candidates BLAKE-32, BLAKE-64, Hamsi, SHAvite-3-256, SHAvite-3-512, Skein-256-256 and Skein-512-512 do not provide n bits of security where n is the hash output size. The actual security against length extension attack that these functions provide is n − k bits of security, where k is an arbitrary value chosen by the attacker who wants to perform one-time pre-computation of 2k + 1 compression functions. The attack can be in two variants: 1. The attacker is not collecting the hash values given by the user or 2. The attacker is collecting the hash values given by the user. In any case, the attacker does not know the content of the hashed messages. The optimal value for this attack from the perspective of minimizing the number calls to the compression function and increasing the probability of the successful attack is achieved when k has a value \(k=\frac{n}{2}\), thus reducing the security against the length-extension attack from n to \(\frac{n}{2}\) bits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
FIPS 180-1: Secure Hash Standard, Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce/NIST, National Technical Information Service, Springfield, Virginia (April 1995)
FIPS 180-2: Secure Hash Standard, Federal Information Processing Standards Publication 180-2, U.S. Department of Commerce/NIST, National Technical Information Service, Springfield, Virginia (August 2002)
Wang, X., Yin, Y.L., Yu, H.: Collision Search Attacks on SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (November 2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf (2009/04/10)
NIST: SHA-3 First Round Candidates, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html
NIST: SHA-3 Second Round Candidates, http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html
Merkle, R.C.: Secrecy, authentication, and public key systems, Ph.D. thesis, Stanford University, pp. 12–13 (1979), http://www.merkle.com/papers/Thesis1979.pdf (2010/08/08)
Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/BLAKE_Round2.zip (2010/05/03)
Kücük, Ö.: The Hash Function Hamsi, Submission to NIST (Round 2), ailable http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Hamsi_Round2.zip (2010/05/03)
Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/SHAvite-3_Round2.zip (2010/05/03)
Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Skein_Round2.zip (2010/05/03)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: CCS 1993: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gligoroski, D. (2011). Length Extension Attack on Narrow-Pipe SHA-3 Candidates. In: Gusev, M., Mitrevski, P. (eds) ICT Innovations 2010. ICT Innovations 2010. Communications in Computer and Information Science, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19325-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-19325-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19324-8
Online ISBN: 978-3-642-19325-5
eBook Packages: Computer ScienceComputer Science (R0)