Skip to main content
SpringerLink
Log in

Length Extension Attack on Narrow-Pipe SHA-3 Candidates

  • Conference paper
ICT Innovations 2010 (ICT Innovations 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 83))

Included in the following conference series:

Abstract

In this paper we show that narrow-pipe SHA-3 candidates BLAKE-32, BLAKE-64, Hamsi, SHAvite-3-256, SHAvite-3-512, Skein-256-256 and Skein-512-512 do not provide n bits of security where n is the hash output size. The actual security against length extension attack that these functions provide is n − k bits of security, where k is an arbitrary value chosen by the attacker who wants to perform one-time pre-computation of 2k + 1 compression functions. The attack can be in two variants: 1. The attacker is not collecting the hash values given by the user or 2. The attacker is collecting the hash values given by the user. In any case, the attacker does not know the content of the hashed messages. The optimal value for this attack from the perspective of minimizing the number calls to the compression function and increasing the probability of the successful attack is achieved when k has a value \(k=\frac{n}{2}\), thus reducing the security against the length-extension attack from n to \(\frac{n}{2}\) bits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. FIPS 180-1: Secure Hash Standard, Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce/NIST, National Technical Information Service, Springfield, Virginia (April 1995)

    Google Scholar 

  2. FIPS 180-2: Secure Hash Standard, Federal Information Processing Standards Publication 180-2, U.S. Department of Commerce/NIST, National Technical Information Service, Springfield, Virginia (August 2002)

    Google Scholar 

  3. Wang, X., Yin, Y.L., Yu, H.: Collision Search Attacks on SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register 27(212), 62212–62220 (November 2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf (2009/04/10)

  5. NIST: SHA-3 First Round Candidates, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html

  6. NIST: SHA-3 Second Round Candidates, http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html

  7. Merkle, R.C.: Secrecy, authentication, and public key systems, Ph.D. thesis, Stanford University, pp. 12–13 (1979), http://www.merkle.com/papers/Thesis1979.pdf (2010/08/08)

  8. Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/BLAKE_Round2.zip (2010/05/03)

  9. Kücük, Ö.: The Hash Function Hamsi, Submission to NIST (Round 2), ailable http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Hamsi_Round2.zip (2010/05/03)

  10. Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/SHAvite-3_Round2.zip (2010/05/03)

  11. Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family, Submission to NIST (Round 2), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Skein_Round2.zip (2010/05/03)

  12. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: CCS 1993: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, Norwegian University of Science and Technology, O.S.Bragstads plass 2B, N-7491, Trondheim, Norway

    Danilo Gligoroski

Authors
  1. Danilo Gligoroski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Natural Sciences and Mathematics, Institute of Informatics, University Sts. Cyril and Methodius, Arhimedova 5, 1000, Skopje, Macedonia

    Marjan Gusev

  2. Faculty of Technical Sciences, University of St. Kliment Ohridski, Ivo Lola Ribar bb, 7000, Bitola, Macedonia

    Pece Mitrevski

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gligoroski, D. (2011). Length Extension Attack on Narrow-Pipe SHA-3 Candidates. In: Gusev, M., Mitrevski, P. (eds) ICT Innovations 2010. ICT Innovations 2010. Communications in Computer and Information Science, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19325-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19325-5_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19324-8

  • Online ISBN: 978-3-642-19325-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation