Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n

  • Conference paper
Information Security (ISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

Abstract

The recently started SHA-3 competition in order to find a new secure hash standard and thus a replacement for SHA-1/SHA-2 has attracted a lot of interest in the academic world as well as in industry. There are 51 round one candidates building on sometimes very different principles.

In this paper, we show how to attack two of the 51 round one hash functions. The attacks have in common that they exploit structural weaknesses in the design of the hash function and are independent of the underlying compression function. First, we present a preimage attack on the hash function Blender-n. It has a complexity of about n·2n/2 and negligible memory requirements. Secondly, we show practical collision and preimage attacks on DCH-n. To be more precise, we can trivially construct a (28 + 2)-block collision for DCH-n and a 1297-block preimage with only 521 compression function evaluations. The attacks on both hash functions work for all output sizes and render the hash functions broken.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. National Institute of Standards and Technology: FIPS 180-3, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-3. Federal Information Processing Standard (October 2008), http://csrc.nist.gov/publications/PubsFIPS.html

  4. National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register Notice (November 2007), http://csrc.nist.gov

  5. Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  6. Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  7. Bertoni, G., Daemen, J., Assche, G.V., Peeters, M.: Sponge Functions. In: ECRYPT Hash Workshop 2007, Barcelona, May 24-25 (2007)

    Google Scholar 

  8. Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007), http://eprint.iacr.org

  9. Lucks, S.: A Failure-Friendly Design Principle for Hash Functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Bradbury, C.: BLENDER: A Proposed New Family of Cryptographic Hash Algorithms. Submission to NIST (2008), http://ehash.iaik.tugraz.at/uploads/5/5e/Blender.pdf

  11. Wilson, D.A.: The DCH Hash Function. Submission to NIST (2008), http://web.mit.edu/dwilson/www/hash/dch/Supporting_Documentation/dch.pdf

  12. Newbold, C.: Observations and Attacks on the SHA-3 Candidate Blender (2008), http://ehash.iaik.tugraz.at/uploads/2/20/Observations_on_Blender.pdf

  13. Klima, V.: A near-collision attack on Blender-256 (2008), http://cryptography.hyperlink.cz/BMW/near_collision_blender.pdf

  14. Klima, V.: Huge Multicollisions and Multipreimages of Hash Functions BLENDER-n. Cryptology ePrint Archive, Report 2009/006 (2009), http://eprint.iacr.org/

  15. Liangyu, X., Ji, L.: Semi-free start collision attack on Blender. Cryptology ePrint Archive, Report 2008/532 (2008), http://eprint.iacr.org/

  16. Ferguson, N., Lucks, S.: Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform. Cryptology ePrint Archive, Report 2009/113 (2009), http://eprint.iacr.org/

  17. Sasaki, Y.: A 2nd-Preimage Attack on AURORA-512. Cryptology ePrint Archive, Report 2009/112 (2009), http://eprint.iacr.org/

  18. Sasaki, Y.: A Collision Attack on AURORA-512. Cryptology ePrint Archive, Report 2009/106 (2009), http://eprint.iacr.org/

  19. Mendel, F., Pramstaller, N., Rechberger, C., Kontak, M., Szmidt, J.: Cryptanalysis of the GOST Hash Function. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 162–178. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Gauravaram, P., Kelsey, J.: Linear-XOR and Additive Checksums Don’t Protect Damgård-Merkle Hashes from Generic Attacks. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 36–51. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Quisquater, J.J., Delescaille, J.P.: How Easy is Collision Search. New Results and Applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)

    Google Scholar 

  23. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  24. Khovratovich, D., Nikolic, I.: Cryptanalysis of DCH-n (2008), http://lj.streamclub.ru/papers/hash/dch.pdf

  25. Lamberger, M., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of the Hash Function Design Strategy Called SMASH. IEEE Transactions on Information Theory 54(8), 3647–3655 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  26. Andreeva, E., Bouillaguet, C., Fouque, P.A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270–288. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Lidl, R., Niederreiter, H.: Finite fields, 2nd edn. Encyclopedia of Mathematics and its Applications, vol. 20. Cambridge University Press, Cambridge (1997); With a foreword by P. M. Cohn

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria

    Mario Lamberger & Florian Mendel

Authors
  1. Mario Lamberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Mendel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lamberger, M., Mendel, F. (2009). Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n . In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation