Improved Meet-in-the-Middle Cryptanalysis on Kupyna
Authors: 
Jinxing Xu, Jian Zou, Qiufu Lan, Jiayin LiAuthors Info & Claims
Jinxing Xu, Jian Zou, Qiufu Lan, Jiayin LiAuthors Info & ClaimsPages 136 - 143
Abstract
Kupyna is an AES-like hash function that has been confirmed as the Ukrainian hash standard DSTU 7564:2014 in 2015. In this paper, we present some preimage attacks and collision attacks on Kupyna. We combine guess-and-determine and MITM methods, using a MILP-based MITM attack tool, to apply them to the Kupyna hash cryptographic algorithm. We improve the preimage attack on 6-round Kupyna-256 (OT), increasing the complexity from the previous best attack complexity of <Formula format="inline"><TexMath><?TeX ${2}^{240}$ ?></TexMath><File name="a00--inline1" type="gif"/></Formula> to <Formula format="inline"><TexMath><?TeX ${2}^{224}$ ?></TexMath><File name="a00--inline2" type="gif"/></Formula>. Additionally, we also propose, for the first time, collision attacks on 6-round Kupyna-256 (OT) and 8-round Kupyna-512 (OT), with complexities of <Formula format="inline"><TexMath><?TeX ${2}^{116}$ ?></TexMath><File name="a00--inline3" type="gif"/></Formula> and <Formula format="inline"><TexMath><?TeX ${2}^{444}$ ?></TexMath><File name="a00--inline4" type="gif"/></Formula> respectively.
References
[1]
Y. Sasaki. Meet-in-the-middle preimage attacks on AES hashing modes and an application to Whirlpool. In A. Joux, editor, FSE 2011, volume 6733 of LNCS, pages 378–396. Springer, Heidelberg, Feb. 2011.
[2]
Z. Bao, L. Ding, J. Guo, H. Wang, and W. Zhang. Improved meet-in-the-middle preimage attacks against AES hashing modes. IACR Trans. Symm. Cryptol., 2019(4):318–347, 2019.
[3]
Z. Bao, X. Dong, J. Guo, Z. Li, D. Shi, S. Sun, and X. Wang. Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. In A. Canteaut and F.X. Standaert, editors, EUROCRYPT 2021, Part I, volume 12696 of LNCS, pages 771–804. Springer, Heidelberg, Oct. 2021.
[4]
X. Dong, J. Hua, S. Sun, Z. Li, X. Wang, and L. Hu. Meet-in-the-middle attacks revisited: Key-recovery, collision, and preimage attacks. In T. Malkin and C. Peikert, editors, CRYPTO 2021, Part III, volume 12827 of LNCS, pages 278–308, Virtual Event, Aug. 2021. Springer, Heidelberg.
[5]
Gorbenko I. Kazymyrov O. Ruzhentsev V. Kuznetsov O. Gorbenko Y. Boiko A. Dyrda O. Dolgov V. Pushkaryov A. Oliynykov, R. A new standard of Ukraine: The kupyna hash function. Cryptology ePrint Archive, Report 2015/885, 2015.
[6]
Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schl¨ affer, and Søren S. Thomsen. Grøstl – a SHA-3 candidate. Submission to NIST (Round 3), 2011.
[7]
Florian Mendel, Christian Rechberger, Martin Schlaffer, and Søren S. Thomsen. The rebound attack: Cryptanalysis of reduced whirlpool and grøstl. In Orr Dunkelman, editor, FSE, volume 5665 of Lecture Notes in Computer Science, pages 260–276. Springer, 2009.
[8]
Florian Mendel, Thomas Peyrin, Christian Rechberger, and Martin Schlaffer. Improved cryptanalysis of the reduced grøstl compression function, echo permutation and aes block cipher. In Michael J. Jacobson Jr., Vincent Rijmen, and Reihaneh Safavi-Naini, editors, Selected Areas in Cryptography, volume 5867 of Lecture Notes in Computer Science, pages 16–35. Springer, 2009.
[9]
Mario Lamberger, Florian Mendel, Christian Rechberger, Vincent Rijmen, and Martin Schlaffer. Rebound distinguishers: Results on the full whirlpool compression function. In Matsui [9], pages 126–143.
[10]
Krystian Matusiewicz, Marıa Naya-Plasencia, Ivica Nikolic, Yu Sasaki, and Martin Schlaffer. Rebound attack on the full lane compression function. In Matsui [9], pages 106–125.
[11]
Florian Mendel, Vincent Rijmen, and Martin Schlaffer. Collision attack on 5 rounds of grøstl. In Fast Software Encryption - 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers, pages 509–521, 2014.
[12]
J. Zou and L. Dong, “Cryptanalysis of the round-reduced kupyna hash function,” in Proceedings of Cryptology ePrint Archive, Report 2015/959, 2015.
[13]
Zou Jian. Cryptanalysis of the Round-Reduced Kupyna. Journal of Information Science and Engineering, 2018, 34 (3), pp.733-738.
[14]
J.-P. Aumasson, W. Meier, and F. Mendel. Preimage attacks on 3-pass HAVAL and step-reduced MD5. In R. M. A vanzi, L. Keliher, and F. Sica, editors, SAC 2008, volume 5381 of LNCS, pages 120–135. Springer, Heidelberg, Aug. 2009.
[15]
G. Leurent. MD4 is not one-way. In K. Nyberg, editor, FSE 2008, volume 5086 of LNCS, pages 412–428. Springer, Heidelberg, Feb. 2008.
[16]
Y. Sasaki and K. Aoki. Preimage attacks on 3, 4, and 5-pass HA V AL. In J. Pieprzyk, editor, ASIACRYPT 2008, volume 5350 of LNCS, pages 253–271. Springer, Heidelberg, Dec. 2008.
[17]
K. Aoki and Y. Sasaki. Preimage attacks on one-block MD4, 63-step MD5 and more. In R. M. A vanzi, L. Keliher, and F. Sica, editors, SAC 2008, volume 5381 of LNCS, pages 103–119. Springer, Heidelberg, Aug. 2009.
[18]
J. Guo, S. Ling, C. Rechberger, and H. Wang. Advanced meet-in-the-middle preimage attacks: First results on full Tiger, and improved results on MD4 and SHA-2. In M. Abe, editor, ASIACRYPT 2010, volume 6477 of LNCS, pages 56–75. Springer, Heidelberg, Dec. 2010.
[19]
Y. Sasaki and K. Aoki. Finding preimages in full MD5 faster than exhaustive search. In A. Joux, editor, EUROCRYPT 2009, volume 5479 of LNCS, pages 134–152. Springer, Heidelberg, Apr. 2009.
[20]
Zhenzhen Bao, Jian Guo, Danping Shi, and Yi Tu. Superposition Meet-in-the-Middle Attacks: Updates on Fundamental Security of AES-like Hashing. In CRYPTO, 2022.
[21]
Zhenzhen Bao, Jian Guo, Danping Shi, and Yi Tu. MITM meets guess-and-determine: Further improved preimage attacks against AES-like hashing. IACR Cryptol. ePrint Arch., page 575, 2021.
[22]
J. Li, T. Isobe, and K. Shibutani. Converting meet-in-the-middle preimage attack into pseudo collision attack: Application to SHA-2. In A. Canteaut, editor, FSE 2012, volume 7549 of LNCS, pages 264–286. Springer, Heidelberg, Mar. 2012.
[23]
Y. Sasaki, L. Wang, S. Wu, and W. Wu. Investigating fundamental security requirements on Whirlpool: Improved preimage and collision attacks. In X. Wang and K. Sako, editors, ASIACRYPT 2012, volume 7658 of LNCS, pages 562–579. Springer, Heidelberg, Dec. 2012.
[24]
Gaetan Leurent and Clara Pernot. New Representations of the AES Key Schedule.Cryptology ePrint Archive, Report 2020/1253, 2020.
[25]
A. Hosoyamada and Y. Sasaki. Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In A. Canteaut and Y. Ishai, editors, EUROCRYPT 2020, Part II, volume 12106 of LNCS, pages 249–279. Springer, Heidelberg, May 2020.
[26]
Xiaoyang Dong, Siwei Sun, Danping Shi, Fei Gao, Xiaoyun Wang, and Lei Hu. Quantum collision attacks on AES-like hashing with low quantum random access memories. In Shiho Moriai and Huaxiong Wang, editors, ASIACRYPT 2020, Proceedings, Part II, volume 12492, pages 727–757. Springer, 2020.
Index Terms
- Improved Meet-in-the-Middle Cryptanalysis on Kupyna
Recommendations
Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks
Advances in Cryptology – CRYPTO 2021AbstractAt EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based framework for finding exploitable MITM ...
Cryptanalysis of the Round-Reduced GOST Hash Function
Information Security and CryptologyAbstractThe GOST hash function, defined in GOST R 34.11-2012, was selected as the new Russian standard on August 7, 2012. It is designed to replace the old Russian standard GOST R 34.11-94. The GOST hash function is an AES-based primitive and is ...
Higher-Order Differential Meet-in-the-middle Preimage Attacks on SHA-1 and BLAKE
Advances in Cryptology -- CRYPTO 2015AbstractAt CRYPTO 2012, Knellwolf and Khovratovich presented a differential formulation of advanced meet-in-the-middle techniques for preimage attacks on hash functions. They demonstrated the usefulness of their approach by significantly improving the ...
Comments
Information & Contributors
Information
Published In
December 2023
363 pages
ISBN:9798400707964
DOI:10.1145/3638782
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 April 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCNS 2023
ICCNS 2023: 2023 13th International Conference on Communication and Network Security
December 6 - 8, 2023
Fuzhou, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 12Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)5
Reflects downloads up to 24 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format