TY - GEN
T1 - Advanced meet-in-the-middle preimage attacks
T2 - 16th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2010
AU - Guo, Jian
AU - Ling, San
AU - Rechberger, Christian
AU - Wang, Huaxiong
PY - 2010
Y1 - 2010
N2 - We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2188.8 for finding preimages, and 2188.2 for second-preimages. Both have memory requirement of order 28, which is much less than in any other recent preimage attacks on reduced Tiger. Using pre-computation techniques, the time complexity for finding a new preimage or second-preimage for MD4 can now be as low as 278.4 and 2 69.4 MD4 computations, respectively. The second-preimage attack works for all messages longer than 2 blocks. To obtain these results, we extend the meet-in-the-middle framework recently developed by Aoki and Sasaki in a series of papers. In addition to various algorithm-specific techniques, we use a number of conceptually new ideas that are applicable to a larger class of constructions. Among them are (1) incorporating multi-target scenarios into the MITM framework, leading to faster preimages from pseudo-preimages, (2) a simple precomputation technique that allows for finding new preimages at the cost of a single pseudo-preimage, and (3) probabilistic initial structures, to reduce the attack time complexity. All the techniques developed await application to other hash functions. To illustrate this, we give as another example improved preimage attacks on SHA-2 members.
AB - We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2188.8 for finding preimages, and 2188.2 for second-preimages. Both have memory requirement of order 28, which is much less than in any other recent preimage attacks on reduced Tiger. Using pre-computation techniques, the time complexity for finding a new preimage or second-preimage for MD4 can now be as low as 278.4 and 2 69.4 MD4 computations, respectively. The second-preimage attack works for all messages longer than 2 blocks. To obtain these results, we extend the meet-in-the-middle framework recently developed by Aoki and Sasaki in a series of papers. In addition to various algorithm-specific techniques, we use a number of conceptually new ideas that are applicable to a larger class of constructions. Among them are (1) incorporating multi-target scenarios into the MITM framework, leading to faster preimages from pseudo-preimages, (2) a simple precomputation technique that allows for finding new preimages at the cost of a single pseudo-preimage, and (3) probabilistic initial structures, to reduce the attack time complexity. All the techniques developed await application to other hash functions. To illustrate this, we give as another example improved preimage attacks on SHA-2 members.
KW - Cryptanalysis
KW - Hash function
KW - MD4
KW - Preimage
KW - SHA-2
KW - Tiger
UR - http://www.scopus.com/inward/record.url?scp=78650822495&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-17373-8_4
DO - 10.1007/978-3-642-17373-8_4
M3 - Conference proceeding contribution
AN - SCOPUS:78650822495
SN - 3642173721
SN - 9783642173721
T3 - Lecture Notes in Computer Science
SP - 56
EP - 75
BT - Advances in Cryptology - ASIACRYPT 2010
A2 - Abe, Masayuki
PB - Springer, Springer Nature
CY - Berlin; Heidelberg
Y2 - 5 December 2010 through 9 December 2010
ER -