scispace - formally typeset
Search or ask a question
Topic

Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: Inspired by the existing work on SIMON, explicit formulas for computing the exact correlation of linear trails of Subterranean 2.0 and other ciphers utilizing similar non-linear operations are proposed.
Abstract: Subterranean 2.0 is a cipher suite that can be used for hashing, authenticated encryption, MAC computation, etc. It was designed by Daemen, Massolino, Mehrdad, and Rotella, and has been selected as a candidate in the second round of NIST’s lightweight cryptography standardization process. Subterranean 2.0 is a duplex-based construction and utilizes a single-round permutation in the duplex. It is the simplicity of the round function that makes it an attractive target of cryptanalysis. In this paper, we examine the single-round permutation in various phases of Subterranean 2.0 and specify three related attack scenarios that deserve further investigation: keystream biases in the keyed squeezing phase, state collisions in the keyed absorbing phase, and one-round differential analysis in the nonce-misuse setting. To facilitate cryptanalysis in the first two scenarios, we novelly propose a set of size-reduced toy versions of Subterranean 2.0: Subterranean-m. Then we make an observation for the first time on the resemblance between the non-linear layer in the round function of Subterranean 2.0 and SIMON’s round function. Inspired by the existing work on SIMON, we propose explicit formulas for computing the exact correlation of linear trails of Subterranean 2.0 and other ciphers utilizing similar non-linear operations. We then construct our models for searching trails to be used in the keystream bias evaluation and state collision attacks. Our results show that most instances of Subterranean-m are secure in the first two attack scenarios but there exist instances that are not. Further, we find a flaw in the designers’ reasoning of Subterranean 2.0’s linear bias but support the designers’ claim that there is no linear bias measurable from at most $$2^{96}$$ data blocks. Due to the time-consuming search, the security of Subterranean 2.0 against the state collision attack in keyed modes still remains an open question. Finally, we observe that one-round differentials allow to recover state bits in the nonce-misuse setting. By proposing nested one-round differentials, we obtain a sufficient number of state bits, leading to a practical state recovery with only 20 repetitions of the nonce and 88 blocks of data. It is noted that our work does not threaten the security of Subterranean 2.0.

1 citations

Book ChapterDOI
TL;DR: In this paper , the authors proposed a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity of $2.64.5$ .
Abstract: The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity $$2^{64.5}$$ . This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.

1 citations

Book ChapterDOI
09 Dec 2012
TL;DR: A collision attack on the Hamsi-256 compression function with a complexity of about 2124.1.
Abstract: Hamsi-256 is a cryptographic hash functions submitted by Kucuk to the NIST SHA-3 competition in 2008. It was selected by NIST as one of the 14 round 2 candidates in 2009. Even though Hamsi-256 did not make it to the final round in 2010 it is still an interesting target for cryptanalysts. Since Hamsi-256 has been proposed, it received a great deal of cryptanalysis. Besides the second-preimage attacks on the hash function, most cryptanalysis focused on non-random properties of the compression function or output transformation of Hamsi-256. Interestingly, the collision resistance of the hash or compression function got much less attention. In this paper, we present a collision attack on the Hamsi-256 compression function with a complexity of about 2124.1.

1 citations

Book
10 Feb 2008
TL;DR: This work discusses a Unified Approach to Related-Key Attacks, Improved Indifferentiability Security Analysis of chopMD Hash Function, and new Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru.
Abstract: SHA Collisions.- Collisions for Step-Reduced SHA-256.- Collisions on SHA-0 in One Hour.- New Hash Function Designs.- The Hash Function Family LAKE.- SWIFFT: A Modest Proposal for FFT Hashing.- Block Cipher Cryptanalysis (I).- A Unified Approach to Related-Key Attacks.- Algebraic and Slide Attacks on KeeLoq.- A Meet-in-the-Middle Attack on 8-Round AES.- Implementation Aspects.- Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis.- SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags.- Differential Fault Analysis of Trivium.- Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation.- Hash Function Cryptanalysis (I).- Second Preimage Attack on 3-Pass HAVAL and Partial Key-Recovery Attacks on HMAC/NMAC-3-Pass HAVAL.- Cryptanalysis of LASH.- A (Second) Preimage Attack on the GOST Hash Function.- Stream Cipher Cryptanalysis (I).- Guess-and-Determine Algebraic Attack on the Self-Shrinking Generator.- New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4.- Efficient Reconstruction of RC4 Keys from Internal States.- Security Bounds.- An Improved Security Bound for HCTR.- How to Encrypt with a Malicious Random Number Generator.- A One-Pass Mode of Operation for Deterministic Message Authentication- Security beyond the Birthday Barrier.- Entropy.- Post-Processing Functions for a Biased Physical Random Number Generator.- Entropy of the Internal State of an FCSR in Galois Representation.- Block Cipher Cryptanalysis (II).- Bit-Pattern Based Integral Attack.- Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent.- Impossible Differential Cryptanalysis of CLEFIA.- Hash Function Cryptanalysis (II).- MD4 is Not One-Way.- Improved Indifferentiability Security Analysis of chopMD Hash Function.- New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru.- Stream Cipher Cryptanalysis (II).- On the Salsa20 Core Function.- New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba.

1 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
88% related
Public-key cryptography
27.2K papers, 547.7K citations
87% related
Hash function
31.5K papers, 538.5K citations
85% related
Encryption
98.3K papers, 1.4M citations
85% related
Computer security model
18.1K papers, 352.9K citations
82% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202311
202224
202115
202013
201919
201815