Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Security Analysis of Subterranean 2.0.

Abstract: Subterranean 2.0 is a cipher suite that can be used for hashing, authenticated encryption, MAC computation, etc. It was designed by Daemen, Massolino, Mehrdad, and Rotella, and has been selected as a candidate in the second round of NIST’s lightweight cryptography standardization process. Subterranean 2.0 is a duplex-based construction and utilizes a single-round permutation in the duplex. It is the simplicity of the round function that makes it an attractive target of cryptanalysis. In this paper, we examine the single-round permutation in various phases of Subterranean 2.0 and specify three related attack scenarios that deserve further investigation: keystream biases in the keyed squeezing phase, state collisions in the keyed absorbing phase, and one-round differential analysis in the nonce-misuse setting. To facilitate cryptanalysis in the first two scenarios, we novelly propose a set of size-reduced toy versions of Subterranean 2.0: Subterranean-m. Then we make an observation for the first time on the resemblance between the non-linear layer in the round function of Subterranean 2.0 and SIMON’s round function. Inspired by the existing work on SIMON, we propose explicit formulas for computing the exact correlation of linear trails of Subterranean 2.0 and other ciphers utilizing similar non-linear operations. We then construct our models for searching trails to be used in the keystream bias evaluation and state collision attacks. Our results show that most instances of Subterranean-m are secure in the first two attack scenarios but there exist instances that are not. Further, we find a flaw in the designers’ reasoning of Subterranean 2.0’s linear bias but support the designers’ claim that there is no linear bias measurable from at most $$2^{96}$$ data blocks. Due to the time-consuming search, the security of Subterranean 2.0 against the state collision attack in keyed modes still remains an open question. Finally, we observe that one-round differentials allow to recover state bits in the nonce-misuse setting. By proposing nested one-round differentials, we obtain a sufficient number of state bits, leading to a practical state recovery with only 20 repetitions of the nonce and 88 blocks of data. It is noted that our work does not threaten the security of Subterranean 2.0.

HCS: A fast and efficient algorithm to smooth hash collision

Abstract: As a compact data structure with the capacity of supporting fast lookup, Hash table is widely used in many network applications The accompanying memory accesses in- troduced by hash collision make hash table works at a slower speed than required Under the case of serious collision, these applications have little time to proceed the following packet processing, and fail to respond to new arriving packets In this paper, we introduce an efficient algorithm named HCS to limit the memory accessing cost in an acceptable range At the core, it dynamically applies for a new hash table, and adopts different hash functions to rehash these serious collide connections Furthermore, it will reclaim the applied hash table when necessary Experimental results show that, comparing with existing algorithms, HCS can decrease the lookup times by 18% at least

Cryptanalyses of Double-Mix Merkle-Damgård Mode in the Original Version of AURORA-512

Abstract: We present cryptanalyses of the original version of AURORA-512 hash function, which is a round-1 SHA-3 candidate. Our attack exploits weaknesses in a narrow-pipe mode of operation of AURORA-512 named “Double-Mix Merkle-Damgard (DMMD).” The current best collision attack proposed by Joux and Lucks only gives rough complexity estimations. We first evaluate its precise complexity and show its optimization. Secondly, we point out that the current best second-preimage attack proposed by Ferguson and Lucks does not work with the claimed complexity of 2291. We then evaluate a complexity so that the attack can work with a high success probability. We also show that the second-preimage attack can be used to attack the randomized hashing scheme. Finally, we present a key-recovery attack on HMAC-AURORA-512, which reveals 512-bit secret keys with 2257 queries, 2259 AURORA-512 operations, and negligible memory. The universal forgery on HMAC-AURORA-384 is also possible by combining the second-preimage and inner-key-recovery attacks.

Cryptanalysis of the reduced-round version of JH

Abstract: The JH hash function, introduced by Wu, is the one of the algorithms that was selected to the final round of SHA3 competition. In this paper, we are proud to present two kinds of attack on JH-512 hash function. One of them is a pre-image attack on the 10 rounds and the other is a collision attack on the 6 rounds of the compression function of JH. The former complexity is 2325 and the later one has a complexity of 2337. First of all, we consider JH hash function with the d=4 and explain the pre-image attack on it. And finally we give proper differential trails for the 512-bit version (d=8) of JH. Despite of the good result of this paper for breaking this hash function, the system has not broken till now.

Finding Collisions for Reduced Luffa-256 v2 (Poster)

Abstract: This paper presents ongoing work toward analysis of a second round SHA-3 candidate Luffa. This article analyses the collision resistance of reduced-round versions of Luffa-256 v2 which is the 256-bit hash function in the Luffa family. This paper focuses on the hash function security. To the best of our knowledge, this is the first collision analysis for fixed initial vector of Luffa. We show that collisions for 4 out of 8 steps of Luffa-256 v2 can be found with complexity 290 using sophisticated message modification techniques.