Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Security Properties of Domain Extenders for Cryptographic Hash Functions

Abstract: Cryptographic hash functions reduce inputs of arbitrary or very large length to a short string of fixed length. All hash function designs start from a compression function with fixed length inputs. The compression function itself is designed from scratch, or derived from a block cipher or a permutation. The most common procedure to extend the domain of a compression function in order to obtain a hash function is a simple linear iteration; however, some variants use multiple iterations or a tree structure that allows for parallelism. This paper presents a survey of 17 extenders in the literature. It considers the natural question whether these preserve the security properties of the compression function, and more in particular collision resistance, second preimage resistance, preimage resistance and the pseudo-random oracle property.

Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks

Abstract: At EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based framework for finding exploitable MITM characteristics in the context of key-recovery and collision attacks by taking the subtle peculiarities of both scenarios into account. Moreover, to perform attacks based on MITM characteristics with nonlinear constrained neutral words, which have not been seen before, we present a procedure for deriving the solution spaces of neutral words without solving the corresponding nonlinear equations or increasing the overall time complexities of the attack. We apply our method to concrete symmetric-key primitives, including SKINNY, ForkSkinny, Romulus-H, Saturnin, Grostl, WHIRLPOOL, and hashing modes with AES-256. As a result, we identify the first 23-round key-recovery attack on SKINNY-n-3n and the first 24-round key-recovery attack on ForkSkinny-n-3n in the single-key model. Moreover, improved (pseudo) preimage or collision attacks on round-reduced WHIRLPOOL, Grostl, and hashing modes with AES-256 are obtained. In particular, employing the new representation of the AES key schedule due to Leurent and Pernot (EUROCRYPT 2021), we identify the first preimage attack on 10-round AES-256 hashing.

Fast software encryption : 17th international workshop, FSE 2010, Seoul, Korea, February 7-10, 2010 : revised selected papers

Abstract: Stream Ciphers and Block Ciphers.- Cryptanalysis of the DECT Standard Cipher.- Improving the Generalized Feistel.- Nonlinear Equivalence of Stream Ciphers.- RFID and Implementations.- Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher.- Fast Software AES Encryption.- Hash Functions I.- Attacking the Knudsen-Preneel Compression Functions.- Finding Preimages of Tiger Up to 23 Steps.- Cryptanalysis of ESSENCE.- Theory.- Domain Extension for Enhanced Target Collision-Resistant Hash Functions.- Security Analysis of the Mode of JH Hash Function.- Enhanced Security Notions for Dedicated-Key Hash Functions: Definitions and Relationships.- Message Authentication Codes.- A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs.- How to Thwart Birthday Attacks against MACs via Small Randomness.- Constructing Rate-1 MACs from Related-Key Unpredictable Block Ciphers: PGV Model Revisited.- Hash Functions II.- Higher Order Differential Attack on Step-Reduced Variants of Luffa v1.- Rebound Attack on Reduced-Round Versions of JH.- Hash Functions III (Short Presentation).- Pseudo-cryptanalysis of the Original Blue Midnight Wish.- Differential and Invertibility Properties of BLAKE.- Cryptanalysis.- Rotational Cryptanalysis of ARX.- Another Look at Complementation Properties.- Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations.

Finding collisions for round-reduced SM3

Abstract: In this work, we provide the first security analysis of reduced SM3 regarding its collision resistance. SM3 is a Chinese hash function standard published by the Chinese Commercial Cryptography Administration Office for the use of electronic authentication service systems and hence, might be used in several cryptographic applications in China. So far only few results have been published for the SM3 hash function. Since the design of SM3 is very similar to the MD4 family of hash functions and in particular to SHA-2, a revaluation of the security of SM3 regarding collision resistance is important taking into account recent advances in the cryptanalysis of SHA-2. In this paper, we extend the methods used in the recent collision attacks on SHA-2 and show how the techniques can be effectively applied to SM3. Our results are a collision attack on the hash function for 20 out of 64 steps and a free-start collision attack for 24 steps of SM3, both with practical complexity.

Practical Collisions for EnRUPT

Abstract: The EnRUPT hash functions were proposed by O’Neil, Nohl and Henzen as candidates for the SHA-3 competition, organised by NIST. The proposal contains seven concrete hash functions, each with a different digest length. We present a practical collision attack on each of these seven EnRUPT variants. The time complexity of our attack varies from 236 to 240 round computations, depending on the EnRUPT variant, and the memory requirements are negligible. We demonstrate that our attack is practical by giving an actual collision example for EnRUPT-256.