Collision attack

About: Collision attack is a research topic. Over the lifetime, 1093 publications have been published within this topic receiving 28389 citations.

Rebound attack on JH42

Abstract: The hash function JH [20] is one of the five finalists of the NIST SHA-3 hash competition It has been recently tweaked for the final by increasing its number of rounds from 355 to 42 The previously best known results on JH were semi-free-start near-collisions up to 22 rounds using multi-inbound rebound attacks In this paper we provide a new differential path on 32 rounds Using this path, we are able to build various semi-free-start internal-state near-collisions and the maximum number of rounds that we achieved is up to 37 rounds on 986 bits Moreover, we build distinguishers in the full 42-round internal permutation These are, to our knowledge, the first results faster than generic attack on the full internal permutation of JH42, the finalist version These distinguishers also apply to the compression function

Collision search attack for 53-step HAS-160

Abstract: HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 255.

Attacks on hash functions based on generalized Feistel: application to reduced-round Lesamnta and SHAvite-3 512

Abstract: In this paper we study the strength of two hash functions which are based on Generalized Feistels. We describe a new kind of attack based on a cancellation property in the round function. This new technique allows to efficiently use the degrees of freedom available to attack a hash function. Using the cancellation property, we can avoid the non-linear parts of the round function, at the expense of some freedom degrees. Our attacks are mostly independent of the round function in use, and can be applied to similar hash functions which share the same structure but have different round functions. We start with a 22-round generic attack on the structure of Lesamnta, and adapt it to the actual round function to attack 24-round Lesamnta (the full function has 32 rounds). We follow with an attack on 9-round SHAvite-3512 which also works for the tweaked version of SHAvite-3512.

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Abstract: Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean's method of finding expandable messages for finding a second preimage in the Merkle-Damgard hash function to existentially forge a signature scheme based on a t -bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t /2 chosen messages plus 2 t /2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Cryptanalysis of Twister

Abstract: In this paper, we present a semi-free-start collision attack on the compression function for all Twister variants with negligible complexity. We show how this compression function attack can be extended to construct collisions for Twister-512 slightly faster than brute force search. Furthermore, we present a second-preimage and preimage attack for Twister-512 with complexity of about 2384 and 2456 compression function evaluations, respectively.