Collision Attack on 4-Branch, Type-2 GFN Based Hash Functions Using Sliced Biclique Cryptanalysis Technique

HaF is a family of hash functions developed in Poland at Poznán University of Technology, see [1, 2]. It is a classical Merkle-Damgård construction with the output sizes of 256, 512 or 1024 bits. In this paper we present a collision attack with negligible complexity (collisions can be found without using a computer) for all the members of HaF family. We have also shown that the improved function (without the critical transformation) is still insecure. It is possible to find a preimage for a short message with the complexity lower than the exhaustive search. We are also able to create some fixed points with a complexity of single compression function call.

Download Full-text

Known-key distinguishers on 15-round 4-branch type-2 generalised Feistel networks with single substitution–permutation functions and near-collision attacks on its hashing modes

IET Information Security ◽

10.1049/iet-ifs.2014.0402 ◽

2015 ◽

Vol 9 (5) ◽

pp. 277-283 ◽

Cited By ~ 2

Author(s):

Le Dong ◽

Wenling Wu ◽

Jian Zou ◽

Yanling Wang

Keyword(s):

Collision Attacks ◽

Feistel Networks ◽

Branch Type ◽

Single Substitution

Download Full-text

Security Analysis of GFN: 8-Round Distinguisher for 4-Branch Type-2 GFN

Lecture Notes in Computer Science - Progress in Cryptology – INDOCRYPT 2013 ◽

10.1007/978-3-319-03515-4_9 ◽

2013 ◽

pp. 136-148 ◽

Cited By ~ 3

Author(s):

Donghoon Chang ◽

Abhishek Kumar ◽

Somitra Sanadhya

Keyword(s):

Security Analysis ◽

Branch Type

Download Full-text

Lightweight AEAD and Hashing using the Sparkle Permutation Family

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.is1.208-261 ◽

2020 ◽

pp. 208-261

Author(s):

Christof Beierle ◽

Alex Biryukov ◽

Luan Cardoso dos Santos ◽

Johann Großschädl ◽

Léo Perrin ◽

...

Keyword(s):

Arbitrary Number ◽

Internal State ◽

Outer Part ◽

Hash Functions ◽

Collision Attack ◽

Security Levels ◽

Corresponding Analysis

We introduce the Sparkle family of permutations operating on 256, 384 and 512 bits. These are combined with the Beetle mode to construct a family of authenticated ciphers, Schwaemm, with security levels ranging from 120 to 250 bits. We also use them to build new sponge-based hash functions, Esch256 and Esch384. Our permutations are among those with the lowest footprint in software, without sacrificing throughput. These properties are allowed by our use of an ARX component (the Alzette S-box) as well as a carefully chosen number of rounds. The corresponding analysis is enabled by the long trail strategy which gives us the tools we need to efficiently bound the probability of all the differential and linear trails for an arbitrary number of rounds. We also present a new application of this approach where the only trails considered are those mapping the rate to the outer part of the internal state, such trails being the only relevant trails for instance in a differential collision attack. To further decrease the number of rounds without compromising security, we modify the message injection in the classical sponge construction to break the alignment between the rate and our S-box layer.

Download Full-text

New Semi-Free-Start Collision Attack Framework for Reduced RIPEMD-160

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2019.i3.169-192 ◽

2019 ◽

pp. 169-192

Author(s):

Fukang Liu ◽

Christoph Dobraunig ◽

Florian Mendel ◽

Takanori Isobe ◽

Gaoli Wang ◽

...

Keyword(s):

Hash Function ◽

Time Complexity ◽

Hash Functions ◽

Stream Structure ◽

Collision Attack ◽

Time Period ◽

Collision Attacks ◽

Memory Complexity ◽

New Framework

RIPEMD-160 is a hash function published in 1996, which shares similarities with other hash functions designed in this time-period like MD4, MD5 and SHA-1. However, for RIPEMD-160, no (semi-free-start) collision attacks on the full number of steps are known. Hence, it is still used, e.g., to generate Bitcoin addresses together with SHA-256, and is an ISO/IEC standard. Due to its dual-stream structure, even semifree- start collision attacks starting from the first step only reach 36 steps, which were firstly shown by Mendel et al. at Asiacrypt 2013 and later improved by Liu, Mendel and Wang at Asiacrypt 2017. Both of the attacks are based on a similar freedom degree utilization technique as proposed by Landelle and Peyrin at Eurocrypt 2013. However, the best known semi-free-start collision attack on 36 steps of RIPEMD-160 presented at Asiacrypt 2017 still requires 255.1 time and 232 memory. Consequently, a practical semi-free-start collision attack for the first 36 steps of RIPEMD-160 still requires a significant amount of resources. Considering the structure of these previous semi-free-start collision attacks for 36 steps of RIPEMD-160, it seems hard to extend it to more steps. Thus, we develop a different semi-free-start collision attack framework for reduced RIPEMD-160 by carefully investigating the message expansion of RIPEMD-160. Our new framework has several advantages. First of all, it allows to extend the attacks to more steps. Second, the memory complexity of the attacks is negligible. Hence, we were able to mount semi-free-start collision attacks on 36 and 37 steps of RIPEMD-160 with practical time complexity 241 and 249 respectively. Additionally, we describe semi-free-start collision attacks on 38 and 40 (out of 80) steps of RIPEMD-160 with time complexity 252 and 274.6, respectively. To the best of our knowledge, these are the best semi-free-start collision attacks for RIPEMD-160 starting from the first step with respect to the number of steps, including the first practical colliding message pairs for 36 and 37 steps of RIPEMD-160.

Download Full-text

Quantum rebound attack to D-M structure based on ARIA algorithm

Journal of Physics Conference Series ◽

10.1088/1742-6596/2078/1/012003 ◽

2021 ◽

Vol 2078 (1) ◽

pp. 012003

Author(s):

Shanque Dou ◽

Ming Mao ◽

Yanjun Li ◽

Dongying Qiu

Keyword(s):

Quantum Computing ◽

Hash Function ◽

Block Cipher ◽

Security Analysis ◽

Hash Functions ◽

Block Ciphers ◽

Collision Attack ◽

Cryptographic Algorithms ◽

Collision Attacks ◽

Quantum Technology

Abstract With the increasing application of quantum computing, quantum technology is increasingly used in the security analysis and research of multiple symmetric cryptographic algorithms such as block ciphers and hash functions. In 2020, Sasaki et al. proposed a dedicated quantum collision attack against hash functions in EUROCRYPT. Some differential trajectories with a probability of 2−2n/3 that cannot be used in the classical environment may be used to launch collision attacks in the quantum environment. The ARIA algorithm is a block cipher proposed by the Korean researcher Kwon et al. on ICISC 2003. The block cipher algorithm is similar to AES in structure. This article mainly analyzes the security of Davies-Meyer structure, and uses AIRA as the permutation function to construct ARIA hash function based on the DM hash model. A new AIRA differential path was found based on MILP, and 7 rounds of ARIA-DM hash function quantum rebound attacks were given.

Download Full-text