Preimage Attacks on 3, 4, and 5-Pass HAVAL

This paper proposes preimage attacks on hash function HAVAL whose output length is 256 bits. This paper has three main contributions; a preimage attack on 3-pass HAVAL at the complexity of 2225, a preimage attack on 4-pass HAVAL at the complexity of 2241, and a preimage attack on 5-pass HAVAL reduced to 151 steps at the complexity of 2241. Moreover, we optimize the computational order for brute-force attack on full 5-pass HAVAL and its complexity is 2254.89. As far as we know, the proposed attack on 3-pass HAVAL is the best attack and there is no preimage attack so far on 4-pass and 5-pass HAVAL. Note that the complexity of the previous best attack on 3-pass HAVAL is 2230. Technically, our attacks find pseudo-preimages of HAVAL by combining the meet-in-the-middle and local-collision approaches, then convert pseudo-preimages to a preimage by using a generic algorithm.

[1]  Kaoru Kurosawa,et al.  How to Find Many Collisions of 3-Pass HAVAL , 2007, IWSEC.

[2]  Joos Vandewalle,et al.  Cryptanalysis of 3-Pass HAVAL , 2003, ASIACRYPT.

[3]  Jongsung Kim,et al.  Second Preimage Attack on 3-Pass HAVAL and Partial Key-Recovery Attacks on HMAC/NMAC-3-Pass HAVAL , 2008, FSE.

[4]  Jongsung Kim,et al.  On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract) , 2006, SCN.

[5]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[6]  Willi Meier,et al.  Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5 , 2009, Selected Areas in Cryptography.

[7]  Jongsung Kim,et al.  On the Security of Encryption Modes of MD4, MD5 and HAVAL , 2005, ICICS.

[8]  Jennifer Seberry,et al.  HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[9]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[10]  Hans Dobbertin,et al.  The First Two Rounds of MD4 are Not One-Way , 1998, FSE.

[11]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[12]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Gaëtan Leurent,et al.  MD4 is Not One-Way , 2008, FSE.

[15]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[16]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[17]  Alex Biryukov,et al.  Non-randomness of the Full 4 and 5-Pass HAVAL , 2004, SCN.

[18]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[19]  Feng Dengguo,et al.  An attack on hash function HAVAL-128 , 2005 .

[20]  Christophe De Cannière,et al.  Preimages for Reduced SHA-0 and SHA-1 , 2008, CRYPTO.

[21]  Huanguo Zhang,et al.  Cryptanalysis of 4-Pass HAVAL , 2006, IACR Cryptol. ePrint Arch..

[22]  Dengguo Feng,et al.  An attack on hash function HAVAL-128 , 2007, Science in China Series F: Information Sciences.

[23]  Xiaoyun Wang,et al.  Cryptanalysis of the Full HAVAL with 4 and 5 Passes , 2006, FSE.