Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words. The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions. The attacks find preimages of SHA-0 and SHA-1 in 2156.6 and 2159.3 compression function computations up to 52 and 48 steps, respectively, compared to the brute-force attack, which requires 2160 compression function computations. The previous best attacks find preimages up to 49 and 44 steps, respectively.

[1]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[2]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[3]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[4]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[5]  Christophe De Cannière,et al.  Preimages for Reduced SHA-0 and SHA-1 , 2008, CRYPTO.

[6]  Yu Sasaki,et al.  Finding Preimages in Full MD5 Faster Than Exhaustive Search , 2009, EUROCRYPT.

[7]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[8]  Seokhie Hong,et al.  New FORK-256 , 2007, IACR Cryptol. ePrint Arch..

[9]  Gaëtan Leurent,et al.  MD4 is Not One-Way , 2008, FSE.

[10]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[11]  Yu Sasaki,et al.  Preimage Attacks on 3, 4, and 5-Pass HAVAL , 2008, ASIACRYPT.

[12]  Markku-Juhani O. Saarinen A Meet-in-the-Middle Collision Attack Against the New FORK-256 , 2007, IACR Cryptol. ePrint Arch..

[13]  C. Pandu Rangan,et al.  Progress in Cryptology - INDOCRYPT 2007, 8th International Conference on Cryptology in India, Chennai, India, December 9-13, 2007, Proceedings , 2007, INDOCRYPT.

[14]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[15]  Willi Meier,et al.  Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5 , 2009, Selected Areas in Cryptography.

[16]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[17]  Yu Sasaki,et al.  A Preimage Attack for 52-Step HAS-160 , 2009, ICISC.

[18]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[19]  Jennifer Seberry,et al.  HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[20]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[21]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.