论文信息 - Extending FORK-256 Attack to the Full Hash Function

Extending FORK-256 Attack to the Full Hash Function

In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions for the FORK-256 hash function was presented [8]. The paper contained examples of near-collisions for the compression function, but in practice the attack could not be extended to the full function due to large memory requirements and computation time. In this paper we improve the attack and show that it is possible to find near-collisions in practice for any given value of IV. In particular, this means that the full hash function with the prespecified IV is vulnerable in practice, not just in theory. We exhibit an example near-collision for the complete hash function.

Josef Pieprzyk | Scott Contini | Krystian Matusiewicz

[1] Bart Preneel,et al. Cryptanalysis of Reduced Variants of the FORK-256 Hash Function , 2007, CT-RSA.

[2] Seokhie Hong,et al. New FORK-256 , 2007, IACR Cryptol. ePrint Arch..

[3] Markku-Juhani O. Saarinen. A Meet-in-the-Middle Collision Attack Against the New FORK-256 , 2007, IACR Cryptol. ePrint Arch..

[4] Josef Pieprzyk,et al. Weaknesses of the FORK-256 compression function , 2006, IACR Cryptol. ePrint Arch..

[5] Masayuki Abe. Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007, Proceedings , 2006, CT-RSA.

[6] D. Bernstein. What output size resists collisions in a xor of independent expansions ? , 2007 .

[7] Eli Biham,et al. TIGER: A Fast New Hash Function , 1996, FSE.

[8] Thomas Peyrin,et al. Cryptanalysis of FORK-256 , 2007, FSE.

[9] Bruce Schneier,et al. Unbalanced Feistel Networks and Block Cipher Design , 1996, FSE.

[10] Seokhie Hong,et al. A New Dedicated 256-Bit Hash Function: FORK-256 , 2006, FSE.

[11] Gerhard Goos,et al. Fast Software Encryption , 2001, Lecture Notes in Computer Science.