Cryptanalysis of Grindahl

Due to recent breakthroughs in hash functions cryptanalysis, some new hash schemes have been proposed. GRINDAHL is a novel hash function, designed by Knudsen, Rechberger and Thomsen and published at FSE 2007. It has the particularity that it follows the RIJNDAEL design strategy, with an efficiency comparable to SHA-256. This paper provides the first cryptanalytic work on this new scheme. We show that the 256-bit version of GRINDAHL is not collision resistant. With a work effort of approximatively 2112 hash computations, one can generate a collision.

[1]  Thomas Peyrin,et al.  On Building Hash Functions from Multivariate Quadratic Equations , 2007, ACISP.

[2]  Mihir Bellare,et al.  Multi-Property-Preserving Hash Domain Extension and the EMD Transform , 2006, ASIACRYPT.

[3]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4]  Daniel Augot,et al.  A Family of Fast Syndrome Based Cryptographic Hash Functions , 2005, Mycrypt.

[5]  Thomas Peyrin,et al.  Security Analysis of Constructions Combining FIL Random Oracles , 2007, FSE.

[6]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[7]  Søren S. Thomsen,et al.  Grindahl – a family of hash functions , 2007 .

[8]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[9]  Eli Biham,et al.  A Framework for Iterative Hash Functions - HAIFA , 2007, IACR Cryptol. ePrint Arch..

[10]  Mohammad Umar Siddiqi,et al.  Generalised impossible differentials of advanced encryption standard , 2001 .

[11]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[12]  Ron Steinfeld,et al.  VSH, an Efficient and Provable Collision Resistant Hash Function , 2006, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[14]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[15]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[16]  Christophe De Cannière,et al.  Finding SHA-1 Characteristics: General Results and Applications , 2006, ASIACRYPT.

[17]  Pieter Retief Kasselman,et al.  Analysis and design of cryptographic hash functions , 1999 .

[18]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[19]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[20]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[21]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[22]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[23]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[24]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[25]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[26]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[27]  Bruce Schneier One-way hash functions , 1991 .

[28]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[29]  Thomas Peyrin,et al.  Combining Compression Functions and Block Cipher-Based Hash Functions , 2006, ASIACRYPT.

[30]  Aggelos Kiayias,et al.  Efficient Secure Group Signatures with Dynamic Joins and Keeping Anonymity Against Group Managers , 2005, Mycrypt.

[31]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[32]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[33]  Guido Bertoni,et al.  RadioGatún, a belt-and-mill hash function , 2006, IACR Cryptol. ePrint Arch..

[34]  Adi Shamir,et al.  Breaking the ICE - Finding Multicollisions in Iterated Concatenated and Expanded (ICE) Hash Functions , 2006, FSE.

[35]  Seokhie Hong,et al.  A New Dedicated 256-Bit Hash Function: FORK-256 , 2006, FSE.

[36]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[37]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[38]  John Kelsey,et al.  Herding Hash Functions and the Nostradamus Attack , 2006, EUROCRYPT.

[39]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[40]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[41]  Thomas Peyrin,et al.  Cryptanalysis of FORK-256 , 2007, FSE.

[42]  Lars R. Knudsen,et al.  The Grindahl Hash Functions , 2007, FSE.

[43]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[44]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.