Preimage Attack on Reduced DHA-256

DHA-256 (Double Hash Algorithm) was proposed at the Cryptographic Hash Workshop hosted by NIST in November 2005. DHA-256 is a dedicated ha sh function with output length of 256 bits and 64 steps of operations designed to enhance SHA-256 security. In this paper, we show an attack on 35-step DHA-256. The attack finds pseudo-preimage and preimage of 35-step DHA-256 with the time complexity of 2 240 and 2 249 compression function operations, respectively, and 2 16 x 11 words memory. To the best of our knowledge, this is the first paper that analyzes the preimage resistance of DHA-256.

[1]  G. Leopold The Federal Register. , 1979, Journal of clinical ultrasound : JCU.

[2]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[3]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1 , 2009, CRYPTO.

[4]  Yu Sasaki,et al.  Finding Preimages in Full MD5 Faster Than Exhaustive Search , 2009, EUROCRYPT.

[5]  Gaëtan Leurent,et al.  MD4 is Not One-Way , 2008, FSE.

[6]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[7]  Christophe De Cannière,et al.  Preimages for Reduced SHA-0 and SHA-1 , 2008, CRYPTO.

[8]  Yu Sasaki,et al.  A Preimage Attack for 52-Step HAS-160 , 2009, ICISC.

[9]  Yu Sasaki,et al.  Preimage Attacks on 3, 4, and 5-Pass HAVAL , 2008, ASIACRYPT.

[10]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[11]  Jian Guo,et al.  Preimages for Step-Reduced SHA-2 , 2009, IACR Cryptol. ePrint Arch..

[12]  Yu Sasaki,et al.  Preimage Attacks on Step-Reduced MD5 , 2008, ACISP.

[13]  Xuejia Lai,et al.  Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[14]  IAIK Krypto Preliminary Analysis of DHA-256 , 2005, IACR Cryptol. ePrint Arch..

[15]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[16]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[17]  Shaohui Wang,et al.  Preimage Attack on Hash Function RIPEMD , 2009, ISPEC.

[18]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[19]  Xiaoyun Wang,et al.  The Second-Preimage Attack on MD4 , 2005, CANS.

[20]  Kyoji Shibutani,et al.  Preimage Attacks on Reduced Tiger and SHA-2 , 2009, FSE.

[21]  Palash Sarkar,et al.  New Collision Attacks against Up to 24-Step SHA-2 , 2008, INDOCRYPT.

[22]  Yu Sasaki,et al.  Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 , 2009, IACR Cryptol. ePrint Arch..

[23]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on Double-Branch Hash Functions: Application to RIPEMD and Others , 2009, ACISP.

[24]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[25]  Willi Meier,et al.  Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5 , 2009, Selected Areas in Cryptography.

[26]  Bart Preneel,et al.  Collisions and other Non-Random Properties for Step-Reduced SHA-256 , 2009, IACR Cryptol. ePrint Arch..