论文信息 - Pseudo-Cryptanalysis of Luffa

Pseudo-Cryptanalysis of Luffa

In this paper, we present the pseudo-collision, pseudo-second-preimage and pseudo-preimage attacks on the SHA-3 candidate algorithm Luffa. The pseudo-collisions and pseudo-second-preimages can be found easily by computing the inverse of the message injection function at the beginning of Luffa. We explain in details the pseudo-preimage attacks. For Luffa-224/256, given the hash value, only 2 iteration computations are needed to get a pseudo-preimage. For Luffa-384, finding a pseudo-preimage needs about 264 iteration computations with 267 bytes memory by the extended generalized birthday attack. For Luffa-512, the complexity is 2128 iteration computations with 2132 bytes memory. It is noted that, we can find the pseudo-collision pairs and the pseudosecond images only changing a few different bits of initial values. That is directly converted to the forgery attack on NMAC in related key cases.

[1] Hugo Krawczyk,et al. Message Authentication using Hash Functions , 1996 .

[2] Claus-Peter Schnorr. Enhancing the security of perfect blind DL-signatures , 2006, Inf. Sci..

[3] Xiaoyun Wang,et al. Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[4] Xiaoyun Wang,et al. How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[5] Gaëtan Leurent,et al. Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5 , 2007, CRYPTO.

[6] David A. Wagner,et al. A Generalized Birthday Problem , 2002, CRYPTO.

[7] Xiaoyun Wang,et al. Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[8] Scott Contini,et al. Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions , 2006, ASIACRYPT.

[9] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[10] Bruce Schneier,et al. Second Primages on n-bit Hash Functions for Much Less than 2n Work | NIST , 2005 .

[11] Hui Chen,et al. Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[12] Xiaoyun Wang,et al. The Second-Preimage Attack on MD4 , 2005, CANS.