Preimage Attacks on Some Hashing Modes Instantiating Reduced-Round LBlock

In this paper, we present preimage attacks on several hashing modes instantiating reduced-round LBlock. It is observed that the omission of the network twist in the last round and the diffusion of the permutation in round function are the key points for our successful attack. First, to guarantee the validity of our attack, we prove one proposition on the round function. Then, utilizing the property of LBlock and several meet-in-the-middle techniques, we present a preimage attack on Davies-Meyer hashing mode instantiating 13-round LBlock, of which the time complexity is about O(255.4) 13-round compression function computations, less than the ideal complexity O(264) and the memory complexity is about 212 32-bit memory. Furthermore, we extend our results to the Matyas-Meyer-Oseas mode and MP mode with some changes. Finally, we convert the preimage attack into preimage attack or second preimage attack on the corresponding hash functions with Merkle-Damgard structure.

[1]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[2]  Chunhua Su,et al.  Impossible differential cryptanalysis of LBlock with concrete investigation of key scheduling algorithm , 2014, IACR Cryptol. ePrint Arch..

[3]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[4]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[5]  Le Dong,et al.  Meet-in-the-Middle Attacks on 3-Line Generalized Feistel Networks , 2017, IACR Cryptol. ePrint Arch..

[6]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[7]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Generic Feistel Constructions , 2014, ASIACRYPT.

[8]  Martijn Stam,et al.  Blockcipher-Based Hashing Revisited , 2009, FSE.

[9]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Classes of Contracting and Expanding Feistel Constructions , 2017, IACR Trans. Symmetric Cryptol..

[10]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1 , 2009, CRYPTO.

[11]  Yu Sasaki,et al.  Finding Preimages in Full MD5 Faster Than Exhaustive Search , 2009, EUROCRYPT.

[13]  Li Lin,et al.  Improved Meet-in-the-Middle Distinguisher on Feistel Schemes , 2015, SAC.

[14]  Yu Sasaki,et al.  Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers , 2012, Selected Areas in Cryptography.

[15]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[16]  Seokhie Hong,et al.  Meet-in-the-Middle Preimage Attacks on Hash Modes of Generalized Feistel and Misty Schemes with SP Round Function , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[17]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool , 2011, FSE.