Cryptanalysis of Some Double-Block-Length Hash Modes of Block Ciphers with n-Bit Block and n-Bit Key

In this paper, we make attacks on DBL (Double-Block-Length) hash modes of block ciphers with n-bit key and n-bit block. Our preimage attack on the hash function of MDC-4 scheme requires the time complexity 2, which is significantly improved compared to the previous results. Our collision attack on the hash function of MJH scheme has time complexity less than 2 for n = 128. Our preimage attack on the compression function of MJH scheme find a preimage with time complexity of 2. It is converted to a preimage attack on the hash function with time complexity of 2. Our preimage attack on the compression function of Mennink’s scheme find a preimage with time complexity of 2. It is converted to a preimage attack on the hash function with time complexity of 2. These attacks are helpful for understanding the security of the hash modes together with their security proofs.

[1]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[2]  Bart Preneel,et al.  Fast and Secure Hashing Based on Codes , 1997, CRYPTO.

[3]  John P. Steinberger,et al.  The Collision Security of Tandem-DM in the Ideal Cipher Model , 2011, CRYPTO.

[4]  Xuejia Lai,et al.  Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[5]  Daesung Kwon,et al.  The Security of Abreast-DM in the Ideal Cipher Model , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  John P. Steinberger,et al.  The Collision Intractability of MDC-2 in the Ideal Cipher Model , 2007, IACR Cryptol. ePrint Arch..

[7]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Stefan Lucks,et al.  The Collision Security of MDC-4 , 2012, AFRICACRYPT.

[10]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[11]  Bart Preneel Cryptographic hash functions , 1994, Eur. Trans. Telecommun..

[12]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[13]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[14]  Alex Biryukov,et al.  Data Encryption Standard (DES) , 2005, Encyclopedia of Cryptography and Security.

[15]  Florian Mendel,et al.  Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[16]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .