Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security

IWSEC 2015: Advances in Information and Computer Security pp 79–96Cite as

Improved (Pseudo) Preimage Attacks on Reduced-Round GOST and Grøstl-256 and Studies on Several Truncation Patterns for AES-like Compression Functions

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9241))

Abstract

In this paper, we present improved preimage attacks on the reduced-round GOST hash function family, which serves as the new Russian hash standard, with the aid of techniques such as the rebound attack, the Meet-in-the-Middle preimage attack and the multicollisions. Firstly, the preimage attack on 5-round GOST-256 is proposed which is the first preimage attack for GOST-256 at the hash function level. Then we extend the (previous) attacks on 5-round GOST-256 and 6-round GOST-512 to 6.5 and 7.5 rounds respectively by exploiting the involution property of the GOST transposition operation.

Secondly, inspired by the preimage attack on GOST-256, we also study the impacts of four representative truncation patterns on the resistance of the Meet-in-the-Middle preimage attack against AES-like compression functions, and propose two stronger truncation patterns which make it more difficult to launch this type of attack. Based on our investigations, we are able to slightly improve the previous pseudo preimage attacks on reduced-round Grøstl-256.

This work was supported by the National High Technology Research and Development Program of China (863 Program, No.2013AA014002) and the National Natural Science Foundation of China (No.61379137).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Actually, similar observations have already been adopted [40], in which preimage attack on 7-round AES hashing modes was constructed by omitting the last MixColumn operation, but it is natural for AES since there is no MixColumn operation in the last round of AES. However, the omission of MixColumn/MixRow in the last round is mainly adopted by block ciphers to achieve implementation advantage in the decryption algorithm, but such omission might be improper under the hash function setting since inverse computation is commonly not required for hash functions.

  2. 2.

    A pseudo preimage is a preimage whose input chaining value is not equal to the given chaining value.

  3. 3.

    Similar to the pseudo preimage attack on Grøstl [44], although the match point is cut to half by the feed-forward operation, the indirect-partial-matching is still only related to the preserved parts of the digest, and contains no information of the truncated parts.

  4. 4.

    Note that \(r=4\) satisfy the above requirement \(r\le 4\) of Case 1.

References

  1. AlTawy, R., Kircanski, A., Youssef, A.M.: Rebound attacks on stribog. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 175–188. Springer, Heidelberg (2014)

    Google Scholar 

  2. AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 109–125. Springer, Heidelberg (2014)

    Google Scholar 

  3. Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)

    Google Scholar 

  4. Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)

    Google Scholar 

  5. Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE. Submission to NIST (Round 3) (2010). http://131002.net/blake/

  6. Barreto, P., Rijmen, V.: The whirlpool hashing function. Submitted to NESSIE, September 2000. http://www.larc.usp.br/ pbarreto/WhirlpoolPage.html

  7. Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 proposal: ECHO. Submission to NIST (updated) (2009). http://crypto.rd.francetelecom.com/ECHO/

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The keccak reference. Submission to NIST (Round 3) (2011). http://keccak.noekeon.org/Keccak-reference-3.0.pdf

  9. Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007). http://eprint.iacr.org/2007/278

  10. Biham, E., Dunkelman, O.: The SHAvite-3 hash function. Submission to NIST (Round 2) (2009), http://www.cs.technion.ac.il/orrd/SHAvite-3/

  11. Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 429–443. Springer, Heidelberg (2008)

    Google Scholar 

  12. Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)

    Google Scholar 

  13. Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)

    Google Scholar 

  14. Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  15. Dolmatov, V., Degtyarev, A.: GOST R 34.11-2012: hash function (2013)

    Google Scholar 

  16. Dolmatov, V., Degtyarev, A.: Request for comments 6986: GOST R 34.11-2012: hash function. Internet Engineering Task Force (IETF) (2013). http://www.ietf.org/rfc/rfc6986.txt

  17. Information protection and special communications of the federal security service of the Russian federation: GOST R 34.11-94, information technology cryptographic data security hashing function (1994). (In Russian)

    Google Scholar 

  18. Information protection and special communications of the federal security service of the Russian federation: GOST R 34.11-2012, information technology cryptographic data security hashing function (2012). http://www.tc26.ru/en/GOSTR3411-2012/GOST_R_34_11-2012_eng.pdf

  19. Gauravaram, P., Kelsey, J.: Linear-XOR and additive checksums don’t protect Damgård-Merkle hashes from generic attacks. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 36–51. Springer, Heidelberg (2008)

    Google Scholar 

  20. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl-a SHA-3 candidate. Submission to NIST (Round 3) (2011). http://www.groestl.info/Groestl.pdf

  21. Gilbert, H., Peyrin, T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365–383. Springer, Heidelberg (2010)

    Google Scholar 

  22. Guo, J., Jean, J., Leurent, G., Peyrin, T., Wang, L.: The usage of counter revisited: second-preimage attack on new Russian standardized hash function. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 195–211. Springer, Heidelberg (2014)

    Google Scholar 

  23. International Organization for Standardization: ISO/IEC 10118–3:2004: information technology - security techniques - hash-functions - part 3: dedicated hash-functions (2004)

    Google Scholar 

  24. Iwamoto, M., Peyrin, T., Sasaki, Y.: Limited-birthday distinguishers for hash functions. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 504–523. Springer, Heidelberg (2013)

    Google Scholar 

  25. Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Google Scholar 

  26. Kazymyrov, O., Kazymyrova, V.: Algebraic aspects of the Russian hash standard GOST R 34.11-2012. Cryptology ePrint Archive, Report 2013/556 (2013). http://eprint.iacr.org/2013/556

  27. Kelsey, J., Kohno, T.: Herding hash functions and the nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)

    Google Scholar 

  28. Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2\(^{n}\) work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)

    Google Scholar 

  29. Khovratovich, D., Nikolić, I., Weinmann, R.-P.: Meet-in-the-middle attacks on SHA-3 candidates. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 228–245. Springer, Heidelberg (2009)

    Google Scholar 

  30. Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244–263. Springer, Heidelberg (2012)

    Google Scholar 

  31. Knellwolf, S., Khovratovich, D.: New preimage attacks against reduced SHA-1. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 367–383. Springer, Heidelberg (2012)

    Google Scholar 

  32. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)

    Google Scholar 

  33. Ma, B., Li, B., Hao, R., Li, X.: Improved cryptanalysis on reduced-round GOST and whirlpool hash function. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 289–307. Springer, Heidelberg (2014)

    Google Scholar 

  34. Ma, B., Li, B., Hao, R., Li, X.: Improved (Pseudo) preimage attacks on reduced-round GOST and Grøstl-256 and studies on several truncation patterns for AES-like compression functions (Full version). Cryptology ePrint Archive (2015)

    Google Scholar 

  35. Mendel, F., Pramstaller, N., Rechberger, C.: A (Second) preimage attack on the GOST hash function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 224–234. Springer, Heidelberg (2008)

    Google Scholar 

  36. Mendel, F., Pramstaller, N., Rechberger, C., Kontak, M., Szmidt, J.: Cryptanalysis of the GOST hash function. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 162–178. Springer, Heidelberg (2008)

    Google Scholar 

  37. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Google Scholar 

  38. Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  39. National Institute of Standards and Technology (NIST): FIPS PUB 180–3: secure hash standard. Federal Information Processing Standards Publication 180–3, U.S. Department of Commerce, October 2008. http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf

  40. Sasaki, Y.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378–396. Springer, Heidelberg (2011)

    Google Scholar 

  41. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Google Scholar 

  42. Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012)

    Google Scholar 

  43. Wang, Z., Yu, H., Wang, X.: Cryptanalysis of GOST R hash function. Cryptology ePrint Archive, Report 2013/584 (2013). http://eprint.iacr.org/2013/584

  44. Wu, S., Feng, D., Wu, W., Guo, J., Dong, L., Zou, J.: (Pseudo)Preimage attack on round-reduced Grøstl hash function and others. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 127–145. Springer, Heidelberg (2012)

    Google Scholar 

  45. Zou, J., Wu, W., Wu, S.: Cryptanalysis of the round-reduced GOST hash function. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 309–322. Springer, Heidelberg (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Bingke Ma, Bao Li, Ronglin Hao & Xiaoqian Li

  2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing, 100093, China

    Bingke Ma, Bao Li, Ronglin Hao & Xiaoqian Li

  3. University of Chinese Academy of Sciences, Beijing, China

    Bingke Ma & Xiaoqian Li

  4. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei, 230027, China

    Ronglin Hao

Authors
  1. Bingke Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ronglin Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaoqian Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bingke Ma .

Editor information

Editors and Affiliations

  1. Tokyo Institute of Technology, Tokyo, Japan

    Keisuke Tanaka

  2. Internet Initiative Japan Inc., Tokyo, Japan

    Yuji Suga

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ma, B., Li, B., Hao, R., Li, X. (2015). Improved (Pseudo) Preimage Attacks on Reduced-Round GOST and Grøstl-256 and Studies on Several Truncation Patterns for AES-like Compression Functions. In: Tanaka, K., Suga, Y. (eds) Advances in Information and Computer Security. IWSEC 2015. Lecture Notes in Computer Science(), vol 9241. Springer, Cham. https://doi.org/10.1007/978-3-319-22425-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22425-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22424-4

  • Online ISBN: 978-3-319-22425-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation