Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]

@

Journal of Information Science and Engineering, Vol. 30 No. 6, pp. 1789-1806 (November 2014)


Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grostl Hash Function*


JIAN ZOU1,2, WENLING WU1, SHUANG WU1 AND LE DONG1,2
1TCA Institute of Software
Chinese Academy of Sciences
Beijing, 100190 P.R. China
2Graduate University of Chinese Academy of Sciences
Beijing, 100049 P.R. China
E-mail: {zoujian; wwl; wushuang; dongle}@is.iscas.ac.cn

The Grostl hash function is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we propose some improved (pseudo) preimage attacks on the Grostl hash function by using some techniques, such as subspace preimage attack and the guess-and-determine technique. We present the improved pseudo preimage attacks on 5-round Grostl-256 hash function and 8-round Grostl-512 hash function, and the complexities of these attacks are (2239.90, 2240.40) (in time and memory) and (2499.50, 2499), respectively. We also extend the pseudo preimage from 5 rounds to 6 rounds for Grostl-256 hash function, besides the biclique attack. Furthermore, we propose the pseudo second preimage attack on 6-round Grostl-256 hash function. The complexities of our 6-round (pseudo) preimage and second preimage attacks are (2253.26, 2253.67) and (2251.0, 2252.0), respectively. As far as we know, these are the best known attacks on round-reduced Grostl hash function.

Keywords: Grostl, hash function, meet-in-the-middle, guess-and-determine, preimage attack, initial structure

Full Text () Retrieve PDF document (201411_07.pdf)

Received January 11, 2013; revised April 12 & July 10 & October 18, 2013; accepted November 23, 2013.
Communicated by Vincent Rijmen.
* This work is supported by The National Basic Research Program of China 973 Program (2013CB338002); The National Natural Science Foundation of China (61272476, 61232009).