Slide Attacks on a Class of Hash Functions

Gorski, Michael; Lucks, Stefan; Peyrin, Thomas

doi:10.1007/978-3-540-89255-7_10

Cited by 20 publications

(14 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The slide attack is originally a block cipher cryptanalysis technique [14], but was recently applied to spongelike hash functions [34]. The idea is to exploit the degree of self-similarity of a permutation.…”

Section: Other Cryptanalysismentioning

confidence: 99%

See 1 more Smart Citation

The PHOTON Family of Lightweight Hash Functions

Guo

Peyrin

Pöschmann

2011

Lecture Notes in Computer Science

Self Cite

408

312

View full text Add to dashboard Cite

Abstract. RFID security is currently one of the major challenges cryptography has to face, often solved by protocols assuming that an on-tag hash function is available. In this article we present the PHOTON lightweight hash-function family, available in many different flavors and suitable for extremely constrained devices such as passive RFID tags. Our proposal uses a sponge-like construction as domain extension algorithm and an AES-like primitive as internal unkeyed permutation. This allows us to obtain the most compact hash function known so far (about 1120 GE for 64-bit collision resistance security), reaching areas very close to the theoretical optimum (derived from the minimal internal state memory size). Moreover, the speed achieved by PHOTON also compares quite favorably to its competitors. This is mostly due to the fact that unlike for previously proposed schemes, our proposal is very simple to analyze and one can derive tight AES-like bounds on the number of active Sboxes. This kind of AES-like primitive is usually not well suited for ultra constrained environments, but we describe in this paper a new method for generating the column mixing layer in a serial way, lowering drastically the area required. Finally, we slightly extend the sponge framework in order to offer interesting trade-offs between speed and preimage security for small messages, the classical use-case in hardware.

show abstract

Section: Other Cryptanalysismentioning

confidence: 99%

“…Thus the slide attack is impossible to perform at the permutation level. Moreover, the slide attack at the operating mode level from [34] is impossible to apply here since the padding rule from PHOTON forces the last message block to be different from zero (which prevent any sliding event).…”

Section: Other Cryptanalysismentioning

confidence: 99%

The PHOTON Family of Lightweight Hash Functions

Guo

Peyrin

Pöschmann

2011

Lecture Notes in Computer Science

Self Cite

408

312

View full text Add to dashboard Cite

show abstract

“…In [22] sponge-like constructions were proposed and cryptanalyzed. In some of these constructions, absorbing is done by overwriting part of the state by the message block rather than XORing it in, e.g., as in the hash function Grindahl [29].…”

Section: The Mode Omentioning

confidence: 99%

Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications

Bertoni

Daemen

Peeters

et al. 2012

Lecture Notes in Computer Science

268

262

View full text Add to dashboard Cite

Abstract. This paper proposes a novel construction, called duplex, closely related to the sponge construction, that accepts message blocks to be hashed and-at no extra cost-provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic a acks. The main application proposed here is an authenticated encryption mode based on the duplex construction. This mode is efficient, namely, enciphering and authenticating together require only a single call to the underlying permutation per block, and is readily usable in, e.g., key wrapping. Furthermore, it is the first mode of this kind to be directly based on a permutation instead of a block cipher and to natively support intermediate tags. The duplex construction can be used to efficiently realize other modes, such as a reseedable pseudo-random bit sequence generators and a sponge variant that overwrites part of the state with the input block rather than to XOR it in.

show abstract

“…However, the structural approach benefits from the difference freedom so we first exploit the latter one. There is also an attack on the prefix-MAC built on Grindahl [9].…”

Section: Grindahl-256mentioning

confidence: 99%

“…So far there is no collision attack on Grindahl-512 though a weakness of using Grindahl-512 as the base of prefix-MAC was shown [9].…”

Section: Grindahl-512mentioning

confidence: 99%

Cryptanalysis of Hash Functions with Structures

Khovratovich

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract.Hash function cryptanalysis has acquired many methods, tools and tricks from other areas, mostly block ciphers. In this paper another trick from block cipher cryptanalysis, the structures, is used for speeding up the collision search. We investigate the memory and the time complexities of this approach under different assumptions on the round functions. The power of the new attack is illustrated with the cryptanalysis of the hash functions Grindahl and the analysis of the SHA-3 candidate Fugue (both functions as 256 and 512 bit versions). The collision attack on Grindahl-512 is the first collision attack on this function.

show abstract

Slide Attacks on a Class of Hash Functions

Cited by 20 publications

References 28 publications

The PHOTON Family of Lightweight Hash Functions

The PHOTON Family of Lightweight Hash Functions

Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications

Cryptanalysis of Hash Functions with Structures

Contact Info

Product

Resources

About