Paper 2006/116

Second Preimages for Iterated Hash Functions Based on a b-Block Bypass

Mario Lamberger, Norbert Pramstaller, and Vincent Rijmen

Abstract

In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instantiated with DESX but AES should rather be used. However, we use the instantiation of this hash scheme with DESX to introduce a new property of iterated hash functions, namely a so-called b-block bypass. We will show that if an iterated hash function possesses a b-block bypass, then this implies that second preimages can be constructed. Additionally, the attacker has more degrees of freedom for constructing the second preimage.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
iterated hash functionssecond preimagedifferential cryptanalysis
Contact author(s)
Norbert Pramstaller @ iaik tugraz at
History
2006-09-26: last of 3 revisions
2006-03-26: received
See all versions
Short URL
https://ia.cr/2006/116
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/116,
      author = {Mario Lamberger and Norbert Pramstaller and Vincent Rijmen},
      title = {Second Preimages for Iterated Hash Functions Based on a b-Block Bypass},
      howpublished = {Cryptology ePrint Archive, Paper 2006/116},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/116}},
      url = {https://eprint.iacr.org/2006/116}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.