SpringerLink - Book Chapter

Slide Attacks on a Class of Hash Functions

Book Series

Lecture Notes in Computer Science

Publisher

Springer Berlin / Heidelberg

ISSN

0302-9743 (Print) 1611-3349 (Online)

Volume

Volume 5350/2008

Book

Advances in Cryptology - ASIACRYPT 2008

DOI

10.1007/978-3-540-89255-7

2008

ISBN

978-3-540-89254-0

DOI

10.1007/978-3-540-89255-7_10

Pages

143-160

Subject Collection

Computer Science

SpringerLink Date

Tuesday, December 02, 2008

Slide Attacks on a Class of Hash Functions

Michael Gorski², Stefan Lucks² and Thomas Peyrin³

(2)	Bauhaus-University Weimar,

(3)	Orange Labs and University of Versailles,

Abstract

This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle.

To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatún. We finally discuss simple countermeasures as a defense against slide attacks.

Keywords slide attacks - hash function - Grindahl - RadioGatún - MAC - sponge function

Michael Gorski
Email: Michael.Gorski@uni-weimar.de

Stefan Lucks
Email: Stefan.Lucks@uni-weimar.de

Thomas Peyrin
Email: Thomas.Peyrin@gmail.com

Slide Attacks on a Class of Hash Functions

Fulltext Preview (Small, Large)