Cryptology ePrint Archive: Report 2006/412

Preimage Attacks on CellHash, SubHash and Strengthened Versions of CellHash and SubHash

Donghoon Chang

Abstract: CellHash \cite{DaGoVa91} and SubHash \cite{DaGoVa92} were suggested by J. Daemen, R. Govaerts and J. Vandewalle in 1991 and 1992. SubHash is an improved version from CellHash. They have 257-bit internal state and 256-bit hash output. In this paper, we show a preimage attack on CellHash (SubHash) with the complexity $2^{129+t}$ and the memory $2^{128-t}$ for any $t$ (with the complexity about $2^{242}$ and the memory size $2^{17}$). Even though we modify them in a famous way, we show that we can find a preimage on the modified CellHash (the modified SubHash) with the complexity $2^{200}$ and the memory size $2^{59}$ (with the complexity about $2^{242}$ and the memory size $2^{17}$).

Category / Keywords: secret-key cryptography / Hash Function, Preimage Attack

Date: received 7 Nov 2006, last revised 3 Dec 2006

Contact author: pointchang at gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20061203:090210 (All versions of this report)

Short URL: ia.cr/2006/412

Discussion forum: Show discussion | Start new discussion