Paper 2009/006

Huge Multicollisions and Multipreimages of Hash Functions BLENDER-n

Vlastimil Klima

Abstract

In this paper we present a multicollision and multipreimage attack on the hash function Blender-n [1] for all output sizes n = 224, 256, 384 and 512. The complexity and memory requirements for finding 2^{2n} multipreimages (multicollisions) of Blender-n is roughly 10 times more than finding a collision for n/2-bit random hash function. All previous attacks were based on the trick by Joux [2] using many messages. Our attacks are based on one message with several fixpoints. The state register has eight words. By properly choosing message words we force half of the register to go to the original state. Then we will find a collision in the rest with complexity 2^{n/4}. The collision creates a fix point in the sequence of states of the state register. We use 10 such fix points. Previously known attacks [4, 5] on Blender-n have the complexity at least 2^{n/2}. Our 2^{2n}-multicollision and multipreimage attacks have a complexity 10*2^{n/4}.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functions
Contact author(s)
v klima @ volny cz
History
2009-01-04: received
Short URL
https://ia.cr/2009/006
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/006,
      author = {Vlastimil Klima},
      title = {Huge Multicollisions and Multipreimages of Hash Functions {BLENDER}-n},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/006},
      year = {2009},
      url = {https://eprint.iacr.org/2009/006}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.