You are looking at a specific version 20090311:015627 of this paper. See the latest version.

Paper 2009/112

A 2nd-Preimage Attack on AURORA-512

Yu Sasaki

Abstract

In this note, we present a 2nd-preimage attack on AURORA-512, which is one of the candidates for SHA-3. Our attack can generate 2nd-preimages of any given message, in particular, the attack complexity becomes optimal when the message length is 9 blocks or more. In such a case, the attack complexity is approximately $2^{290}$ AURORA-512 operations, which is less than the brute force attack on AURORA-512, namely, $2^{512-\log_2{9}}\approx2^{508}$. Our attack exploits some weakness in the mode of operation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AURORADMMD2nd-preimagemulti-collision
Contact author(s)
sasaki yu @ lab ntt co jp
History
2009-03-11: received
Short URL
https://ia.cr/2009/112
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.