Cryptology ePrint Archive: Report 2012/372

New Preimage Attacks on Hash Modes of AES-256

Deukjo Hong and Dong-Chan Kim and Daesung Kwon

Abstract: We study the slow diffusion of the AES key schedule for 256-bit keys and find weakness which can be used in the preimage attack on its Davis-Meyer mode. Our preimage attack works for 8 rounds of AES-256 with the computational complexity of $2^{124.9}$, while the best previous attack works for 7 rounds of AES-256. It is also extended to the preimage attack on some well-known double-block-length hash modes assuming the underlying block cipher is 8-round AES-256, whose computational complexity is $2^{252.9}$.

Category / Keywords: Preimage attack, Hash modes, AES-256

Date: received 3 Jul 2012, last revised 30 Aug 2012, withdrawn 3 Sep 2012

Contact author: hongdj at ensec re kr

Available format(s): (-- withdrawn --)

Note: Now we recognize the biclique attacks on full rounds of AES can be converted to preimage attacks on hash modes of AES. So, the novelty of this result is small.

Version: 20120903:110728 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]