Paper 2012/372

New Preimage Attacks on Hash Modes of AES-256

Deukjo Hong, Dong-Chan Kim, and Daesung Kwon

Abstract

We study the slow diffusion of the AES key schedule for 256-bit keys and find weakness which can be used in the preimage attack on its Davis-Meyer mode. Our preimage attack works for 8 rounds of AES-256 with the computational complexity of $2^{124.9}$, while the best previous attack works for 7 rounds of AES-256. It is also extended to the preimage attack on some well-known double-block-length hash modes assuming the underlying block cipher is 8-round AES-256, whose computational complexity is $2^{252.9}$.

Note: Now we recognize the biclique attacks on full rounds of AES can be converted to preimage attacks on hash modes of AES. So, the novelty of this result is small.

Metadata
Available format(s)
-- withdrawn --
Publication info
Published elsewhere. Unknown where it was published
Keywords
Preimage attackHash modesAES-256
Contact author(s)
hongdj @ ensec re kr
History
2012-09-03: withdrawn
2012-07-05: received
See all versions
Short URL
https://ia.cr/2012/372
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.