Paper 2012/372
New Preimage Attacks on Hash Modes of AES-256
Deukjo Hong, Dong-Chan Kim, and Daesung Kwon
Abstract
We study the slow diffusion of the AES key schedule for 256-bit keys and find weakness which can be used in the preimage attack on its Davis-Meyer mode. Our preimage attack works for 8 rounds of AES-256 with the computational complexity of $2^{124.9}$, while the best previous attack works for 7 rounds of AES-256. It is also extended to the preimage attack on some well-known double-block-length hash modes assuming the underlying block cipher is 8-round AES-256, whose computational complexity is $2^{252.9}$.
Note: Now we recognize the biclique attacks on full rounds of AES can be converted to preimage attacks on hash modes of AES. So, the novelty of this result is small.
Metadata
- Available format(s)
- -- withdrawn --
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Preimage attackHash modesAES-256
- Contact author(s)
- hongdj @ ensec re kr
- History
- 2012-09-03: withdrawn
- 2012-07-05: received
- See all versions
- Short URL
- https://ia.cr/2012/372
- License
-
CC BY