Cryptology ePrint Archive: Report 2012/640

Preimage and Pseudo-Collision Attacks on Step-Reduced SM3 Hash Function

Gaoli Wang and Yanzhao Shen

Abstract: SM3~\cite{SM3hf} is the Chinese cryptographic hash standard which was announced in 2010 and designed by Wang $et\ al.$. It is based on the Merkle-Damg\r{a}rd design and its compression function can be seen as a block cipher used in Davies-Meyer mode. It uses message block of length 512 bits and outputs hash value of length 256 bits. This paper studies the security of SM3 hash function against preimage attack and pseudo-collision attack. We propose preimage attacks on 29-step and 30-step SM3, and pseudo-preimage attacks on 31-step and 32-step SM3 out of 64 steps. The complexities of these attacks are $2^{245}$ 29-step operations, $2^{251.1}$ 30-step operations, $2^{245}$ 31-step operations and $2^{251.1}$ 32-step operations, respectively. These (pseudo) preimage attacks are all from the first step of the reduced SM3. Meanwhile, these (pseudo) preimage attacks can be converted into pseudo-collision attacks on SM3 reduced to 29 steps, 30 steps, 31 steps and 32 steps with complexities of $2^{122}$, $2^{125.1}$, $2^{122}$ and $2^{125.1}$ respectively. As far as we know, the previously best known preimage attacks on SM3 cover 28 steps (from the first step) and 30 steps (from the 7-th step), and there is no publicly published result on (pseudo) collision attack on SM3.

Category / Keywords: foundations / hash function

Publication Info: Submit to Information Processing Letters

Date: received 10 Nov 2012

Contact author: wanggaoli at dhu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20121111:162433 (All versions of this report)

Short URL: ia.cr/2012/640

Discussion forum: Show discussion | Start new discussion