Paper 2012/640

Preimage and Pseudo-Collision Attacks on Step-Reduced SM3 Hash Function

Gaoli Wang and Yanzhao Shen

Abstract

SM3~\cite{SM3hf} is the Chinese cryptographic hash standard which was announced in 2010 and designed by Wang $et\ al.$. It is based on the Merkle-Damgård design and its compression function can be seen as a block cipher used in Davies-Meyer mode. It uses message block of length 512 bits and outputs hash value of length 256 bits. This paper studies the security of SM3 hash function against preimage attack and pseudo-collision attack. We propose preimage attacks on 29-step and 30-step SM3, and pseudo-preimage attacks on 31-step and 32-step SM3 out of 64 steps. The complexities of these attacks are $2^{245}$ 29-step operations, $2^{251.1}$ 30-step operations, $2^{245}$ 31-step operations and $2^{251.1}$ 32-step operations, respectively. These (pseudo) preimage attacks are all from the first step of the reduced SM3. Meanwhile, these (pseudo) preimage attacks can be converted into pseudo-collision attacks on SM3 reduced to 29 steps, 30 steps, 31 steps and 32 steps with complexities of $2^{122}$, $2^{125.1}$, $2^{122}$ and $2^{125.1}$ respectively. As far as we know, the previously best known preimage attacks on SM3 cover 28 steps (from the first step) and 30 steps (from the 7-th step), and there is no publicly published result on (pseudo) collision attack on SM3.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Submit to Information Processing Letters
Keywords
hash function
Contact author(s)
wanggaoli @ dhu edu cn
History
2012-11-11: received
Short URL
https://ia.cr/2012/640
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/640,
      author = {Gaoli Wang and Yanzhao Shen},
      title = {Preimage and Pseudo-Collision Attacks on Step-Reduced SM3 Hash Function},
      howpublished = {Cryptology ePrint Archive, Paper 2012/640},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/640}},
      url = {https://eprint.iacr.org/2012/640}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.