Cryptology ePrint Archive: Report 2012/686

Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl

Jian Zou and Wenling Wu and Shuang Wu and Le Dong

Abstract: Grøstl is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we use many techniques to improve the pseudo preimage attack on Grøstl hash function, such as subspace preimage attack and guess-and-determine technique. We present improved pseudo preimage attacks on 5-round Grøstl-256 and 8-round Grøstl-512 respectively. The complexity of the above two attacks are ($2^{239.90},2^{240.40}$) (in time and memory) and ($2^{499.50},2^{499}$) respectively. Furthermore, we propose pseudo preimage attack and pseudo second preimage attack on 6-round Grøstl-256. The complexity of our 6-round pseudo preimage and second preimage attack is ($2^{253.26},2^{253.67}$) and ($2^{251.0},2^{252.0}$) respectively. As far as we know, these are the best known attacks on round-reduced Grøstl hash function.

Category / Keywords: secret-key cryptography / Gr{\o}stl, meet-in-the-middle, guess-and-determine,

Date: received 5 Dec 2012, last revised 10 Dec 2012

Contact author: zoujian at is iscas ac cn

Available format(s): PDF | BibTeX Citation

Version: 20121210:123720 (All versions of this report)

Short URL: ia.cr/2012/686

Discussion forum: Show discussion | Start new discussion