Paper 2012/686

Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl

Jian Zou, Wenling Wu, Shuang Wu, and Le Dong

Abstract

Grøstl is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we use many techniques to improve the pseudo preimage attack on Grøstl hash function, such as subspace preimage attack and guess-and-determine technique. We present improved pseudo preimage attacks on 5-round Grøstl-256 and 8-round Grøstl-512 respectively. The complexity of the above two attacks are ($2^{239.90},2^{240.40}$) (in time and memory) and ($2^{499.50},2^{499}$) respectively. Furthermore, we propose pseudo preimage attack and pseudo second preimage attack on 6-round Grøstl-256. The complexity of our 6-round pseudo preimage and second preimage attack is ($2^{253.26},2^{253.67}$) and ($2^{251.0},2^{252.0}$) respectively. As far as we know, these are the best known attacks on round-reduced Grøstl hash function.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Grøstlmeet-in-the-middleguess-and-determine
Contact author(s)
zoujian @ is iscas ac cn
History
2012-12-10: revised
2012-12-10: received
See all versions
Short URL
https://ia.cr/2012/686
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/686,
      author = {Jian Zou and Wenling Wu and Shuang Wu and Le Dong},
      title = {Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grøstl},
      howpublished = {Cryptology ePrint Archive, Paper 2012/686},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/686}},
      url = {https://eprint.iacr.org/2012/686}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.