Paper 2015/909

On the Impact of Known-Key Attacks on Hash Functions

Bart Mennink and Bart Preneel

Abstract

Hash functions are often constructed based on permutations or blockciphers, and security proofs are typically done in the ideal permutation or cipher model. However, once these random primitives are instantiated, vulnerabilities of these instantiations may nullify the security. At ASIACRYPT 2007, Knudsen and Rijmen introduced known-key security of blockciphers, which gave rise to many distinguishing attacks on existing blockcipher constructions. In this work, we analyze the impact of such attacks on primitive-based hash functions. We present and formalize the weak cipher model, which captures the case a blockcipher has a certain weakness but is perfectly random otherwise. A specific instance of this model, considering the existence of sets of B queries whose XOR equals 0 at bit-positions C, where C is an index set, covers a wide range of known-key attacks in literature. We apply this instance to the PGV compression functions, as well as to the Groestl (based on two permutations) and Shrimpton-Stam (based on three permutations) compression functions, and show that these designs do not seriously succumb to any differential known-key attack known to date.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2015
Keywords
hash functionsknown-key securityKnudsen-RijmenPGVGroestlShrimpton-Stamcollision resistancepreimage resistance
Contact author(s)
bart mennink @ esat kuleuven be
History
2015-11-25: revised
2015-09-17: received
See all versions
Short URL
https://ia.cr/2015/909
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/909,
      author = {Bart Mennink and Bart Preneel},
      title = {On the Impact of Known-Key Attacks on Hash Functions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/909},
      year = {2015},
      url = {https://eprint.iacr.org/2015/909}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.