Paper 2015/959

Cryptanalysis of the Round-Reduced Kupyna Hash Function

Jian Zou and Le Dong

Abstract

The Kupyna hash function was selected as the new Ukrainian standard DSTU 7564:2014 in 2015. It is designed to replace the old Independent States (CIS) standard GOST 34.311-95. The Kupyna hash function is an AES-based primitive, which uses Merkle-Damgård compression function based on Even-Mansour design. In this paper, we show the first cryptanalytic attacks on the round-reduced Kupyna hash function. Using the rebound attack, we present a collision attack on 5-round of the Kupyna-256 hash function. The complexity of this collision attack is ($2^{120},2^{64}$) (in time and memory). Furthermore, we use guess-and-determine MitM attack to construct pseudo-preimage attacks on 6-round Kupyna-256 and Kupyna-512 hash function, respectively. The complexity of these preimage attacks are ($2^{250.33},2^{250.33}$) and ($2^{498.33},2^{498.33}$) (in time and memory), respectively.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Kupynapreimage attackcollision attackrebound attackmeet-in-the-middleguess-and-determine
Contact author(s)
zoujian @ fzu edu cn
History
2015-10-02: received
Short URL
https://ia.cr/2015/959
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/959,
      author = {Jian Zou and Le Dong},
      title = {Cryptanalysis of the Round-Reduced Kupyna Hash Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/959},
      year = {2015},
      url = {https://eprint.iacr.org/2015/959}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.