Cryptology ePrint Archive: Report 2006/116

Second Preimages for Iterated Hash Functions Based on a b-Block Bypass

Mario Lamberger and Norbert Pramstaller and Vincent Rijmen

Abstract: In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instantiated with DESX but AES should rather be used. However, we use the instantiation of this hash scheme with DESX to introduce a new property of iterated hash functions, namely a so-called b-block bypass. We will show that if an iterated hash function possesses a b-block bypass, then this implies that second preimages can be constructed. Additionally, the attacker has more degrees of freedom for constructing the second preimage.

Category / Keywords: iterated hash functions, second preimage, differential cryptanalysis

Date: received 23 Mar 2006, last revised 26 Sep 2006

Contact author: Norbert Pramstaller at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20060926:112234 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]