Paper 2008/263

Slide Attacks on a Class of Hash Functions

Michael Gorski, Stefan Lucks, and Thomas Peyrin

Abstract

This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatun. We finally discuss simple countermeasures as a defense against slide attacks.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. ASIACRYPT 2008
Keywords
slide attackshash functionGrindahlRadioGatunMACsponge function
Contact author(s)
Michael Gorski @ uni-weimar de
History
2008-10-12: last of 2 revisions
2008-06-18: received
See all versions
Short URL
https://ia.cr/2008/263
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/263,
      author = {Michael Gorski and Stefan Lucks and Thomas Peyrin},
      title = {Slide Attacks on a Class of Hash Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2008/263},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/263}},
      url = {https://eprint.iacr.org/2008/263}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.