Paper 2009/112

A 2nd-Preimage Attack on AURORA-512

Yu Sasaki

Abstract

In this note, we present a 2nd-preimage attack on AURORA-512, which is one of the candidates for SHA-3. Our attack can generate 2nd-preimages of any given message, in particular, the attack complexity becomes optimal when the message length is 9 blocks or more. In such a case, the attack complexity is approximately $2^{290}$ AURORA-512 operations, which is less than the brute force attack on AURORA-512, namely, $2^{512-\log_2{9}}\approx2^{508}$. Our attack exploits some weakness in the mode of operation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AURORADMMD2nd-preimagemulti-collision
Contact author(s)
sasaki yu @ lab ntt co jp
History
2009-03-11: received
Short URL
https://ia.cr/2009/112
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/112,
      author = {Yu Sasaki},
      title = {A 2nd-Preimage Attack on {AURORA}-512},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/112},
      year = {2009},
      url = {https://eprint.iacr.org/2009/112}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.