Cryptology ePrint Archive: Report 2009/112

A 2nd-Preimage Attack on AURORA-512

Yu Sasaki

Abstract: In this note, we present a 2nd-preimage attack on AURORA-512, which is one of the candidates for SHA-3. Our attack can generate 2nd-preimages of any given message, in particular, the attack complexity becomes optimal when the message length is 9 blocks or more. In such a case, the attack complexity is approximately $2^{290}$ AURORA-512 operations, which is less than the brute force attack on AURORA-512, namely, $2^{512-\log_2{9}}\approx2^{508}$. Our attack exploits some weakness in the mode of operation.

Category / Keywords: secret-key cryptography / AURORA, DMMD, 2nd-preimage, multi-collision

Date: received 9 Mar 2009

Contact author: sasaki yu at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20090311:015627 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]