Paper 2024/300

Diving Deep into the Preimage Security of AES-like Hashing

Shiyao Chen, Nanyang Technological University
Jian Guo, Nanyang Technological University
Eik List, Independent Researcher
Danping Shi, Chinese Academy of Sciences, University of Chinese Academy of Sciences
Tianyu Zhang, Nanyang Technological University

Since the seminal works by Sasaki and Aoki, Meet-in-the-Middle (MITM) attacks are recognized as an effective technique for preimage and collision attacks on hash functions. At Eurocrypt 2021, Bao et al. automated MITM attacks on AES-like hashing and improved upon the best manual result. The attack framework has been furnished by subsequent works, yet far from complete. This paper elucidates three key contributions dedicated in further generalizing the idea of MITM and refining the automatic model on AES-like hashing. (1) We introduce S-box linearization to MITM pseudo-preimage attacks on AES-like hashing. The technique suits perfectly with superposition states to preserve information after S-box with an affordable cost. (2) We propose distributed initial structures, an extension on the original concept of initial states, that selects initial degrees of freedom in a more versatile manner to enlarge the search space. (3) We exploit the structural similarities between encryption and key schedule in constructions (e.g. Whirlpool and Streebog) to model propagations more accurately and avoid repeated costs. Weaponed with these innovative techniques, we further empower the MITM framework and improve the attack results on AES-like designs for preimage and collision. We obtain the first preimage attacks on 10-round AES-192, 10-round Rijndael-192/256, and 7.75-round Whirlpool, reduced time and/or memory complexities for preimage attacks on 5-, 6-round Whirlpool and 7.5-, 8.5-round Streebog, as well as improved collision attacks on 6- and 6.5-round Whirlpool.

Available format(s)
Attacks and cryptanalysis
Publication info
A minor revision of an IACR publication in EUROCRYPT 2024
Meet-in-the-MiddlePreimage AttackAESRijndaelWhirlpoolStreebog
Contact author(s)
shiyao chen @ ntu edu sg
guojian @ ntu edu sg
elist @ posteo de
shidanping @ iie ac cn
tianyu005 @ e ntu edu sg
2024-03-11: revised
2024-02-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shiyao Chen and Jian Guo and Eik List and Danping Shi and Tianyu Zhang},
      title = {Diving Deep into the Preimage Security of {AES}-like Hashing},
      howpublished = {Cryptology ePrint Archive, Paper 2024/300},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.