Improved Preimage Attack on 3-Pass HAVAL

doi:10.1007/s12204-011-1215-3

Abstract

Abstract: HAVAL is a hash function proposed by
Zheng et al. in 1992, including 3-, 4- and 5-pass versions.
We improve pseudo-preimage and preimage attacks on 3-pass HAVAL at
the complexity of 2^ 172 and 2^ 209.6 , respectively, as
compared to the previous best known results: 2^ 192 and 2^ 225
by Sasaki et al. in 2008. We extend the skip interval for
partial-patching and apply the initial structure technique to find
the better message chunks, and combine the
indirect-partial-matching, partial-fixing and multi-neutral-word
partial-fixing techniques to improve the attacks based on the
meet-in-the-middle method. These are the best pseudo-preimage and
preimage attacks on 3-pass HAVAL.

Key words:

hash| meet-in-the-middle| preimage

摘要： HAVAL is a hash function proposed by
Zheng et al. in 1992, including 3-, 4- and 5-pass versions.
We improve pseudo-preimage and preimage attacks on 3-pass HAVAL at
the complexity of 2^ 172 and 2^ 209.6 , respectively, as
compared to the previous best known results: 2^ 192 and 2^ 225
by Sasaki et al. in 2008. We extend the skip interval for
partial-patching and apply the initial structure technique to find
the better message chunks, and combine the
indirect-partial-matching, partial-fixing and multi-neutral-word
partial-fixing techniques to improve the attacks based on the
meet-in-the-middle method. These are the best pseudo-preimage and
preimage attacks on 3-pass HAVAL.

关键词:

hash| meet-in-the-middle| preimage

CLC Number:

TP309

ZHONG Jin-min (钟锦敏), LAI Xue-jia (来学嘉), DUAN Ming (段明) . Improved Preimage Attack on 3-Pass HAVAL[J]. Journal of shanghai Jiaotong University (Science), 2011, 16(6): 713-721.

References

1 Wang X Y, Lai X J, Feng D G, et al. Cryptanalysis of the hash

functions MD4 and RIPEMD [C]// Advances in Cryptology,

EUROCRYPT 2005, LNCS 3494. Berlin: Springer-Verlag, 2005: 1-18.

    2 Wang X Y, Yu H B. How to break MD5 and other hash functions

[C]// Advances in Cryptology, EUROCRYPT 2005, LNCS

3494. Berlin: Springer-Verlag, 2005: 19-35.

    3 Wang X Y, Yu H B, Yin Y Q L. Efficient collision search

attacks on SHA-0 [C]// Advances in Cryptology, CRYPTO 2005,

LNCS 3621. Berlin: Springer-Verlag, 2005: 1-16.

    4 Wang X Y, Yin Y Q, Yu H B.   Finding collisions in the full

SHA-1 [C]// Advances in Cryptology, CRYPTO 2005, LNCS 3621.

Berlin: Springer-Verlag, 2005: 17-36.

    5 Zheng Y L, Pieprzyk J, Seberry J.   HAVAL---A one-way hashing

algorithm with variable length of output [C]// Advances in

Cryptology, ASIACRYPT 1992, LNCS 718. Berlin: Springer-Verlag,

1993: 83-104.

    6 Wang X Y, Feng D G, Yu X Y.   An attack on hash function

HAVAL-128 [J]. Science in China Series F: Information

Sciences, 2005, 48 (5): 545-556.

    7 Van ROMPAY B, Biryukov A, Preneel B,   et al. Cryptanalysis of

3-pass HAVAL [C]// Advances in Cryptology, ASIACRYPT 2003, LNCS

2894. Berlin: Springer-Verlag, 2003: 228-245.

    8 Yu H B, Wang X Y, Yun A, et al. Cryptanalysis of the full

HAVAL with 4 and 5 passes [C]// Fast Software Encryption 2006,

LNCS 4047. Berlin: Springer-Verlag, 2006: 89-110.

    9 Suzuki K, Kurosawa K.   How to find many collisions of 3-pass

haval [C]// Second International Workshop on Security, IWSEC

2007, LNCS 4752. Berlin: Springer-Verlag, 2007: 428-443.

    10 Yu H B, Wang X Y.   Multi-collision attack on the compression

functions of MD4 and 3-pass HAVAL [C]// Information Security

and Cryptology, ICISC 2007, LNCS 4817. Berlin: Springer-Verlag,

2007: 206-226.

    11 Lee E, Chang D, Kim J,   et al. Second preimage attack on 3-pass

HAVAL and partial key-recovery attacks on HMAC/NMAC-3-pass HAVAL

[C]// Fast Software Encryption 2008, LNCS 5086. Berlin:

Springer-Verlag, 2008: 189-206.

    12 Yu H B, Wang G L, Zhang G Y, et al. The second preimage attack

on MD4 [C]// Cryptology and Network Security (CANS) 2005, LNCS

3810. Berlin: Springer-Verlag, 2005: 1-12.

    13 Wang G L, Wang S H.   Second preimage attack on 5-pass HAVAL and

partial key-recovery attack on HMAC/NMAC-5-pass HAVAL [C]//

Progress in Cryptology, AFRICACRYPT 2009, LNCS 5580. Berlin:

Springer-Verlag, 2009: 1-13.

    14 Aoki K, Guo J, Matusiewicz K, et al. Preimages for

step-reduced SHA-2 [C]// Advances in Cryptology, ASIACRYPT

2009, LNCS 5912. Berlin: Springer-Verlag, 2009: 578-597.

    15 Sasaki Y, Aoki K.   Finding preimages in full MD5 faster than

exhaustive search [C]// Advances in Cryptology, EUROCRYPT 2009,

LNCS 5479. Berlin: Springer-Verlag, 2009: 134-152.

    16 Leurent G.   MD4 is not one-way [C]// Fast Software

Encryption 2008, LNCS 5086. Berlin: Springer-Verlag, 2008: 412-428.

    17 Sasaki Y.   Meet-in-the-middle attacks using output truncation

in 3-pass HAVAL [C]// Information Security (ISC) 2009, LNCS

5735. Berlin: Springer-Verlag, 2009: 79-94.

    18 Aumasson J P, Meier W, Mendel F.   Preimage attacks on 3-pass

HAVAL and step-reduced MD5 [C]// Selected Areas in Cryptography

2008, LNCS 5381. Berlin: Springer-Verlag, 2009: 120-135.

    19 Sasaki Y, Aoki K.   Preimage attacks on 3, 4, and 5-pass HAVAL

[C]// Advances in Cryptology, ASIACRYPT    2008,

LNCS 5350. Berlin: Springer-Verlag, 2008: 253-271.

    20 Isobe T, Shibutani K.   Preimage attacks on reduced tiger and

SHA-2 [C]// Fast Software Encryption 2009, LNCS 5665. Berlin:

Springer-Verlag, 2009: 139-155.

    21 Aoki K, Sasaki Y.   Meet-in-the-middle preimage attacks against

reduced SHA-0 and SHA-1 [C]// Advances in Cryptology, CRYPTO

2009, LNCS 5677. Berlin: Springer-Verlag, 2009: 70-89.

    22 Guo J, Ling S, Rechberger C,   et al. Advanced

meet-in-the-middle preimage attacks: First results on full tiger,

and improved results on MD4 and   SHA-2   [C]// Advances in

Cryptology, ASIACRYPT 2010, LNCS 6477. Berlin: Springer-Verlag,

2010: 56-75.

    23 Zhong J M, Lai X J.   Improved preimage attack on one-block md4

[EB/OL]. (2011-07-01). http://eprint.iacr.org/2010/583.pdf.

    24 Aoki K, Sasaki Y.   Preimage attacks on one-block MD4, 63-step

MD5 and more [C]// Selected Areas in Cryptography 2008, LNCS

5381. Berlin: Springer-Verlag, 2009: 103-119.

    25 Lai X J, Massey J L.   Hash functions based on block ciphers

[C]// Advances in Cryptology, EUROCRYPT 1992, LNCS 658.

Berlin: Springer-Verlag, 1993: 55-70.

[1]	LI Dewen,HUANG Wenjun,HU Jinghong,QIAN Yizhou. A Distributed Redundant Real-Time Data Storage Mechanism [J]. Journal of Shanghai Jiaotong University, 2014, 48(07): 948-952.
[2]	ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅). Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32 [J]. Journal of shanghai Jiaotong University (Science), 2013, 18(2): 147-152.
[3]	ZHANG Wei-1, PU Ying-Chao-2, TANG Wen-Yong-1, ZHANG Sheng-Kun-1. Longitudinal Ultimate Strength of Composite Ship Hull Considering Delamination Damage Mode [J]. Journal of Shanghai Jiaotong University, 2012, 46(03): 394-397.
[4]	WANG Chih-hung (王智弘), WEI Shih-yi (魏仕益). Highly Resilient Key Distribution Strategy for Multi-level Heterogeneous Sensor Networks by Using Deployment Knowledge [J]. Journal of shanghai Jiaotong University (Science), 2011, 16(5): 593-599.