[Resource Topic] 2012/206: (Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others (Extended Version)

Welcome to the resource topic for 2012/206

Title:
(Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others (Extended Version)

Authors: Shuang Wu, Dengguo Feng, Wenling Wu, Jian Guo, Le Dong, Jian Zou

Abstract:

The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e. we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10)-round Grøstl-256 has a complexity of (2^{244.85},2^{230.13}) (in time and memory) and pseudo preimage attack on 8(out of 14)-round Grøstl-512 has a complexity of (2^{507.32},2^{507.00}). To the best of our knowledge, our attacks are the first (pseudo) preimage attacks on round-reduced Grøstl hash function, including its compression function and output transformation. These results are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki. We also improve the time complexities of the preimage attacks against 5-round Whirlpool and 7-round AES hashes by Sasaki in FSE~2011.

ePrint: https://eprint.iacr.org/2012/206

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .