[Resource Topic] 2014/319: Preimage attacks on Reduced-round Stribog

Welcome to the resource topic for 2014/319

Preimage attacks on Reduced-round Stribog

Authors: Riham AlTawy, Amr M. Youssef


In August 2012, the Stribog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). Stribog employs twelve rounds of an AES-based compression function operating in Miyaguchi-Preneel mode. In this paper, we investigate the preimage resistance of the Stribog hash function. Specifically, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity of 2^{448} and memory complexity of 2^{64}. Additionally, we adopt a guess and determine approach to obtain a 6-round chunk separation that balances the available degrees of freedom and the guess size. The proposed chunk separation allows us to attack 6 out of 12 rounds with time and memory complexities of 2^{496} and 2^{112}, respectively. Finally, employing 2^t multicollision, we show that preimages of the 5 and 6-round reduced hash function can be generated with time complexity of 2^{481} and 2^{505}, respectively. The two preimage attacks have equal memory complexity of 2^{256}.

ePrint: https://eprint.iacr.org/2014/319

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .