[Resource Topic] 2023/772: Classical and Quantum Meet-in-the-Middle Nostradamus Attacks on AES-like Hashing

Welcome to the resource topic for 2023/772

Title:
Classical and Quantum Meet-in-the-Middle Nostradamus Attacks on AES-like Hashing

Authors: Zhiyu Zhang, Siwei Sun, Caibing Wang, Lei Hu

Abstract:

At EUROCRYPT 2006, Kelsey and Kohno proposed the so-called chosen target forced-prefix (CTFP) preimage attack, where for any challenge prefix P, the attacker can generate a suffix S such that H(P\|S) = y for some hash value y published in advance by the attacker. Consequently, the attacker can pretend to predict some event represented by P she did not know before, and thus this type of attack is also known as the Nostradamus attack. At ASIACRYPT 2022, Benedikt et al. convert Kelsey et al.'s attack to a quantum one, reducing the time complexity from \mathcal{O}(\sqrt{n}\cdot 2^{2n/3}) to \mathcal{O}(\sqrt[3]{n} \cdot 2^{3n/7}). CTFP preimage attack is less investigated in the literature than (second-)preimage and collision attacks and lacks dedicated methods. In this paper, we propose the first dedicated Nostradamus attack based on the meet-in-the-middle (MITM) attack, and the MITM Nostradamus attack could be up to quadratically accelerated in the quantum setting. According to the recent works on MITM preimage attacks on AES-like hashing, we build an automatic tool to search for optimal MITM Nostradamus attacks and model the tradeoff between the offline and online phases. We apply our method to AES-MMO and Whirlpool, and obtain the first dedicated attack on round-reduced version of these hash functions. Our method and automatic tool are applicable to other AES-like hashings.

ePrint: https://eprint.iacr.org/2023/772

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .