Dithered hash functions were proposed by Rivest as a method to mitigate second preimage attacks on Merkle-Damgård hash functions. Despite that, second preimage attacks against dithered hash functions were proposed by Andreeva et al., One issue with these second preimage attacks is their huge memory requirement in the precomputation and the online phases. In this paper, we present new second preimage attacks on the dithered Merkle-Damgård construction. These attacks consume significantly less memory in the online phase (with a negligible increase in the online time complexity) than previous attacks. For example, in the case of MD5 with the Keränen sequence, we reduce the memory complexity from about blocks to about (about 545, MB). We also present an essentially memoryless variant of Andreeva et al., attack. In case of MD5-Keränen or SHA1-Keränen, the offline and online memory complexity is message blocks (about 188–235, KB), at the expense of increasing the offline time complexity.
|Title of host publication||Selected Areas in Cryptography – SAC 2016 - 23rd International Conference, Revised Selected Papers|
|Editors||Roberto Avanzi, Howard Heys|
|Number of pages||17|
|State||Published - 2017|
|Event||23rd International Conference on Selected Areas in Cryptography, SAC 2016 - St. John's, Canada|
Duration: 10 Aug 2016 → 12 Aug 2016
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||23rd International Conference on Selected Areas in Cryptography, SAC 2016|
|Period||10/08/16 → 12/08/16|
Bibliographical noteFunding Information:
The first and second authors were supported in part by the Israeli Science Foundation through grant No. 827/12.
© 2017, Springer International Publishing AG.
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science (all)