JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19]

Journal of Information Science and Engineering, Vol. 30 No. 6, pp. 1789-1806

Improved (Pseudo) Preimage Attack and Second Preimage Attack on Round-Reduced Grostl Hash Function

JIAN ZOU^1,2, WENLING WU¹, SHUANG WU¹ AND LE DONG^1,2
¹TCA Institute of Software
Chinese Academy of Sciences
Beijing, 100190 P.R. China
²Graduate University of Chinese Academy of Sciences
Beijing, 100049 P.R. China
E-mail: {zoujian; wwl; wushuang; dongle}@is.iscas.ac.cn

The Grostl hash function is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we propose some improved (pseudo) preimage attacks on the Grostl hash function by using some techniques, such as subspace preimage attack and the guess-and-determine technique. We present the improved pseudo preimage attacks on 5-round Grostl-256 hash function and 8-round Grostl-512 hash function, and the complexities of these attacks are (2^239.90, 2^240.40) (in time and memory) and (2^499.50, 2⁴⁹⁹), respectively. We also extend the pseudo preimage from 5 rounds to 6 rounds for Grostl-256 hash function, besides the biclique attack. Furthermore, we propose the pseudo second preimage attack on 6-round Grostl-256 hash function. The complexities of our 6-round (pseudo) preimage and second preimage attacks are (2^253.26, 2^253.67) and (2^251.0, 2^252.0), respectively. As far as we know, these are the best known attacks on round-reduced Grostl hash function.

Keywords: Grostl, hash function, meet-in-the-middle, guess-and-determine, preimage attack, initial structure

Retrieve PDF document (JISE_201406_07.pdf)