Cited By
View all- El Ksimi ALeghris C(2018)Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects NetworksSecurity and Communication Networks10.1155/2018/18164622018Online publication date: 6-Jun-2018
Preimage and pseudo-collision attacks on step-reduced SM3 hash function
Authors: 
Gaoli Wang, Yanzhao ShenAuthors Info & Claims
Gaoli Wang, Yanzhao ShenAuthors Info & ClaimsPages 301 - 306
Abstract
SM3 [12] is the Chinese cryptographic hash standard which was announced in 2010 and designed by Wang et al. It is based on the Merkle-Damgard design and its compression function can be seen as a block cipher used in Davies-Meyer mode. It uses message block of length 512 bits and outputs hash value of length 256 bits. This letter studies the security of SM3 hash function against preimage attack and pseudo-collision attack by using the weakness of diffusion process and linear message expansion. We propose preimage attacks on 29-step and 30-step SM3, and pseudo-preimage attacks on 31-step and 32-step SM3 out of 64 steps. The complexities of these attacks are 2^2^4^5 29-step operations, 2^2^5^1^.^1 30-step operations, 2^2^4^5 31-step operations and 2^2^5^1^.^1 32-step operations, respectively. These (pseudo-)preimage attacks are all from the 1-st step of the reduced SM3. Furthermore, these (pseudo-)preimage attacks can be converted into pseudo-collision attacks on SM3 reduced to 29 steps, 30 steps, 31 steps and 32 steps with complexities of 2^1^2^2, 2^1^2^5^.^1, 2^1^2^2 and 2^1^2^5^.^1 respectively. As far as we know, the previously best known preimage attacks on SM3 cover 28 steps (from the 1-st step) and 30 steps (from the 7-th step).
References
[1]
Aoki, K. and Sasaki, Y., Preimage attacks on one-block MD4, 63-step MD5 and more. In: LNCS, vol. 5381. Springer. pp. 103-119.
[2]
Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C. and Jalby, W., Collisions of SHA-0 and reduced SHA-1. In: LNCS, vol. 3494. Springer. pp. 36-57.
[3]
Diffie, W. and Hellman, M.E., Exhaustive cryptanalysis of the NBS data encryption standard. Computer. v10 i6. 74-84.
[4]
Guo, J., Ling, S., Rechberger, C. and Wang, H., Advanced meet-in-the-middle preimage attacks: First results on full tiger, and improved results on MD4 and SHA-2. In: LNCS, vol. 6477. Springer. pp. 56-75.
[5]
Kircanski, A., Shen, Y., Wang, G. and Youssef, A.M., Boomerang and slide-rotational analysis of SM3 hash function. In: LNCS, vol. 7707. Springer. pp. 305-321.
[6]
Knellwolf, S. and Khovratovich, D., New preimage attacks against reduced SHA-1. In: LNCS, vol. 7417. Springer. pp. 367-383.
[7]
Khovratovich, D., Rechberger, C. and Savelieva, A., Bicliques for preimages: Attacks on Skein-512 and the SHA-2 family. In: LNCS, vol. 7549. Springer. pp. 244-263.
[8]
Knudsen, L.R., Truncated and higher order differentials. In: LNCS, vol. 1008. Springer. pp. 196-211.
[9]
Leurent, G., MD4 is not one-way. In: LNCS, vol. 5086. Springer. pp. 412-428.
[10]
Sasaki, Y. and Aoki, K., Finding preimages in full MD5 faster than exhaustive search. In: LNCS, vol. 5479. Springer. pp. 134-152.
[11]
Li, J., Isobe, T. and Shibutani, K., Converting meet-in-the-middle preimage attack into pseudo collision attack: Application to SHA-2. In: LNCS, vol. 7549. Springer. pp. 264-286.
[12]
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
[13]
Wang, X. and Yu, H., How to break MD5 and other hash functions. In: LNCS, vol. 3494. Springer. pp. 19-35.
[14]
Wang, X., Yin, Y.L. and Yu, H., Finding collisions in the full SHA-1. In: LNCS, vol. 3621. Springer. pp. 17-36.
[15]
Yu, H., Wang, G., Zhang, G. and Wang, X., The second-preimage attack on MD4. In: LNCS, vol. 3810. Springer. pp. 1-12.
[16]
Zou, J., Wu, W., Wu, S., Su, B. and Dong, L., Preimage attacks on step-reduced SM3 Hash function. In: LNCS, vol. 7259. Springer. pp. 375-390.
[17]
F. Mendel, T. Nad, M. Schläffer, Finding collisions for round-reduced SM3, accepted by CT-RSA 2013.
Recommendations
Preimage attacks on step-reduced SM3 hash function
ICISC'11: Proceedings of the 14th international conference on Information Security and CryptologyThis paper proposes a preimage attack on SM3 hash function reduced to 30 steps. SM3 is an iterated hash function based on the Merkle-Damgård design. It is a hash function used in applications such as the electronic certification service system in China. ...
(Pseudo) preimage attack on round-reduced grøstl hash function and others
FSE'12: Proceedings of the 19th international conference on Fast Software EncryptionThe Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-...
Improved Preimage Attacks against Reduced HAS-160
ISPEC 2014: Proceedings of the 10th International Conference on Information Security Practice and Experience - Volume 8434HAS-160 is a Korean industry standard for hash functions. It has a similar structure to SHA-1 and produces a 160-bit hash value. In this paper, we propose improved preimage attacks against step-reduced HAS-160 using the differential meet-in-the-middle ...
Comments
Information & Contributors
Information
Published In
Copyright © Elsevier B.V. © 2013.
Publisher
Elsevier North-Holland, Inc.
United States
Publication History
Published: 01 April 2013
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Feb 2025
Other Metrics
Citations
Cited By
View all- El Ksimi ALeghris C(2018)Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects NetworksSecurity and Communication Networks10.1155/2018/18164622018Online publication date: 6-Jun-2018