Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family Dmitry Khovratovich 1 Christian Rechberger 2 Alexandra Savelieva 3 1 Microsoft Research Redmond, USA 2 DTU MAT, Denmark 3 National Research University Higher School of Economics, Russia 19th International Workshop on Fast Software Encryption - FSE 2012 March 19-21, 2012
23
Embed
Bicliques for Preimages: Attacks on Skein-512 and the SHA ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Bicliques for Preimages:
Attacks on Skein-512 and
the SHA-2 family
Dmitry Khovratovich1 Christian Rechberger2
Alexandra Savelieva3
1Microsoft Research Redmond, USA
2DTU MAT, Denmark
3National Research University Higher School of Economics, Russia
19th International Workshop on Fast Software Encryption - FSE 2012March 19-21, 2012
Recent Progress in Preimage
Attacks – MD4, MD5, and Tiger
Sasaki and Aoki.
Preimage attacks on
step-reduced MD5.
ACISP'08.
Sasaki, Aoki: Finding
Preimages in Full MD5
Faster Than Exhaustive
Search. EUROCRYPT
2009
Guo, Ling, Rechberger,
and Wang. Advanced
meet-in-the-middle
preimage attacks: First
results on full Tiger, and
improved results on
MD4 and SHA-2.
ASIACRYPT'10
2
2008
2009
2010
Introduction of Splice-and-Cut Framework
Introduction of Initial Structure
Recent Progress in Preimage
Attacks – SHA-x Family
Aoki and Sasaki. Meet-
in-the-middle preimage
attacks against reduced
SHA-0 and SHA-1.
CRYPTO'09.
Guo, Ling, Rechberger,
and Wang. Advanced
meet-in-the-middle
preimage attacks: First
results on full Tiger, and
improved results on
MD4 and SHA-2.
ASIACRYPT'10.
3
2008
2009
2010
Introduction of Splice-and-Cut Framework
Introduction of Initial Structure
Problem
• Concrete examples of the initial structure are
extremely sophisticated and hard to generalize.
• Many ad-hoc / not formalized techniques are
used to build initial structures
• While the other elements of splice-and-cut
framework seem exhausted already, the concept
behind initial structure has large potential and
few boundaries.
4
Purpose of our Research
• To replace the idea of the initial structure with a
more formal and generic concept
• To design generic algorithms for constructing the
initial structure
• To reduce manual efforts and time to build the
initial structure
5
New attacks on Skein-512 and
the SHA-2 familyReference Target Steps Complexity, 2x Memory