Sciweavers

ACNS
2009
Springer

Cryptanalysis of Twister

14 years 7 months ago
Cryptanalysis of Twister
In this paper, we present a pseudo-collision attack on the compression function of all Twister variants (224,256,384,512) with complexity of about 226.5 compression function evaluations. We show how the compression function attack can be extended to construct collisions for Twister-512 slightly faster than brute force search. Furthermore, we present a second-preimage attack for Twister-512 with complexity of about 2448 compression function evaluations and memory requirement of 264 1 Description of Twister The hash function Twister is an iterated hash function based on the Merkle-Damg˚ard design principle. It processes message blocks of 512 bits and produces a hash value of 224, 256, 384, or 512 bits. If the message length is not a multiple of 512, an unambiguous padding method is applied. For the description of the padding method we refer to [1]. Let m = m1 m2 · · · mt be a t-block message (after padding). The hash value h = H(m) is computed as follows: H0 = IV Hi = f(Hi−1, Mi) f...
Florian Mendel, Christian Rechberger, Martin Schl&
Added 25 May 2010
Updated 25 May 2010
Type Conference
Year 2009
Where ACNS
Authors Florian Mendel, Christian Rechberger, Martin Schläffer
Comments (0)