Sciweavers

ISW
2009
Springer

Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n

14 years 7 months ago
Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n
The recently started SHA-3 competition in order to find a new secure hash standard and thus a replacement for SHA-1/SHA-2 has attracted a lot of interest in the academic world as well as in industry. There are 51 round one candidates building on sometimes very different principles. In this paper, we show how to attack two of the 51 round one hash functions. The attacks have in common that they exploit structural weaknesses in the design of the hash function and are independent of the underlying compression function. First, we present a preimage attack on the hash function Blender-n. It has a complexity of about n·2n/2 and negligible memory requirements. Secondly, we show practical collision and preimage attacks on DCHn. To be more precise, we can trivially construct a (28 + 2)-block collision for DCH-n and a 1297-block preimage with only 521 compression function evaluations. The attacks on both hash functions work for all output sizes and render the hash functions broken.
Mario Lamberger, Florian Mendel
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where ISW
Authors Mario Lamberger, Florian Mendel
Comments (0)