Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

Dukjae Moon; Deukjo Hong; Daesung Kwon; Seokhie Hong

doi:10.1587/transfun.E95.A.1379

Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

Dukjae Moon, Deukjo Hong, Daesung Kwon, Seokhie Hong

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

Original language	English
Pages (from-to)	1379-1389
Number of pages	11
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E95-A
Issue number	8
DOIs	https://doi.org/10.1587/transfun.E95.A.1379
Publication status	Published - 2012 Aug

Keywords

Block cipher
Feistel scheme
Hash mode
Misty scheme
Preimage attack

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1587/transfun.E95.A.1379

Cite this

@article{2b35b98982694aecbc8d8c2024d8acf7,

title = "Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function",

abstract = "We assume that the domain extender is the Merkle- Damg{\aa}rd (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.",

keywords = "Block cipher, Feistel scheme, Hash mode, Misty scheme, Preimage attack",

author = "Dukjae Moon and Deukjo Hong and Daesung Kwon and Seokhie Hong",

year = "2012",

month = aug,

doi = "10.1587/transfun.E95.A.1379",

language = "English",

volume = "E95-A",

pages = "1379--1389",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "8",

}

TY - JOUR

T1 - Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

AU - Moon, Dukjae

AU - Hong, Deukjo

AU - Kwon, Daesung

AU - Hong, Seokhie

PY - 2012/8

Y1 - 2012/8

N2 - We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

AB - We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

KW - Block cipher

KW - Feistel scheme

KW - Hash mode

KW - Misty scheme

KW - Preimage attack

UR - http://www.scopus.com/inward/record.url?scp=84864769987&partnerID=8YFLogxK

U2 - 10.1587/transfun.E95.A.1379

DO - 10.1587/transfun.E95.A.1379

M3 - Article

AN - SCOPUS:84864769987

SN - 0916-8508

VL - E95-A

SP - 1379

EP - 1389

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

IS - 8

ER -

Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this