Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

Dukjae Moon, Deukjo Hong, Daesung Kwon, Seokhie Hong

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

Original languageEnglish
Pages (from-to)1379-1389
Number of pages11
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE95-A
Issue number8
DOIs
Publication statusPublished - 2012 Aug 1

Fingerprint

Substitution
Permutation
Substitution reactions
Attack
Compression Function
Block Cipher

Keywords

  • Block cipher
  • Feistel scheme
  • Hash mode
  • Misty scheme
  • Preimage attack

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Graphics and Computer-Aided Design
  • Applied Mathematics
  • Signal Processing

Cite this

Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function. / Moon, Dukjae; Hong, Deukjo; Kwon, Daesung; Hong, Seokhie.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E95-A, No. 8, 01.08.2012, p. 1379-1389.

Research output: Contribution to journalArticle

@article{2b35b98982694aecbc8d8c2024d8acf7,
title = "Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function",
abstract = "We assume that the domain extender is the Merkle- Damg{\aa}rd (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.",
keywords = "Block cipher, Feistel scheme, Hash mode, Misty scheme, Preimage attack",
author = "Dukjae Moon and Deukjo Hong and Daesung Kwon and Seokhie Hong",
year = "2012",
month = "8",
day = "1",
doi = "10.1587/transfun.E95.A.1379",
language = "English",
volume = "E95-A",
pages = "1379--1389",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "8",

}

TY - JOUR

T1 - Meet-in-The-middle preimage attacks on hash modes of generalized feistel and misty schemes with SP round function

AU - Moon, Dukjae

AU - Hong, Deukjo

AU - Kwon, Daesung

AU - Hong, Seokhie

PY - 2012/8/1

Y1 - 2012/8/1

N2 - We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

AB - We assume that the domain extender is the Merkle- Damgård (MD) scheme and he message is padded by a '1', and minimum number of '0' s, followed by a fixed size length information so that the length of padded message is multiple of block length. Under this assumption, we analyze securities of the hash mode when the compression function follows the Davies-Meyer (DM) scheme and the underlying block cipher is one of the plain Feistel or Misty scheme or the generalized Feistel or Misty schemes with Substitution-Permutation (SP) round function. We do this work based on Meet-in-The-Middle (MitM) preimage attack techniques, and develop several useful initial structures.

KW - Block cipher

KW - Feistel scheme

KW - Hash mode

KW - Misty scheme

KW - Preimage attack

UR - http://www.scopus.com/inward/record.url?scp=84864769987&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84864769987&partnerID=8YFLogxK

U2 - 10.1587/transfun.E95.A.1379

DO - 10.1587/transfun.E95.A.1379

M3 - Article

VL - E95-A

SP - 1379

EP - 1389

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 8

ER -