Paper Abstract and Keywords |
Presentation |
2013-07-18 15:15
A Collision Attack on a Double-Block-Length Compression Function Instantiated with Round-Reduced AES-256 Jiageng Chen (JAIST), Shoichi Hirose (Univ. of Fukui), Hidenori Kuwakado (Kansai Univ.), Atsuko Miyaji (JAIST) ISEC2013-19 SITE2013-14 ICSS2013-24 EMM2013-21 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
This paper presents the first collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: $f_0(h_0|h_1,M)|f_1(h_0|h_1,M)$ such that $f_0(h_0|h_1,M)=E_{h_1|M}(h_0)oplus h_0$ and $f_1(h_0|h_1,M)=E_{h_1|M}(h_0oplus c)oplus h_0oplus c$, where $|$ represents concatenation, $E$ is AES-256 and $c$ is a non-zero constant. The proposed attack is a free-start collision attack. It uses the rebound attack proposed by Mendel et al. It finds a collision with time complexity $2^{8}$ and $2^{64}$ for the instantiation with 6-round AES-256 and 8-round AES-256, respectively. The space complexity is negligible. The attack is effective only if the $16$-byte constant $c$ has a single non-zero byte. It still sheds light on a gap between the ideal world and the real world: The target double-block-length compression function is shown to be optimally collision-resistant in the ideal cipher model. It also suggests how not to choose the constant. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
hash function / compression function / AES / collision attack / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 113, no. 135, ISEC2013-19, pp. 59-66, July 2013. |
Paper # |
ISEC2013-19 |
Date of Issue |
2013-07-11 (ISEC, SITE, ICSS, EMM) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ISEC2013-19 SITE2013-14 ICSS2013-24 EMM2013-21 |
Conference Information |
Committee |
EMM ISEC SITE ICSS IPSJ-CSEC IPSJ-SPT |
Conference Date |
2013-07-18 - 2013-07-19 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
|
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security |
Paper Information |
Registration To |
ISEC |
Conference Code |
2013-07-EMM-ISEC-SITE-ICSS-CSEC-SPT |
Language |
English (Japanese title is available) |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Collision Attack on a Double-Block-Length Compression Function Instantiated with Round-Reduced AES-256 |
Sub Title (in English) |
|
Keyword(1) |
hash function |
Keyword(2) |
compression function |
Keyword(3) |
AES |
Keyword(4) |
collision attack |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Jiageng Chen |
1st Author's Affiliation |
Japan Advanced Institute of Science and Technology (JAIST) |
2nd Author's Name |
Shoichi Hirose |
2nd Author's Affiliation |
University of Fukui (Univ. of Fukui) |
3rd Author's Name |
Hidenori Kuwakado |
3rd Author's Affiliation |
Kansai University (Kansai Univ.) |
4th Author's Name |
Atsuko Miyaji |
4th Author's Affiliation |
Japan Advanced Institute of Science and Technology (JAIST) |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-2 |
Date Time |
2013-07-18 15:15:00 |
Presentation Time |
25 minutes |
Registration for |
ISEC |
Paper # |
ISEC2013-19, SITE2013-14, ICSS2013-24, EMM2013-21 |
Volume (vol) |
vol.113 |
Number (no) |
no.135(ISEC), no.136(SITE), no.137(ICSS), no.138(EMM) |
Page |
pp.59-66 |
#Pages |
8 |
Date of Issue |
2013-07-11 (ISEC, SITE, ICSS, EMM) |
|