IIIT-Delhi Institutional Repository

Biclique cryptanalysis of full round AES-128 based hashing modes

Show simple item record

dc.contributor.author Chang, Donghoon
dc.contributor.author Ghosh, Mohona
dc.contributor.author Sanadhya, Somitra Kumar
dc.date.accessioned 2015-03-23T04:05:04Z
dc.date.available 2015-03-23T04:05:04Z
dc.date.issued 2015-03-23T04:05:04Z
dc.identifier.uri https://repository.iiitd.edu.in/jspui/handle/123456789/224
dc.description.abstract In this work, we revisit the security analysis of AES-128 instantiated hash modes. We use biclique cryptanalysis technique as our basis for the attack. The traditional biclique approach used for key recovery in AES (and preimage search in AES based compression function) cannot be applied directly to hash function settings due to restrictions imposed on message input due to padding. Under this criteria, we show how to translate biclique technique to hash domain and demonstrate preimage and second preimage attack on all 12 PGV modes. Our preimage attack complexity for all PGV modes stands at 2127.4. The second preimage attack complexities differ based on the PGV construction chosen - the lowest being 2126.3 and the highest being 2126.67 complexity. We also show how to model our attacks under different settings, e.g., when message is padded/ not padded, when chaining variable is known/not known, when full message or key space is available/ not available to the attacker etc. Our attacks require only 2 message blocks with padding included and works on full 10 rounds of AES-128 for all 12 PGV modes. In our attacks, the IV is assumed to be a known constant which is a practical assumption but knowledge of other chaining variables is not required for the attacker. Considering these, our results can be termed as the best so far in literature. Though our attack results do not significantly decrease the attack complexity factor as compared to brute force but they highlight the actual security margin provided by these constructions. en_US
dc.language.iso en_US en_US
dc.relation.ispartofseries IIITD-TR-2015-006
dc.subject AES en_US
dc.subject Block ciphers en_US
dc.subject Hash functions en_US
dc.subject Cryptanalysis en_US
dc.subject Biclique en_US
dc.subject Preimage attack en_US
dc.title Biclique cryptanalysis of full round AES-128 based hashing modes en_US
dc.type Technical Report en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Repository

Advanced Search


My Account