Cryptanalysis of Twister

13 years 11 months ago

Download ehash.iaik.tugraz.at

In this paper, we present a pseudo-collision attack on the compression function of all Twister variants (224,256,384,512) with complexity of about 226.5 compression function evaluations. We show how the compression function attack can be extended to construct collisions for Twister-512 slightly faster than brute force search. Furthermore, we present a second-preimage attack for Twister-512 with complexity of about 2448 compression function evaluations and memory requirement of 264 1 Description of Twister The hash function Twister is an iterated hash function based on the Merkle-Damg˚ard design principle. It processes message blocks of 512 bits and produces a hash value of 224, 256, 384, or 512 bits. If the message length is not a multiple of 512, an unambiguous padding method is applied. For the description of the padding method we refer to [1]. Let m = m1 m2 · · · mt be a t-block message (after padding). The hash value h = H(m) is computed as follows: H0 = IV Hi = f(Hi−1, Mi) f...

Florian Mendel, Christian Rechberger, Martin Schl&

Real-time Traffic

ACNS 2009 | Compression Function | Compression Function Attack | Compression Function Evaluations | Cryptography |

claim paper

Post Info
More Details (n/a)

Added	25 May 2010
Updated	25 May 2010
Type	Conference
Year	2009
Where	ACNS
Authors	Florian Mendel, Christian Rechberger, Martin Schläffer

Comments (0)

Sciweavers

Cryptanalysis of Twister

ACNS 2009 | Compression Function | Compression Function Attack | Compression Function Evaluations | Cryptography |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers