New Attacks on the Concatenation and XOR Hash Combiners

5 years 6 months ago
New Attacks on the Concatenation and XOR Hash Combiners
We study the security of the concatenation combiner H1(M) H2(M) for two independent iterated hash functions with n-bit outputs that are built using the Merkle-Damg˚ard construction. In 2004 Joux showed that the concatenation combiner of hash functions with an n-bit internal state does not offer better collision and preimage resistance compared to a single strong n-bit hash function. On the other hand, the problem of devising second preimage attacks faster than 2n against this combiner has remained open since 2005 when Kelsey and Schneier showed that a single Merkle-Damg˚ard hash function does not offer optimal second preimage resistance for long messages. In this paper, we develop new algorithms for cryptanalysis of hash combiners and use them to devise the first second preimage attack on the concatenation combiner. The attack finds second preimages faster than 2n for messages longer than 22n/7 and has optimal complexity of 23n/4 . This shows that the concatenation of two Merkle-...
Itai Dinur
Added 03 Apr 2016
Updated 03 Apr 2016
Type Journal
Year 2016
Where IACR
Authors Itai Dinur
Comments (0)