Skip to Main content Skip to Navigation
Conference papers

The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function

Abstract : Streebog is a new Russian hash function standard. It follows the HAIFA framework as domain extension algorithm and claims to resist recent generic second-preimage attacks with long messages. However, we demonstrate in this article that the specific instantiation of the HAIFA framework used in Streebog makes it weak against such attacks. More precisely, we observe that Streebog makes a rather poor usage of the HAIFA counter input in the compression function, which allows to con-struct second-preimages on the full Streebog-512 with a complexity as low as n × 2 n/2 (namely 2 266) compression function evaluations for long messages. This complexity has to be compared with the expected 2 512 computations bound that an ideal hash function should provide. Our work is a good example that one must be careful when using a design framework for which not all instances are secure. HAIFA helps designers to build a secure hash function, but one should pay attention to the way the counter is handled inside the compression function.
Document type :
Conference papers
Complete list of metadatas

Cited literature [26 references]  Display  Hide  Download

https://hal.inria.fr/hal-01093450
Contributor : Gaëtan Leurent <>
Submitted on : Wednesday, December 10, 2014 - 4:24:45 PM
Last modification on : Thursday, March 5, 2020 - 4:54:50 PM
Long-term archiving on: : Wednesday, March 11, 2015 - 11:35:43 AM

File

AnalysisofStreebog.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Jian Guo, Jérémy Jean, Gaëtan Leurent, Thomas Peyrin, Lei Wang. The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function. Selected Areas in Cryptography - SAC 2014, Aug 2014, Montreal, Canada. pp.195-211, ⟨10.1007/978-3-319-13051-4_12⟩. ⟨hal-01093450⟩

Share

Metrics

Record views

177

Files downloads

242