# Cryptanalysis of Tweaked Versions of SMASH and Reparation

2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique - ENS Paris, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : In this paper, we study the security of permutation based hash functions, i.e. block-cipher based hash functions with fixed keys. SMASH is such a hash function presented by Knudsen in 2005 and broken the same year by Rijmen \textit{et al.} Here we show that the tweaked version, proposed soon after to thward the attack can also be attacked in collusion in time $2O(^{n/3})$. This time complexity can be reduced to $O(2^{2\sqrtn})$ for the first tweak version, which means an attack against SMASH-256 in $c\cdot 2^32$ for a small constant $c$. Then, we show that a generalisation of SMASH, using two permutations instead of one, can be proven secure against collision in the ideal-cipher model in $\Omega(2^{n/4})$ queries to the permutations. In order to analyze the tightness of the proof, we devise a non-trivial attack in $O(2^{3n/8})$ queries, which is the best security level that can be reached for 2-permutation based hash functions.
Document type :
Conference papers

Cited literature [14 references]

https://hal.inria.fr/inria-00556682
Contributor : Pierre-Alain Fouque Connect in order to contact the contributor
Submitted on : Monday, January 17, 2011 - 3:37:20 PM
Last modification on : Thursday, March 17, 2022 - 10:08:36 AM
Long-term archiving on: : Monday, April 18, 2011 - 3:00:29 AM

### File

sac08a.pdf
Files produced by the author(s)

### Citation

Pierre-Alain Fouque, Jacques Stern, Sebastien Zimmer. Cryptanalysis of Tweaked Versions of SMASH and Reparation. Selected Areas in Cryptography, 15th International Workshop, SAC 2008, 2009, Sackville, New Brunswick, Canada. pp.136-150, ⟨10.1007/978-3-642-04159-4_9⟩. ⟨inria-00556682⟩

Record views