Difference between revisions of "GOST"
From The ECRYPT Hash Function Website
(→Preimage Attacks) |
|||
| Line 31: | Line 31: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
| + | <bibtex> | ||
| + | @inproceedings{fseMendelPR08, | ||
| + | author = {Florian Mendel and Norbert Pramstaller and Christian Rechberger}, | ||
| + | title = {A (Second) Preimage Attack on the GOST Hash Function}, | ||
| + | booktitle = {FSE}, | ||
| + | year = {2008}, | ||
| + | pages = {224-234}, | ||
| + | abstract = {In this article, we analyze the security of the GOST hash function with respect to (second) preimage resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterated structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2^225 compression function evaluations and a memory requirement of about 2^38 bytes. First, we show how to construct a pseudo-preimage for the compression function of GOST based on its structural properties. Second, this pseudo-preimage attack on the compression function is extended to a (second) preimage attack on the GOST hash function. The extension is possible by combining a multicollision attack and a meet-in-the-middle attack on the checksum.}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-71039-4_14}, | ||
| + | editor = {Kaisa Nyberg}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {5086}, | ||
| + | isbn = {978-3-540-71038-7}, | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
=== Others === | === Others === | ||
Revision as of 11:31, 10 November 2008
Contents
1 Specification
- digest size: 256 bits
- compression function: 256-bit message block, 256-bit chaining variable
- Specification:
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Florian Mendel, Norbert Pramstaller, Christian Rechberger - A (Second) Preimage Attack on the GOST Hash Function
- FSE 5086:224-234,2008
- http://dx.doi.org/10.1007/978-3-540-71039-4_14
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger
Title : A (Second) Preimage Attack on the GOST Hash Function
In : FSE -
Address :
Date : 2008
