Difference between revisions of "SMASH"
From The ECRYPT Hash Function Website
(→Second Preimage Attacks) |
Crechberger (talk | contribs) |
||
Line 33: | Line 33: | ||
year = {2007}, | year = {2007}, | ||
pages = {101-111}, | pages = {101-111}, | ||
− | + | url = {http:/dx.doi.org/10.1007/11967668_7}, | |
abstract = {This article presents a rare case of a deterministic second preimage attack on a cryptographic hash function. Using the notion of controllable output differences, we show how to construct second preimages for the SMASH hash functions. If the given preimage contains at least n+1 blocks, where n is the output length of the hash function in bits, then the attack is deterministic and requires only to solve a set of n linear equations. For shorter preimages, the attack is probabilistic.} } | abstract = {This article presents a rare case of a deterministic second preimage attack on a cryptographic hash function. Using the notion of controllable output differences, we show how to construct second preimages for the SMASH hash functions. If the given preimage contains at least n+1 blocks, where n is the output length of the hash function in bits, then the attack is deterministic and requires only to solve a set of n linear equations. For shorter preimages, the attack is probabilistic.} } |
Revision as of 14:17, 10 March 2008
Contents
1 Spezification
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
2.4 Second Preimage Attacks
Mario Lamberger, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Second Preimages for SMASH
- CT-RSA pp. 101-111,2007
- http:/dx.doi.org/10.1007/11967668_7
BibtexAuthor : Mario Lamberger, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Second Preimages for SMASH
In : CT-RSA -
Address :
Date : 2007