International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Second Preimages for Iterated Hash Functions Based on a b-Block Bypass

Mario Lamberger
Norbert Pramstaller
Vincent Rijmen
Search ePrint
Search Google
Abstract: In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instantiated with DESX but AES should rather be used. However, we use the instantiation of this hash scheme with DESX to introduce a new property of iterated hash functions, namely a so-called b-block bypass. We will show that if an iterated hash function possesses a b-block bypass, then this implies that second preimages can be constructed. Additionally, the attacker has more degrees of freedom for constructing the second preimage.
  title={Second Preimages for Iterated Hash Functions Based on a b-Block Bypass},
  booktitle={IACR Eprint archive},
  keywords={iterated hash functions, second preimage, differential cryptanalysis},
  note={ 13417 received 23 Mar 2006, last revised 26 Sep 2006},
  author={Mario Lamberger and Norbert Pramstaller and Vincent Rijmen},