A Second Preimage Attack on the XOR Hash Combiner

IF 1.3 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Information Security Pub Date : 2024-03-22 DOI:10.1049/2024/1230891

Shiwei Chen, Ting Cui, Chenhui Jin, Congjun Wang

{"title":"A Second Preimage Attack on the XOR Hash Combiner","authors":"Shiwei Chen, Ting Cui, Chenhui Jin, Congjun Wang","doi":"10.1049/2024/1230891","DOIUrl":null,"url":null,"abstract":"<div>\n The exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR combiner underlying two different narrow-pipe hash functions with weak ideal compression functions. To control simultaneously the behavior of the two different hash functions, we develop a new structure called multicollision-and-double-diamond. Multicollision-and-double-diamond structure is constructed using the idea of meet-in-the-middle technique, combined with Joux’s multicollision and Chen’s inverse-diamond structure. Then based on the multicollision-and-double-diamond structure, we present a second preimage attack on the XOR hash combiner with the time complexity of about O((2n + 1)2n/2 + (n − l)2n−l + (n − k)2n−k + 2l+1 + 2k+1) (n is the size of the XOR hash combiner and l and k are respectively the depths of the two inverse-diamond structures), less than the ideal time complexity O(2n), and memory of about O(2k + 2l).\n </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/1230891","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/2024/1230891","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR combiner underlying two different narrow-pipe hash functions with weak ideal compression functions. To control simultaneously the behavior of the two different hash functions, we develop a new structure called multicollision-and-double-diamond. Multicollision-and-double-diamond structure is constructed using the idea of meet-in-the-middle technique, combined with Joux’s multicollision and Chen’s inverse-diamond structure. Then based on the multicollision-and-double-diamond structure, we present a second preimage attack on the XOR hash combiner with the time complexity of about O((2n + 1)2^n/2 + (n − l)2^n−l + (n − k)2^n−k + 2^l+1 + 2^k+1) (n is the size of the XOR hash combiner and l and k are respectively the depths of the two inverse-diamond structures), less than the ideal time complexity O(2ⁿ), and memory of about O(2^k + 2^l).

Abstract Image

查看原文本刊更多论文

针对 XOR 哈希组合器的第二种前图像攻击

排他（XOR）散列组合器是一种经典的散列函数组合器，众所周知，它是一种良好的 PRF 和 MAC 组合器，并在 TLS 1.0 和 1.1 版本中得到了实际应用。在这项工作中，我们分析了 XOR 组合器在两种不同的窄管道哈希函数基础上的第二前像抗性，以及弱理想压缩函数。为了同时控制两种不同哈希函数的行为，我们开发了一种名为 "多碰撞双钻石 "的新结构。多碰撞和双钻石结构是利用中间相遇技术的思想，结合 Joux 的多碰撞和 Chen 的反钻石结构构建的。然后，基于多碰撞和双钻石结构，我们提出了针对 XOR 哈希组合器的第二种预映像攻击，其时间复杂度约为 O((2n+1)2n/2+(n-l)2n-l+(n-k)2n-k+2l+1+2k+1)（n 为 XOR 哈希组合器的大小，l 和 k 分别为两个反钻石结构的深度）、小于理想的时间复杂度 O(2n)，内存约为 O(2k+2l)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf