对缩减轮数DHA-256的原像与伪碰撞攻击

通信学报

对缩减轮数DHA-256的原像与伪碰撞攻击

邹剑1,2，吴文玲1，吴双1，董乐1,2

1. 中国科学院软件研究所可信计算与信息保障实验室，北京 100190；2. 中国科学院研究生院，北京 100190

出版日期:2013-06-25 发布日期:2013-06-15
基金资助:
国家重点基础研究发展计划（“973”计划）基金资助项目（2013CB338002）；国家自然科学基金资助项目（61272476，61232009）

Preimage and pseudo collision attacks on round-reduced DHA-256 hash function

Online:2013-06-25 Published:2013-06-15

摘要/Abstract

摘要： 提出了对DHA-256散列函数37轮的原像攻击以及39轮的伪碰撞攻击。基于中间相遇攻击，利用Biclique方法可以改进之前对DHA-256的原像分析结果，将攻击轮数从原来的35轮提高到了37轮。通过上述方法还可以构造对DHA-256的39轮伪碰撞。最终，以2255.5的时间复杂度以及23的空间复杂度构造了对DHA-256的37轮原像，并以2127.5的时间复杂度以及常数2的空间复杂度构造了对DHA-256的39轮伪碰撞。这是目前对DHA-256最好的原像与碰撞攻击结果。

Abstract: A preimage attack on DHA-256 hash function reduced to 37-round and a pseudo collision attack on the function reduced to 39-round were proposed respectively. Based on the meet-in-the-middle attack, the Biclique technique was used to improve the preimage attack from 35-round to 37-round. A 39-round pseudo collision was achieved using the Biclique technique. Overall, a preimage of DHA-256 was constructed with a complexity of and a memory of . Besides, a pseudo collision of DHA-256 was proposed with a complexity of . These are the best results of preimage and collision attack on DHA-256 hash function.

邹剑1,2，吴文玲1，吴双1，董乐1,2. 对缩减轮数DHA-256的原像与伪碰撞攻击[J]. 通信学报.