Preimage Analysis of the Maelstrom-0 Hash Function

@inproceedings{Altawy2015PreimageAO,
  title={Preimage Analysis of the Maelstrom-0 Hash Function},
  author={Riham Altawy and Amr M. Youssef},
  booktitle={SPACE},
  year={2015}
}
Maelstrom-0 is the second member of a family of AES-based hash functions whose designs are pioneered by Paulo Baretto and Vincent Rijmen. According to its designers, the function is designed to be an evolutionary lightweight alternative to the ISO standard Whirlpool. In this paper, we study the preimage resistance of the Maelstrom-0 hash function using its proposed 3CM chaining construction. More precisely, we apply a meet-in-the-middle preimage attack on the compression function and combine it… 
2 Citations
Cryptanalysis of Some AES-based Cryptographic Primitives
TLDR
This thesis analyzes the security of two cryptographic hash functions and one block cipher used in the new Russian Federation cryptographic hashing and encryption suite GOST and investigates the one wayness of Streebog and the preimage resistance of the AES-based Maelstrom-0 hash function.

References

SHOWING 1-10 OF 31 REFERENCES
Preimage Attacks on Reduced-Round Stribog
TLDR
This paper applies a meet in the middle preimage attack on the compression function which allows for a 5-round pseudo preimage for a given compression function output with time complexity of 2448 and memory complexity of 264 and investigates the preimage resistance of the Stribog hash function.
(Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others
TLDR
These attacks are the first (pseudo) preimage attacks on round-reduced Grostl hash function, including its compression function and output transformation, and are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki in FSE 2011.
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1
TLDR
The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words.
On hash functions using checksums
We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including
The Maelstrom-0 hash function
TLDR
An initial assessment on what the minimum requirements for NIST’s “Advanced Hash Standard” might be is provided, and might serve as a valuable comparison tool for future AHS proposals in terms of security, efficiency, and flexibility.
Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks
TLDR
Improved cryptanalyses for the ISO standard hash function Whirlpool are presented with respect to the fundamental security notions, and the (second) preimage and collision attacks for the hash function and the compression function of Whirl Pool are discussed.
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
TLDR
The rebound attack consists of an inbound phase with a match-in-the-middle part to exploit the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.
Grøstl - a SHA-3 candidate
TLDR
Grostl is a SHA-3 candidate proposal, an iterated hash function with a compression function built from two fixed, large, distinct permutations, which has the effect that all known, generic attacks on the hash function are made much more difficult.
Improved Preimage Attack for 68-Step HAS-160
TLDR
It is shown that the last 68 steps out of 80 steps of HAS-160 can be attacked, while a previous attack works for only intermediate 52 steps, and the number of attacked steps can be improved.
Cryptanalysis of a class of cryptographic hash functions
We apply new cryptanalytical techniques to perform the generic multi-block multicollision, second preimage and herding attacks on the Damgard-Merkle hash functions with linear-XOR/additive checksums.
...
...