# Preimage Analysis of the Maelstrom-0 Hash Function

@inproceedings{Altawy2015PreimageAO, title={Preimage Analysis of the Maelstrom-0 Hash Function}, author={Riham Altawy and Amr M. Youssef}, booktitle={SPACE}, year={2015} }

Maelstrom-0 is the second member of a family of AES-based hash functions whose designs are pioneered by Paulo Baretto and Vincent Rijmen. According to its designers, the function is designed to be an evolutionary lightweight alternative to the ISO standard Whirlpool. In this paper, we study the preimage resistance of the Maelstrom-0 hash function using its proposed 3CM chaining construction. More precisely, we apply a meet-in-the-middle preimage attack on the compression function and combine it…

## 2 Citations

Cryptanalysis of Some AES-based Cryptographic Primitives

- Computer Science, Mathematics
- 2016

This thesis analyzes the security of two cryptographic hash functions and one block cipher used in the new Russian Federation cryptographic hashing and encryption suite GOST and investigates the one wayness of Streebog and the preimage resistance of the AES-based Maelstrom-0 hash function.

## References

SHOWING 1-10 OF 31 REFERENCES

Preimage Attacks on Reduced-Round Stribog

- Computer Science, MathematicsAFRICACRYPT
- 2014

This paper applies a meet in the middle preimage attack on the compression function which allows for a 5-round pseudo preimage for a given compression function output with time complexity of 2448 and memory complexity of 264 and investigates the preimage resistance of the Stribog hash function.

(Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others

- Computer Science, MathematicsFSE
- 2012

These attacks are the first (pseudo) preimage attacks on round-reduced Grostl hash function, including its compression function and output transformation, and are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki in FSE 2011.

Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

- Computer Science, MathematicsCRYPTO
- 2009

The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words.

On hash functions using checksums

- Computer Science, MathematicsInternational Journal of Information Security
- 2009

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including…

The Maelstrom-0 hash function

- Computer Science
- 2006

An initial assessment on what the minimum requirements for NIST’s “Advanced Hash Standard” might be is provided, and might serve as a valuable comparison tool for future AHS proposals in terms of security, efficiency, and flexibility.

Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks

- Computer Science, MathematicsASIACRYPT
- 2012

Improved cryptanalyses for the ISO standard hash function Whirlpool are presented with respect to the fundamental security notions, and the (second) preimage and collision attacks for the hash function and the compression function of Whirl Pool are discussed.

The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

- Computer Science, MathematicsFSE
- 2009

The rebound attack consists of an inbound phase with a match-in-the-middle part to exploit the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.

Grøstl - a SHA-3 candidate

- Computer Science, MathematicsSymmetric Cryptography
- 2009

Grostl is a SHA-3 candidate proposal, an iterated hash function with a compression function built from two fixed, large, distinct permutations, which has the effect that all known, generic attacks on the hash function are made much more difficult.

Improved Preimage Attack for 68-Step HAS-160

- Mathematics, Computer ScienceICISC
- 2009

It is shown that the last 68 steps out of 80 steps of HAS-160 can be attacked, while a previous attack works for only intermediate 52 steps, and the number of attacked steps can be improved.

Cryptanalysis of a class of cryptographic hash functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

We apply new cryptanalytical techniques to perform the generic multi-block multicollision, second preimage and herding attacks on the Damgard-Merkle hash functions with linear-XOR/additive checksums.…