Project : cascade

Section: New Results

Cryptanalysis (Symmetric)

Participants : Charles Bouillaguet, Pierre-Alain Fouque, Gaëtan Leurent, Phong Nguyen, Sébastien Zimmer.

Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5, CRYPTO '07

Message Freedom in MD4 and MD5 Collisions: Application to APOP, FSE '07

Second Preimage Attacks on Dithered Hash Functions, EUROCRYPT '08

MD4 is Not One-Way, SAC '08

Cryptanalysis of Tweaked Versions of SMASH and Reparation, SAC '08

Analysis of the Collision Resistance of Radiogatun using Algebraic Techniques, SAC '08

Cryptanalysis of a Hash Function Based on Quasi-Cyclic Codes, CT RSA '08

Since the attacks of Wang against the MD4 hash functions family in 2004, this area of research has been very active. At Crypto 2007, we showed how to adapt these attacks to break Message Authentication Code functions based on MD4 and MD5 and to break an authentication protocol used in the POP protocol at FSE.

This year, we showed that second preimage attacks can be mounted on a specific mode of operation designed by Ron Rivest to withstand generic second preimage attack on the Merkle-Damgard mode of operation at Eurocrypt '08. We also attack a hash function based on Coding Theory at CT RSA '08, another one proposed by Knudsen at SAC '08, and finally how to find preimage on MD4. Moreover, we show that Gröbner bases can be used on a recent hash function called Radiogatun to find colliding messages more efficiently than the technique proposed by the authors.