Skip to Main content Skip to Navigation
Journal articles

New Second-Preimage Attacks on Hash Functions

Abstract : In this work we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack, and applies to various Merkle-Damgård-based iterative hash functions. Compared to the previously known long-message second-preimage attacks, our attack offers more flexibility in choosing the second message in exchange for a small computational overhead. More concretely, in our attacks, the adversary may replace only a small number of blocks to obtain the second-preimage. As a result, the new attack is applicable to hash function constructions which were thought to be immune to the previously known second-preimage attacks. Such designs are the dithered hash proposal of Rivest, Shoup's UOWHF, and the ROX construction. We also suggest a few time-memory-data tradeoff variants for this type of attacks, allowing for a faster online phase, and even allow attacking significantly shorter messages than before. We follow and analyze the properties of the dithering sequence used in Rivest's hash function proposal, and develop a time-memory tradeoff which allows us to apply our second-preimage attack to a wider range of dithering sequences, including sequences which are much stronger than those in Rivest's proposals. Parts of our results rely on the kite generator, a new time-memory tradeoff tool. In addition to analysis of the Merkle-Damgård-like constructions, we analyze the security of the basic tree hash construction. We exhibit several second-preimage attacks on this construction, whose most notable variant is the time-memory-data tradeoff attack. Finally, we show how both the existing second-preimage attacks and our new attacks can be applied even more efficiently when multiple shorter rather than a single long target messages are given.
Document type :
Journal articles
Complete list of metadatas

Cited literature [51 references]  Display  Hide  Download
Contributor : Charles Bouillaguet <>
Submitted on : Sunday, March 1, 2020 - 6:35:10 AM
Last modification on : Friday, November 27, 2020 - 2:20:04 PM
Long-term archiving on: : Sunday, May 31, 2020 - 12:22:08 PM


Files produced by the author(s)



Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, Pierre-Alain Fouque, Jonathan Hoch, et al.. New Second-Preimage Attacks on Hash Functions. Journal of Cryptology, Springer Verlag, 2016, 29 (4), pp.657 - 696. ⟨10.1007/s00145-015-9206-4⟩. ⟨hal-01654410⟩



Record views


Files downloads