TY - GEN

T1 - Cryptanalysis of MDC-2

AU - Knudsen, Lars Ramkilde

AU - Mendel, Florian

AU - Rechberger, Christian

AU - Thomsen, Søren Steffen

PY - 2009

Y1 - 2009

N2 - We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.

AB - We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.

U2 - 10.1007/978-3-642-01001-9_6

DO - 10.1007/978-3-642-01001-9_6

M3 - Article in proceedings

T3 - Lecture Notes in Computer Science

SP - 106

EP - 120

BT - Advances in Cryptology - EUROCRYPT 2009

A2 - Joux, Antoine

PB - Springer

CY - Berlin / Heidelberg

T2 - EUROCRYPT 2009

Y2 - 1 January 2009

ER -