Cryptanalysis of MDC-2

Lars Ramkilde Knudsen; Florian Mendel; Christian Rechberger; Søren Steffen Thomsen

doi:10.1007/978-3-642-01001-9_6

Cryptanalysis of MDC-2

Lars Ramkilde Knudsen, Florian Mendel, Christian Rechberger, Søren Steffen Thomsen

Graz University of Technology

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.

Original language	English
Title of host publication	Advances in Cryptology - EUROCRYPT 2009 : 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings.
Editors	Antoine Joux
Place of Publication	Berlin / Heidelberg
Publisher	Springer
Publication date	2009
Pages	106-120
DOIs	https://doi.org/10.1007/978-3-642-01001-9_6
Publication status	Published - 2009
Event	EUROCRYPT 2009 - Cologne, Germany Duration: 1 Jan 2009 → …

Conference

Conference	EUROCRYPT 2009
City	Cologne, Germany
Period	01/01/2009 → …

Series	Lecture Notes in Computer Science
Number	5479

Access to Document

10.1007/978-3-642-01001-9_6

http://springerlink.com/content/v116247v11452166/?p=d271a0dfcd164f7f93edf8555e2892ec&pi=5

OpenUrl availability

Full text

Cite this

Knudsen, Lars Ramkilde ; Mendel, Florian ; Rechberger, Christian et al. / Cryptanalysis of MDC-2. Advances in Cryptology - EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings.. editor / Antoine Joux. Berlin / Heidelberg : Springer, 2009. pp. 106-120 (Lecture Notes in Computer Science; No. 5479).

@inproceedings{63e44320fee844d4b4b111c7688e4aa1,

title = "Cryptanalysis of MDC-2",

abstract = "We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.",

author = "Knudsen, {Lars Ramkilde} and Florian Mendel and Christian Rechberger and Thomsen, {S{\o}ren Steffen}",

year = "2009",

doi = "10.1007/978-3-642-01001-9_6",

language = "English",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

number = "5479",

pages = "106--120",

editor = "Antoine Joux",

booktitle = "Advances in Cryptology - EUROCRYPT 2009",

note = "EUROCRYPT 2009 ; Conference date: 01-01-2009",

}

Knudsen, LR, Mendel, F, Rechberger, C & Thomsen, SS 2009, Cryptanalysis of MDC-2. in A Joux (ed.), Advances in Cryptology - EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings.. Springer, Berlin / Heidelberg, Lecture Notes in Computer Science, no. 5479, pp. 106-120, EUROCRYPT 2009, Cologne, Germany, 01/01/2009. https://doi.org/10.1007/978-3-642-01001-9_6

Cryptanalysis of MDC-2. / Knudsen, Lars Ramkilde; Mendel, Florian; Rechberger, Christian et al.
Advances in Cryptology - EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings.. ed. / Antoine Joux. Berlin / Heidelberg: Springer, 2009. p. 106-120 (Lecture Notes in Computer Science; No. 5479).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Cryptanalysis of MDC-2

AU - Knudsen, Lars Ramkilde

AU - Mendel, Florian

AU - Rechberger, Christian

AU - Thomsen, Søren Steffen

PY - 2009

Y1 - 2009

N2 - We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.

AB - We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an $n$-bit block cipher into a $2n$-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with $n=128$, it has complexity $2^{124.5}$, which is to be compared to the birthday attack having complexity $2^{128}$. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about $2^n$, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt '92), having time complexity $2^{3n/2}$ and space complexity $2^{n/2}$, and to a brute force preimage attack having complexity $2^{2n}$.

U2 - 10.1007/978-3-642-01001-9_6

DO - 10.1007/978-3-642-01001-9_6

M3 - Article in proceedings

T3 - Lecture Notes in Computer Science

SP - 106

EP - 120

BT - Advances in Cryptology - EUROCRYPT 2009

A2 - Joux, Antoine

PB - Springer

CY - Berlin / Heidelberg

T2 - EUROCRYPT 2009

Y2 - 1 January 2009

ER -

Knudsen LR, Mendel F, Rechberger C, Thomsen SS. Cryptanalysis of MDC-2. In Joux A, editor, Advances in Cryptology - EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings.. Berlin / Heidelberg: Springer. 2009. p. 106-120. (Lecture Notes in Computer Science; No. 5479). doi: 10.1007/978-3-642-01001-9_6

Cryptanalysis of MDC-2

Abstract

Conference

Access to Document

OpenUrl availability

Fingerprint

Cite this