In this paper we present attacks on the compression function of Maelstrom-0. It is based on the Whirlpool hash function standardized by ISO and was designed to be a faster and more robust enhancement. We analyze the compression function and use differential cryptanalysis to construct collisions for reduced variants of the Maelstrom-0 compression function. The attacks presented in this paper are of practical complexity and show significant weaknesses in the construction compared to its predecessor. The methods used are based on recent results in the analysis of AES-based hash functions.
|Conference||9th International Conference on Applied Cryptography and Network Security (ACNS 2011)|
|Period||07/06/2011 → 10/06/2011|
|Series||Lecture Notes in Computer Science|