Open AccessWatch your constants: malicious Streebog
Author(s) -
AlTawy Riham,
Youssef Amr M.
Publication year - 2015
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2014.0540
Subject(s) - hash function , sha 2 , collision attack , computer science , cryptographic hash function , checksum , theoretical computer science , hash chain , context (archaeology) , collision resistance , mdc 2 , function (biology) , computer security , cryptography , collision , gost (hash function) , double hashing , operating system , paleontology , evolutionary biology , biology
In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11‐2012). In this study, the authors investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, they apply the rebound attack to find three solutions for three different differential paths for four rounds. Then, using the freedom of the round constants they connect them to obtain a collision for the 12 rounds of the compression function. Additionally, and because of the simple processing of the counter, they bypass the barrier of the checksum finalisation step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. Although the results of this study may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and widespread adoption by the security community.