Cryptography Reference
In-Depth Information
Table 9.
HAS-V Output Tailoring
Output
0th word
1st word
2nd word
length
3rd word
4th word
5th word
(in bits)
6th word
7th word
8th word
A
+
A
+
E
[31
−
16]
B
+
B
+
E
[15
−
0]
C
+
C
+
E
[31
−
16]
128
D
+
D
+
E
[15
−
0]
A
+
A
B
+
B
C
+
C
160
D
+
D
E
+
E
A
+(
E
[31
−
21]
D
[20
−
10]
)
B
+(
E
[20
−
10]
D
[9
−
0]
)
C
+(
E
[9
−
0]
D
[31
−
21]
)
192
A
+(
E
[31
−
21]
D
[20
−
10]
)
B
+(
E
[20
−
10]
D
[9
−
0]
)
C
+(
E
[9
−
0]
D
[31
−
21]
)
A
+(
E
[31
−
24]
D
[23
−
16]
)
B
+(
E
[23
−
16]
D
[15
−
8]
)
C
+(
E
[15
−
8]
D
[7
−
0]
)
224
D
+(
E
[7
−
0]
D
[31
−
24]
)
A
+
E
[31
−
21]
B
+
E
[20
−
10]
C
+
E
[9
−
0]
A
+
E
[31
−
24]
B
+
E
[23
−
16]
C
+
E
[15
−
8]
256
D
+
E
[7
−
0]
A
+
E
[31
−
24]
B
+
E
[23
−
16]
C
+
E
[15
−
8]
D
+
E
[7
−
0]
A
+
E
[31
−
25]
B
+
E
[24
−
18]
C
+
E
[17
−
12]
288
D
+
E
[11
−
6]
E
+
E
[5
−
0]
A
B
C
D
Initial value
H
0
:
IV
Step 1
M
0
(pre-comp)
H
1
:
A
(1)
|| 0 ||
C
(1)
||
D
(1)
||
E
(1)
1 candidate for
A
(1)
M
1
M
1
'
2
1
candidates for
A
(2)
H
2
:
|| 0 ||
C
(2)
||
D
(2)
||
E
(2)
M
2
M
2
'
Step 2
H
3
:
|| 0 ||
C
(3)
||
D
(3)
||
E
(3)
2
2
candidates for
A
(3)
(pre-comp)
H
32
:
|| 0 ||
C
(32)
||
D
(32)
||
E
(32)
2
31
candidates for
A
(32)
Find the
match.
M
32
M
32
'
Step 4
2
32
candidates for
A
(33)
H
33
:
|| 0 ||
C
(33)
||
D
(33)
||
E
(33)
H
33
:
A
(33)
|| 0 ||
C
(33)
||
D
(33)
||
E
(33)
M
34
H
34
:
H
A
||
H
B
||
H
C
||
H
D
||
H
E
Pseudo-preimage
Step 3
Given target
Fig. 5.
Ecient Conversion from PPI to PI with Partial Multi-Collision
=CF(
H
0
,M
0
)holds.Let
A
(1)
1. Generate
M
0
randomly until
∗
0
∗∗∗
0
E
(1)
=CF(
H
0
,M
0
).
2. For
i
=1
,
2
,...,
32, find (
M
i
,M
i
) such that the outputs of CF(
H
i
,M
i
)and
CF(
H
i
,M
i
) collide with registers
C
,
D
,and
E
and register
B
is 0. Let the
C
(1)
D
(1)
Search WWH ::
Custom Search