[1]Kelsey J, Schneier B. Second preimages on nbit hash functions for much less than 2n work[G] LNCS 3494: Proc of the 24th Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2005: 474490[2]Kelsey J, Kohno T. Herding hash functions and the nostradamus attack[G] LNCS 4004: Proc of the 24th Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2006: 183200[3]Wang X, Feng D, Lai X, et al. Collisions for hash functions MD4, MD5, HAVAL128 and RIPEMD[OL]. 2004 [20161007]. https:eprint.iacr.org2004199.pdf[4]Wang X, Yin Y L, Yu H. Finding collisions in the full SHA1[G] LNCS 3621: Proc of the 25th Annual Int Cryptology Conf. Berlin: Springer, 2005: 1736[5]Wang X, Yu H. How to break MD5 and other hash functions[G] LNCS 3494: Proc of the 24th Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2005: 1935[6]National Institute of Standards and Technology. SHA3 competition[EBOL]. (20050415) [20161007]. http:csrc.nist.govgroupsSThashdocumentsFR_Notice_Nov07.pdf[7]国家密码管理局. GMT 0004—2012 信息安全技术 SM3密码杂凑算法[SOL]. 2012 [20161007]. http:www.oscca.gov.cnUpFile20101222141857786.pdf[8]国家标准化委员会. GBT32905—2016 信息安全技术SM3密码杂凑算法[SOL]2016 [20161007]. http:www.soc.gov.cngzfwggcxgjbzgg201614[9]Miyano H. Addend dependency of differentiallinear probability of addition[J]. IEICE Trans on Fundamentals of Electronics, Communications and Computer Sciences, 1998, E81A(1): 106109[10]Ao T, He Z, Dai K, et al. A compact hardware implementation of SM3[C] Proc of 2014 IEEE Int Conf on Consumer ElectronicsChina. Piscataway, NJ: IEEE, 2014: 14[11]Satoh A. ASIC hardware implementations for 512bit hash function whirlpool[C] Proc of 2008 IEEE Int Symp on Circuits and Systems. Piscataway, NJ: IEEE, 2008: 29172920[12]Tillich S, Feldhofer M, Kirschbaum M, et al. Highspeed hardware implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grstl, Hamsi, JH, KECCAK, Luffa, Shabal, SHAvite3, SIMD, and Skein[OL]. 2009 [20161007]. http:eprint.iacr.org2009510[13]Ma Y, Xia L, Lin J, et al. Hardware performance optimization and evaluation of SM3 hash algorithm on FPGA[G] LNCS 7618: Proc of the 14th Int Conf on Information and Communications Security. Berlin: Springer, 2012: 105118[14]HELION: Fast SHA256 core for xilinx FPGA[OL]. 2011 [20161007]. http:www.helion.com[15]Homsirikamol E, Rogawski M, Gaj K. Comparing hardware performance of round 3 SHA3 candidates using multiple hardware architectures in Xilinx and Altera FPGAs[C] Proc of the ECRYPT II Hash. Tallinn, Estonia, 2011: 1934[16]Cannière C D, Rechberger C. Finding SHA1 characteristics: General results and applications[G] LNCS 4284: Proc of the 12th Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2006: 120[17]Mendel F, Nad T, Schlffer M. Finding SHA2 characteristics: Searching through a minefield of contradictions[G] LNCS 7073: Proc of the 17th Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer,2011: 288307[18]Mendel F, Nad T, Schlffer M. Finding collisions for roundreduced SM3[G] LNCS 7779: Proc of the Cryptographers Track at the RSA Conf 2013. Berlin: Springer, 2013: 174188[19]Aoki K, Sasaki Y. Preimage attacks on oneblock MD4, 63step MD5 and more[G] LNCS 5381: Proc of the 15th Int Workshop on Selected Areas in Cryptography. Berlin: Springer, 2008: 103119[20]Diffie W, Hellman M E. Special feature exhaustive cryptanalysis of the NBS data encryption standard[J]. Computer, 1977, 10(6): 7484[21]Knellwolf S, Khovratovich D. New preimage attacks against reduced SHA1[G] LNCS 7417: Proc of the 32nd Annual Cryptology Conf. Berlin: Springer, 2012: 367383[22]Menezes A J, van Oorschot P C, Vanstone S A. Handbook of Applied Cryptography[M]. Boca Raton: CRC Press, 1996[23]Khovratovich D, Rechberger C, Savelieva A. Bicliques for preimages: Attacks on Skein512 and the SHA2 family[G] LNCS 7549: Proc of the 19th Int Workshop on Fast Software Encryption. Berlin: Springer, 2012: 244263[24]Zou J, Wu W, Wu S, et al. Preimage attacks on stepreduced SM3 hash function[G] LNCS 7259: Proc of the 14th Int Conf on Information Security and Cryptology. Berlin: Springer, 2011: 375390[25]Wang G, Shen Y. Preimage and pseudocollision attacks on stepreduced SM3 hash function[J]. Information Processing Letters, 2013, 113(8): 301306[26]Kircanski A, Shen Y, Wang G, et al. Boomerang and sliderotational analysis of the SM3 hash function[G] LNCS 7707: Proc of the 19th Int Conf on Selected Areas in Cryptography. Berlin: Springer, 2012: 304320[27]Bai D, Yu H, Wang G, et al. Improved boomerang attacks on roundreduced SM3 and keyed permutation of BLAKE256[J]. IET Information Security, 2015, 9(3): 167178[28]Wang X, Yao A C, Yao F. Cryptanalysis on SHA1[OL]. 2005 [20161007]. http:csrc.nist.govgroupsSThashdocumentsWang_SHA1NewResult.pdf[29]Stevens M. New collision attacks on SHA1 based on optimal joint localcollision analysis[G] LNCS 7881: Proc of the 32nd Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2013: 245261[30]Espitau T, Fouque PA, Karpman P. Higherorder differential meetinthemiddle preimage attacks on SHA1 and BLAKE[G] LNCS 9215: Proc of the 35th Annual Cryptology Conf. Berlin: Springer, 2015: 683701[31]Wang G. Practical collision attack on 40step RIPEMD128[G] LNCS 8366: Proc of the Cryptographers Track at the RSA Conf 2014. Berlin: Springer, 2014: 444460[32]Wang L, Sasaki Y, Komatsubara W, et al. Preimage attacks on stepreduced RIPEMDRIPEMD128 with a new localcollision approach[G] LNCS 6558: Proc of the Cryptographers Track at the RSA Conf 2011. Berlin: Springer, 2011: 197212[33]Landelle F, Peyrin T. Cryptanalysis of full RIPEMD128[G] LNCS 7881: Proc of the 32nd Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2013: 228244[34]Wang G, Shen Y. (Pseudo) Preimage attacks on stepreduced HAS160 and RIPEMD160[G] LNCS 8783: Proc of the 17th Int Conf on Information Security. Berlin: Springer, 2014: 90103[35]Sasaki Y, Wang L. Distinguishers beyond three rounds of the RIPEMD128160 compression functions[G] LNCS 7341: Proc of the 10th Int Conf on Applied Cryptography and Network Security. Berlin: Springer, 2012: 275292[36]Mendel F, Nad T, Schlffer M. Improving local collisions: New attacks on reduced SHA256[G] LNCS 7881: Proc of the 32nd Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2013: 262278[37]Biryukov A, Lamberger M, Mendel F, et al. Secondorder differential collisions for reduced SHA256[G] LNCS 7073: Proc of the 17th Annual Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2011: 270287[38]Sasaki Y, Wang L, Wu S, et al. Investigating fundamental security requirements on Whirlpool: improved preimage and collision attacks[G] LNCS 7658: Proc of the 18th Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2012: 562579[39]Lamberger M, Mendel F, Rechberger C, et al. The rebound attack and subspace distinguishers: Application to Whirlpool[OL]. 2010 [20161007]. http:eprint.iacr.org2010198.pdf[40]Ma B, Li B, Hao R, et al. Improved cryptanalysis on reducedround GOST and Whirlpool hash function[G] LNCS 8479: Proc of the 12th Int Conf on Applied Cryptography and Network Security. Berlin: Springer, 2014: 289307[41]AlTawy R, Youssef A M. Preimage attacks on reducedround Stribog[G] LNCS 8469: Proc of the 7th Int Conf on Cryptology in Africa. Berlin: Springer, 2014: 10912[42]Dinur I, Dunkelman O, Shamir A. Collision attacks on up to 5 rounds of SHA3 using generalized internal differentials[G] LNCS 8424: Proc of the 20th International Workshop on Fast Software Encryption. Berlin: Springer, 2013: 219240[43]Homsirikamol E, Morawiecki P, Rogawski M, et al. Security margin evaluation of SHA3 contest finalists through SATbased attacks[G] LNCS 7564: Proc of the 11th IFIP TC 8 Int Conf on Computer Information Systems and Industrial Management. Berlin: Springer, 2012: 5667[44]Duan M, Lai X. Improved zerosum distinguisher for full round Keccakf permutation[J]. Chinese Science Bulletin, 2012, 57(6): 694697
|