Preimage attack on the parallel FFT-hashing function

Chang Donghoon, Yung Moti, Sung Jaechul, Hong Seokhie, Lee Sangjin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The parallel FFT-Hashing function was designed by C. P. Schnorr and S. Vaudenay in 1993. The function is a simple and light weight hash algorithm with 128-bit digest. Its basic component is a multi-permutation which helps in proving its resistance to collision attacks. In this work we show a preimage attack on the parallel FFT-Hashing function using 2t+64 + 2 128-t time complexity and 2t memory, which is less than the generic complexity 2128. Specifically, when t = 32, we can find a preimage using 297 time and 232 memory. Our method can be described as "disseminative-meet-in-the-middle-attack". we actually use the properties of multi-permutation (helpful against collision attack) to our advantage in the attack. Overall, this type of attack (beating the generic one) demonstrates that the structure of the parallel FFT-Hashing function has some weaknesses when preimage attack is considered (and relevant). To the best of our knowledge, this is the first attack on the parallel FFT-Hashing function.

Original languageEnglish
Title of host publicationInformation Security and Privacy - 12th Australasian Conference, ACISP 2007, Proceedings
Number of pages9
StatePublished - 2007
Event12th Australasian Conference on Information Security and Privacy, ACISP2007 - Townsville, Australia
Duration: 2 Jul 20074 Jul 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4586 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference12th Australasian Conference on Information Security and Privacy, ACISP2007


  • Cryptographic hash function
  • Preimage attack
  • The parallel FFT-hashing function


Dive into the research topics of 'Preimage attack on the parallel FFT-hashing function'. Together they form a unique fingerprint.

Cite this