Preimage attacks against variants of very smooth hash

Abstract

In this paper, we show that some new variants of the Very Smooth Hash (VSH) hash function are susceptible to similar types of preimage attacks as the original VSH. We also generalise the previous mathematical results, which have been used in the preimage attacks. VSH is a hash function based on the multiexponentiation of prime numbers modulo some large product of two primes. The security proof of VSH is based on some computational problems in number theory, which are related to the problem of factoring large integers. However, the preimage resistance of VSH has been studied and found somewhat lacking especially in password protection. There have been many different variants of VSH proposed by the original authors and others. Especially the discrete logarithm version of VSH has been proposed in order to make the hash values shorter. Further proposals have used the discrete logarithm in finite fields and elliptic curves to gain even more advantage to the hash length. Our results demonstrate that even for these new variants, the same ideas for preimage attacks can be applied as for the original VSH and they result in effective preimage attacks. © 2010 Springer-Verlag.