Cryptanalysis of MAME Compression Function

摘要

MAME is a compression function designed for hardware-oriented hash functions which can be used in applications with reduced hardware requirements and was described in CHES 2007. This paper first gives the 22, 23, 24 rounds attacks using the cryptanalysis on generalized Feistel. For 22 rounds, the complexity of collision attack and second preimage are respective 2~(97) and 2~(197); For 23 rounds, collision attack and second preimage need extra space and precomputation, require about 2~(64) tables and every table is about 2~(64); For 24 rounds, the precomputation need about 2128 tables and every table is about 2~(64). Then we improve the 24 rounds attack using the internal structure of round function. New attack doesn't need large precomputation and space. The complexity of new second preimage attack is about 2~(224) and the complexity of new collision attack is about 2~(112).