Preimage Attacks on Some Hashing Modes Instantiating Reduced-Round LBlock

In this paper, we present preimage attacks on several hashing modes instantiating reduced-round LBlock. It is observed that the omission of the network twist in the last round and the diffusion of the permutation in round function are the key points for our successful attack. First, to guarantee the validity of our attack, we prove one proposition on the round function. Then, utilizing the property of LBlock and several meet-in-the-middle techniques, we present a preimage attack on Davies-Meyer hashing mode instantiating 13-round LBlock, of which the time complexity is about O(255.4) 13-round compression function computations, less than the ideal complexity O(264) and the memory complexity is about 212 32-bit memory. Furthermore, we extend our results to the Matyas-Meyer-Oseas mode and MP mode with some changes. Finally, we convert the preimage attack into preimage attack or second preimage attack on the corresponding hash functions with Merkle-Damgard structure.