Chapter

Advances in Cryptology — EUROCRYPT’ 92

Volume 658 of the series Lecture Notes in Computer Science pp 55-70

Date:

Hash Functions Based on Block Ciphers

  • Xucjia LaiAffiliated withSignal and Information Processing Laboratory, Swiss Federal Institute of Technology
  • , James L. MasseyAffiliated withSignal and Information Processing Laboratory, Swiss Federal Institute of Technology

Abstract

Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing m-bit and 2m-bit hash round functions from m-bit block ciphers are studied. A principle is formalized for evaluating the strength of hash round functions, viz., that applying computationally simple (in both directions) invertible transformations to the input and output of a hash round function yields a new hash round function with the same security. By applying this principle, four attacks on three previously proposed 2m-bit hash round functions are formulated. Finally, three new hash round functions based on an m-bit block cipher with a 2m-bit key are proposed.