Abstract
Cryptographic primitives are usually based on a network with boxes. At EUROCRYPT'94, Schnorr and the author of this paper claimed that all boxes should be multipermutations. Here, we investigate a few combinatorial properties of multipermutations. We argue that boxes which fail to be multipermutations can open the way to unsuspected attacks. We illustrate this statement with two examples.
Firstly, we show how to construct collisions to MD4 restricted to its first two rounds. This allows one to forge digests close to each other using the full compression function of MD4. Secondly, we show that variants of SAFER are subject to attack faster than exhaustive search in 6.1% cases. This attack can be implemented if we decrease the number of rounds from 6 to 4.
Laboratoire d'Informatique de l'Ecole Normale Supérieure, research group affiliated with the CNRS
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. J. Anderson. The Classification of Hash Functions. In Proceedings of the 4th IMA Conference on Cryptography and Coding, Cirencester, United Kingdom, pp. 83–95, Oxford University Press, 1995.
B. den Boer, A. Bosselaers. An Attack on the last two Rounds of MD4. In Advances in Cryptology CRYPTO'91, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 576, pp. 194–203, Springer-Verlag, 1992.
J. Dénes, A. D. Keedwell. Latin Squares and their Applications, Akadémiai Kiadó, Budapest, 1974.
I. B. Damgård. A Design Principle for Hash Functions. In Advances in Cryptology CRYPTO'89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.
R. W. Davies, W. L. Price. Digital Signature — an Update. In Proceedings of the International Conference on Computer Communications, Sydney, pp. 843–847, North-Holland, 1985.
W. Feller. An Introduction to Probability Theory and its Applications, vol. 1, Wiley, 1957.
M. Hall, L. J. Paige. Complete Mappings of Finite Groups. In Pacific Journal of Mathematics, vol. 5, pp. 541–549, 1955.
B. R. Kaliski Jr., M. J. B. Robshaw. Linear Cryptanalysis using Multiple Approximations. In Advances in Cryptology CRYPTO'94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 26–39, Springer-Verlag, 1994.
J. L. Massey. SAFER K-64: a Byte-oriented Block-ciphering Algorithm. In Fast Software Encryption — Proceedings of the Cambridge Security Workshop, Cambridge, United Kingdom, Lectures Notes in Computer Science 809, pp. 1–17, Springer-Verlag, 1994.
M. Matsui. Linear Cryptanalysis Method for DES Cipher. In Advances in Cryptology EUROCRYPT'93, Lofthus, Norway, Lectures Notes in Computer Science 765, pp. 386–397, Springer-Verlag, 1994.
M. Matsui. The first Experimental Cryptanalysis of the Data Encryption Standard. In Advances in Cryptology CRYPTO'94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 1–11, Springer-Verlag, 1994.
R. C. Merkle. One way Hash Functions and DES. In Advances in Cryptology CRYPTO'89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.
U. M. Maurer, J. L. Massey. Local Randomness in Pseudorandom Sequences. In Journal of Cryptology, vol. 4, pp. 135–149, 1991.
S. M. Matyas, C. H. Meyer, J. Oseas. Generating Strong One-way Functions with Cryptographic Algorithm. IBM Technical Disclosure Bulletin, vol. 27, pp. 5658–5659, 1985.
F. J. McWilliams, N. J. A. Sloane. The Theory of Error-correcting Codes, North-Holland, 1977.
L. O'Connor. Properties of linear approximation tables. In these proceedings, pp. 131–136.
R. Rivest. The MD4 Message Digest Algorithm. In Advances in Cryptology CRYPTO'90, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 537, pp. 303–311, Springer-Verlag, 1991.
C.-P. Schnorr, S. Vaudenay. Black box Cryptanalysis of Hash Networks based on Multipermutations. To appear in Advances in Cryptology EUROCRYPT'94.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (1995). On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In: Preneel, B. (eds) Fast Software Encryption. FSE 1994. Lecture Notes in Computer Science, vol 1008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60590-8_22
Download citation
DOI: https://doi.org/10.1007/3-540-60590-8_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60590-4
Online ISBN: 978-3-540-47809-6
eBook Packages: Springer Book Archive