Skip to main content
Log in

Open problems in hash function security

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

A cryptographic hash function compresses arbitrarily long messages to digests of a short and fixed length. Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or permutations. This modular design approach allows for a rigorous security analysis via means of both cryptanalysis and provable security. We present a survey on the state of the art in hash function security and modular design analysis. We focus on existing security models and definitions, as well as on the security aspects of designing secure compression functions (indirectly) from either block ciphers or permutations. In all of these directions, we identify open problems that, once solved, would allow for an increased confidence in the use of cryptographic hash functions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1

Similar content being viewed by others

Notes

  1. Kelsey and Schneier [63] describe a second preimage attack on the Merkle-Damgård hash function that requires at most approximately \(2^{n-L}\) queries, where the first preimage is of length at most \(2^L\) blocks.

References

  1. Abed F., Forler C., List E., Lucks S., Wenzel J.: Counter-bDM: a provably secure family of multi-block-length compression functions. In: Progress in Cryptology—AFRICACRYPT 2014. Lecture Notes in Computer Science, vol. 8469, pp. 440–458. Springer, Heidelberg (2014).

  2. Andreeva E., Mennink B., Preneel B.: Security properties of domain extenders for cryptographic hash functions. J. Inf. Process. Syst. 6(4), 453–480 (2010).

  3. Andreeva E., Mennink B., Preneel B.: Security reductions of the second round SHA-3 candidates. In: Information Security Conference—ISC 2010. Lecture Notes in Computer Science, vol. 6531, pp. 39–53. Springer, Heidelberg (2010).

  4. Andreeva E., Mennink B., Preneel B.: The parazoa family: generalizing the sponge hash functions. Int. J. Inf. Secur. 11(3), 149–165 (2012).

  5. Andreeva E., Mennink B., Preneel B., Škrobot M.: Security analysis and comparison of the SHA-3 Finalists BLAKE. In: Grøstl J.H., Keccak and Skein (eds.) Progress in Cryptology—AFRICACRYPT 2012. Lecture Notes in Computer Science, vol. 7374, pp. 287–305. Springer, Heidelberg (2012).

  6. Andreeva E., Neven G., Preneel B., Shrimpton T.: Seven-property-preserving iterated hashing: ROX. In: Advances in Cryptology—ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 130–146. Springer, Heidelberg (2007).

  7. Andreeva E., Preneel B.: A three-property-secure hash function. In: Selected Areas in Cryptography 2008. Lecture Notes in Computer Science, vol. 5381, pp. 228–244. Springer, Heidelberg (2008).

  8. Andreeva E., Stam M.: The symbiosis between collision and preimage resistance. In: IMA International Conference 2011. Lecture Notes in Computer Science, vol. 7089, pp. 152–171. Springer, Heidelberg (2011).

  9. Armknecht F., Fleischmann E., Krause M., Lee J., Stam M., Steinberger J.P.: The preimage security of double-block-length compression functions. In: Advances in Cryptology—ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 233–251. Springer, Heidelberg (2011).

  10. Babai L.: The Fourier Transform and Equations over Finite Abelian Groups (Lecture Notes, version 1.3) (2002). http://people.cs.uchicago.edu/laci/reu02/fourier.pdf.

  11. Backes M., Barthe G., Berg M., Grégoire B., Kunz C., Skoruppa M., Béguelin S.Z.: Verified security of Merkle-Damgård. In: Computer Security Foundations Symposium—CSF 2012. pp. 354–368. IEEE Comput. Soc. (2012).

  12. Baecher P., Brzuska C., Mittelbach A.: Reset indifferentiability and its consequences. In: Advances in Cryptology—ASIACRYPT 2013 (I). Lecture Notes in Computer Science, vol. 8269, pp. 154–173. Springer, Heidelberg (2013).

  13. Baecher P., Farshim P., Fischlin M., Stam M.: Ideal-cipher (ir)reducibility for blockcipher-based hash functions. In: Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881, pp. 426–443. Springer, Heidelberg (2013).

  14. Barreto P., Rijmen V.: The WHIRLPOOL hashing function (2003). http://www.larc.usp.br/pbarreto/whirlpool.zip.

  15. Bellare M., Canetti R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing. pp. 419–428. ACM (1998).

  16. Bellare M., Rogaway P.: Collision-resistant hashing: towards making UOWHFs practical. In: Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294, pp. 470–484. Springer, Heidelberg (1997).

  17. Bernstein D.: CubeHash specificatio. Submission to NIST’s SHA-3 Competition (2009).

  18. Bertoni G., Daemen J., Peeters M., Assche G.: Sufficient conditions for sound tree and sequential hashing modes. Cryptol. ePrint Arch. Report 2009/210 (2009).

  19. Bertoni G., Daemen J., Peeters M., Assche G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Selected Areas in Cryptography 2011. Lecture Notes in Computer Science, vol. 7118, pp. 320–337. Springer, Heidelberg (2011).

  20. Bertoni G., Daemen J., Peeters M., Assche G.: On the security of the keyed sponge construction. In: Symmetric Key Encryption Workshop (SKEW 2011) (2011).

  21. Bertoni G., Daemen J., Peeters M., Assche G.: The KECCAK sponge function family, submission to NIST’s SHA-3 competition (2011).

  22. Bertoni G., Daemen J., Peeters M., Assche G.: Sponge functions (ECRYPT Hash Function Workshop 2007).

  23. Bertoni G., Daemen J., Peeters M., Van Assche G.: Sakura: a flexible coding for tree hashing. In: Applied Cryptography and Network Security—ACNS 2014. Lecture Notes in Computer Science, vol. 8479, pp. 217–234. Springer, Heidelberg (2014).

  24. Bhattacharyya R., Mandal A., Nandi M.: Security analysis of the mode of JH hash function. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 168–191. Springer, Heidelberg (2010).

  25. Biham E., Dunkelman O.: A framework for iterative hash functions—HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007).

  26. Biryukov A., Khovratovich D., Nikolić I.: Distinguisher and related-key attack on the full AES-256. In: Advances in Cryptology—CRYPTO 2009. Lecture Notes in Computer Science, vol. 5677, pp. 231–249. Springer, Heidelberg (2009).

  27. Black J., Cochran M., Shrimpton T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 526–541. Springer, Heidelberg (2005).

  28. Black J., Rogaway P., Shrimpton T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science, vol. 2442, pp. 320–335. Springer, Heidelberg (2002).

  29. Black J., Rogaway P., Shrimpton T., Stam M.: An analysis of the blockcipher-based hash functions from PGV. J. Cryptol. 23(4), 519–545 (2010).

  30. Bos J., Özen O., Stam M.: Efficient hashing using the AES instruction set. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 507–522. Springer, Heidelberg (2011).

  31. CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014). http://competitions.cr.yp.to/caesar.html.

  32. Canteaut A., Fuhr T., Naya-Plasencia M., Paillier P., Reinhard J.R., Videau M.: A unified indifferentiability proof for permutation-or block cipher-based hash functions. Cryptology ePrint Archive, Report 2012/363 (2012).

  33. Chang D., Lee S., Nandi M., Yung M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Advances in Cryptology—ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284, pp. 283–298. Springer, Heidelberg (2006).

  34. Chen S., Lampe R., Lee J., Seurin Y., Steinberger J.P.: Minimizing the two-round Even-Mansour cipher. In: Advances in Cryptology—CRYPTO 2014 (I). Lecture Notes in Computer Science, vol. 8616, pp. 39–56. Springer, Heidelberg (2014).

  35. Coron J., Dodis Y., Malinaud C., Puniya P.: Merkle-Damgård revisited: how to construct a hash function. In: Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 430–448. Springer, Heidelberg (2005).

  36. Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, Berlin (2002).

  37. Damgård I.: A design principle for hash functions. In: Advances in Cryptology—CRYPTO ’89. Lecture Notes in Computer Science, vol. 435, pp. 416–427. Springer, Heidelberg (1990).

  38. Daubignard M., Lafourcade P., Lakhnech Y.: Generic indifferentiability proofs of hash designs. In: Computer Security Foundations Symposium—CSF 2012. Lecture Notes in Computer Science, IEEE Computer Society, Washington, pp. 340–353 (2012).

  39. Davies, D.W., Price, W.L.: Security for Computer Networks—an Introduction to Data Security in Teleprocessing and Electronic Funds Transfer (2. ed.). Wiley Series in Communication and Distributed Systems (1989).

  40. Dean R.: Formal Aspects of Mobile Code Security. Ph.D. thesis, Princeton University, Princeton (1999).

  41. Demay G., Gaži P., Hirt M., Maurer U.: Resource-restricted indifferentiability. In: Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881, pp. 664–683. Springer, Heidelberg (2013).

  42. Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 655–654 (1976).

  43. Dobbertin H., Bosselaers A., Preneel B.: RIPEMD-160: a strengthened version of RIPEMD. In: Fast Software Encryption ’96. Lecture Notes in Computer Science, vol. 1039, pp. 71–82. Springer, Heidelberg (1996).

  44. Dodis Y., Pietrzak K., Puniya P.: A new mode of operation for block ciphers and length-preserving MACs. In: Advances in Cryptology—EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 198–219. Springer, Heidelberg (2008).

  45. Dodis Y., Ristenpart T., Shrimpton T.: Salvaging Merkle-Damgård for practical applications. In: Advances in Cryptology—EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479, pp. 371–388. Springer, Heidelberg (2009).

  46. Duo L., Li C.: Improved collision and preimage resistance bounds on PGV schemes. Cryptology ePrint Archive, Report 2006/462 (2006).

  47. Ferguson N., Lucks S., Schneier B., Whiting D., Bellare M., Kohno T., Callas J., Walker J.: The Skein Hash Function Family, submission to NIST’s SHA-3 competition (2009).

  48. Fleischmann E., Gorski M., Lucks S.: Security of cyclic double block length hash functions. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 153–175. Springer, Heidelberg (2009).

  49. Gauravaram P.: Security analysis of salt\(||\)password hashes. In: Advanced Computer Science Applications and Technologies—ACSAT 2012, pp. 25–30. IEEE (2012).

  50. Gauravaram P., Bagheri N., Knudsen L.R.: Building indifferentiable compression functions from the PGV compression functions. Des. Codes Cryptogr. doi:10.1007/s10623-014-0020-z (2014).

  51. Gauravaram P., Knudsen L.R.: Security analysis of randomize-hash-then-sign digital signatures. J. Cryptol. 25(4), 748–779 (2012).

  52. Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F., Rechberger C., Schläffer M., Thomsen S.: Grøstl—a SHA-3 candidate. Submitted to NIST’s SHA-3 Competition (2011).

  53. Gong Z., Lai X., Chen K.: A synthetic indifferentiability analysis of some block-cipher-based hash functions. Des. Codes Cryptogr. 48(3), 293–305 (2008).

  54. Halevi S., Hall W., Jutla C.: The hash function “Fugue”. Submitted to NIST’s SHA-3 Competition (2009).

  55. Halevi S., Krawczyk H.: Strengthening digital signatures via randomized hashing. In: Advances in Cryptology—CRYPTO 2006. Lecture Notes in Computer Science, vol. 4117, pp. 41–59. Springer, Heidelberg (2006).

  56. Hirose S.: Secure block ciphers are not sufficient for one-way hash functions in the preneel-govaerts-vandewalle mode. In: Selected Areas in Cryptography 2002. Lecture Notes in Computer Science, vol. 2595, pp. 339–352. Springer, Heidelberg (2003).

  57. Hirose S.: Provably secure double-block-length hash functions in a black-box model. In: Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506, pp. 330–342. Springer, Heidelberg (2005).

  58. Hirose S.: Some plausible constructions of double-block-length hash functions. In: Fast Software Encryption 2006. Lecture Notes in Computer Science, vol. 4047, pp. 210–225. Springer, Heidelberg (2006).

  59. Hong D., Kwon D.: Cryptanalysis of some double-block-length hash modes of block ciphers with \(n\)-bit block and \(n\)-bit key. Cryptology ePrint Archive Report 2013/174 (2013).

  60. Hong D., Kwon D.: Cryptanalysis of double-block-length hash modes MDC-4 and MJH. IEICE Trans. 97-A(8), 1747–1753 (2014).

  61. Jetchev D., Özen O., Stam M.: Collisions are not incidental: a compression function exploiting discrete geometry. In: Theory of Cryptography Conference 2012. Lecture Notes in Computer Science, vol. 7194, pp. 303–320. Springer, Heidelberg (2012).

  62. Kelsey J., Kohno T.: Herding hash functions and the Nostradamus attack. In: Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 183–200. Springer, Heidelberg (2006).

  63. Kelsey J., Schneier B.: Second preimages on n-bit hash functions for much less than 2\(^{\text{ n }}\) work. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 474–490. Springer, Heidelberg (2005).

  64. Kiltz E., Pietrzak K., Szegedy M.: Digital signatures with minimal overhead from indifferentiable random invertible functions. In: Advances in Cryptology—CRYPTO 2013 (I). Lecture Notes in Computer Science, vol. 8042, pp. 571–588. Springer, Heidelberg (2013).

  65. Knudsen L.R., Preneel B.: Fast and secure hashing based on codes. In: Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294, pp. 485–498. Springer, Heidelberg (1997).

  66. Knudsen L.R., Preneel B.: Construction of secure and fast hash functions using nonbinary error-correcting codes. IEEE Trans. Inf. Theory 48(9), 2524–2539 (2002).

  67. Knudsen L.R., Rechberger C., Thomsen S.: The Grindahl hash functions. In: Fast Software Encryption 2007. Lecture Notes in Computer Science, vol. 4593, pp. 39–57. Springer, Heidelberg (2007).

  68. Knudsen L.R., Mendel F., Rechberger C., Thomsen S.: Cryptanalysis of MDC-2. In: Advances in Cryptology—EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479, pp. 106–120. Springer, Heidelberg (2009).

  69. Kuwakado H., Morii M.: Indifferentiability of single-block-length and rate-1 compression functions. IEICE Trans. 90-A(10), 2301–2308 (2007).

  70. Lai X., Massey J.: Hash function based on block ciphers. In: Advances in Cryptology—EUROCRYPT ’92. Lecture Notes in Computer Science, vol. 658, pp. 55–70. Springer, Heidelberg (1992).

  71. Lee J.: Provable security of the Knudsen-Preneel compression functions. In: Advances in Cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 504–525. Springer, Heidelberg (2012).

  72. Lee J., Hong D.: Collision resistance of the JH hash function. IEEE Trans. Inf. Theory 58(3), 1992–1995 (2012).

  73. Lee J., Kwon D.: The security of abreast-DM in the ideal cipher model. IEICE Trans. 94-A(1), 104–109 (2011).

  74. Lee J., Stam M.: MJH: a faster alternative to MDC-2. In: CT-RSA 2011. Lecture Notes in Computer Science, vol. 6558, pp. 213–236. Springer, Heidelberg (2011).

  75. Lee J., Stam M.: MJH: a faster alternative to MDC-2. Des. Codes Cryptogr. doi:10.1007/978-3-642-19074-2_15 (2014).

  76. Lee J., Stam M., Steinberger J.P.: The collision security of Tandem-DM in the ideal cipher model. In: Advances in Cryptology—CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 561–577. Springer, Heidelberg (2011).

  77. Lee J., Stam M., Steinberger J.P.: The preimage security of double-block-length compression functions. Cryptol. ePrint Arch. Report 2011/210 (2011).

  78. Lee W., Chang D., Lee S., Sung S., Nandi M.: New parallel domain extenders for UOWHF. In: Advances in Cryptology—ASIACRYPT 2003. Lecture Notes in Computer Science, vol. 2894, pp. 208–227. Springer, Heidelberg (2003).

  79. Lee W., Chang D., Lee S., Sung S., Nandi M.: Construction of UOWHF: two new parallel methods. IEICE Trans. 88-A(1), 49–58 (2005).

  80. Luo Y., Gong Z., Duan M., Zhu B., Lai X.: Revisiting the indifferentiability of PGV hash functions. Cryptology ePrint Archive Report 2009/265 (2009).

  81. Luykx A., Andreeva E., Mennink B., Preneel B.: Impossibility results for indifferentiability with resets. Cryptology ePrint Archive Report 2012/644 (2012).

  82. Mandal A., Patarin J., Nachef V.: Indifferentiability beyond the birthday bound for the xor of two public random permutations. In: Progress in Cryptology—INDOCRYPT 2010. Lecture Notes in Computer Science, vol. 6498, pp. 69–81. Springer, Heidelberg (2010).

  83. Matyas S., Meyer C., Oseas J.: Generating strong one-way functions with cryptographic algorithm. IBM Tech. Discl. Bull. 27(10A), 5658–5659 (1985).

  84. Maurer U., Renner R., Holenstein C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Theory of Cryptography Conference 2004. Lecture Notes in Computer Science, vol. 2951, pp. 21–39. Springer, Heidelberg (2004).

  85. Menezes A., Oorschot P., Vanstone S.: Handbook of Applied Cryptography. CRC Press, New York (1997).

  86. Mennink B.: Optimal collision security in double block length hashing with single length key. In: Advances in Cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 526–543. Springer, Heidelberg (2012).

  87. Mennink B.: Indifferentiability of double length compression functions. In: IMA International Conference 2013. Lecture Notes in Computer Science, vol. 8308, pp. 232–251. Springer, Heidelberg (2013).

  88. Mennink B.: On the collision and preimage security of MDC-4 in the ideal cipher model. Des. Codes Cryptogr. 73(1), 121–150 (2014).

  89. Mennink B., Preneel B.: Hash functions based on three permutations: a generic security analysis. In: Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 330–347. Springer, Heidelberg (2012).

  90. Mennink B., Preneel B.: On the XOR of multiple random permutations. In: Applied Cryptography and Network Security - ACNS 2015. Lecture Notes in Computer Science. Springer, Heidelberg (2015), to appear.

  91. Merkle R.: One way hash functions and DES. In: Advances in Cryptology—CRYPTO ’89. Lecture Notes in Computer Science, vol. 435, pp. 428–446. Springer, Heidelberg (1990).

  92. Merkle R.C.: Secrecy, Authentication and Public Key Systems. Ph.D. thesis, UMI Research Press, Italy (1979).

  93. Meyer C., Schilling M.: Secure program load with manipulation detection code. In: Proceedings of Securicom. pp. 111–130 (1988).

  94. Miyaguchi S., Ohta K., Iwata M.: Confirmation that some hash functions are not collision free. In: Advances in Cryptology—EUROCRYPT ’90. Lecture Notes in Computer Science, vol. 473, pp. 326–343. Springer, Heidelberg (1990).

  95. Moody D., Paul S., Smith-Tone D.: Improved indifferentiability security bound for the JH mode. Cryptology ePrint Archive Report 2012/278 (2012).

  96. Naito Y.: Blockcipher-based double-length hash functions for pseudorandom oracles. In: Selected Areas in Cryptography 2011. Lecture Notes in Computer Science, vol. 7118, pp. 338–355. Springer, Heidelberg (2011).

  97. Naito Y., Yoneyama K., Ohta K.: Reset indifferentiability from weakened random oracle salvages one-pass hash functions. In: Applied Cryptography and Network Security—ACNS 2014. Lecture Notes in Computer Science, vol. 8479, pp. 235–252. Springer, Heidelberg (2014).

  98. National Institute for Standards and Technology: Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA3) family (2007).

  99. Özen O., Stam M.: Another glance at double-length hashing. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 176–201. Springer, Heidelberg (2009).

  100. Özen O., Stam M.: Collision attacks against the Knudsen-Preneel compression functions. In: Advances in Cryptology—ASIACRYPT 2010. Lecture Notes in Computer Science, vol. 6477, pp. 76–93. Springer, Heidelberg (2010).

  101. Özen O., Shrimpton T., Stam M.: Attacking the Knudsen-Preneel compression functions. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 94–115. Springer, Heidelberg (2010).

  102. Password Hashing Competition (2013). https://password-hashing.net/.

  103. Preneel B., van Oorschot P.C.: On the security of iterated message authentication codes. IEEE Trans. Inf. Theory 45(1), 188–199 (1999).

  104. Preneel B., Govaerts R., Vandewalle J.: On the power of memory in the design of collision resistant hash functions. In: Advances in Cryptology—AUSCRYPT ’92. Lecture Notes in Computer Science, vol. 718, pp. 105–121. Springer, Heidelberg (1992).

  105. Preneel B., Govaerts R., Vandewalle J.: Hash functions based on block ciphers: a synthetic approach. In: Advances in Cryptology—CRYPTO ’93. Lecture Notes in Computer Science, vol. 773, pp. 368–378. Springer, Heidelberg (1993).

  106. Reyhanitabar M., Susilo W., Mu Y.: Enhanced security notions for dedicated-key hash functions: definitions and relationships. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 192–211. Springer, Heidelberg (2010).

  107. Ristenpart T., Shacham H., Shrimpton T.: Careful with composition: limitations of the indifferentiability framework. In: Advances in Cryptology—EUROCRYPT 2011. Lecture Notes in Computer Science, vol. 6632, pp. 487–506. Springer, Heidelberg (2011).

  108. Rivest R.: The MD4 message digest algorithm. In: Advances in Cryptology—CRYPTO ’90. Lecture Notes in Computer Science, vol. 537, pp. 303–311. Springer, Heidelberg (1991).

  109. Rivest R.: The MD5 message-digest algorithm. Request for Comments (RFC) 1321 (1992).

  110. Rivest R.: Abelian square-free dithering for iterated hash functions. In: ECRYPT Hash Function Workshop 2005.

  111. Rivest R.L., Agre B., Bailey D.V., Crutchfield C., Dodis Y., Elliott K., Khan F.A., Krishnamurthy J., Lin Y., Reyzin L., Shen E., Sukha J., Sutherland D., Tromer E., Yin Y.L.: The MD6 hash function. Submitted to NIST’s SHA-3 Competition (2008).

  112. Rogaway P., Shrimpton T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Fast software encryption 2004. Lecture Notes in Computer Science, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).

  113. Rogaway P., Steinberger J.P.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Advances in Cryptology—CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157, pp. 433–450. Springer, Heidelberg (2008).

  114. Rogaway P., Steinberger J.P.: Security/efficiency tradeoffs for permutation-based hashing. In: Advances in Cryptology—EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 220–236. Springer, Heidelberg (2008).

  115. Sarkar P.: Construction of universal one-way hash functions: tree hashing revisited. Discret. Appl. Math. 155(16), 2174–2180 (2007).

  116. National Institute of Standards and Technology. Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180–3 (2008).

  117. Shrimpton T., Stam M.: Building a collision-resistant compression function from non-compressing primitives. In: International Colloquium on Automata, Languages and Programming—ICALP (2) 2008. Lecture Notes in Computer Science, vol. 5126, pp. 643–654. Springer, Heidelberg (2008).

  118. Simon D.: Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Advances in Cryptology—EUROCRYPT ’98. Lecture Notes in Computer Science, vol. 1403, pp. 334–345. Springer, Heidelberg (1998).

  119. Stam M.: Beyond uniformity: better security/efficiency tradeoffs for compression functions. In: Advances in Cryptology—CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157, pp. 397–412. Springer, Heidelberg (2008).

  120. Stam M.: Blockcipher-based hashing revisited. In: Fast Software Encryption 2009. Lecture Notes in Computer Science, vol. 5665, pp. 67–83. Springer, Heidelberg (2009).

  121. Steinberger J.: The Sum-Capture Problem for Abelian Groups (2014). http://arxiv.org/abs/1309.5582.

  122. Steinberger J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Advances in Cryptology—EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515, pp. 34–51. Springer, Heidelberg (2007).

  123. Steinberger J.P.: Stam’s collision resistance conjecture. In: Advances in Cryptology—EUROCRYPT 2010. Lecture Notes in Computer Science, vol. 6110, pp. 597–615. Springer, Heidelberg (2010).

  124. Steinberger J.P., Sun X., Yang Z.: Stam’s conjecture and threshold phenomena in collision resistance. In: Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 384–405. Springer, Heidelberg (2012).

  125. Tsudik G.: Message authentication with one-way hash functions. In: ACM Comput. Commun. Rev. pp. 29–38. ACM, New York (1992).

  126. Wang X., Yu H.: How to break MD5 and other hash functions. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 19–35. Springer, Heidelberg (2005).

  127. Wang X., Yin Y., Yu H.: Finding collisions in the full SHA-1. In: Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 17–36. Springer, Heidelberg (2005).

  128. Watanabe D.: A note on the security proof of Knudsen-Preneel construction of a hash function (2006).

  129. Wu H.: The Hash Function JH. Submitted to NIST’s SHA-3 Competition (2011).

  130. Yasuda K.: How to fill up Merkle-Damgård hash functions. In: Advances in Cryptology—ASIACRYPT 2008. Lecture Notes in Computer Science, vol. 5350, pp. 272–289. Springer, Heidelberg (2008).

  131. Yuval G.: How to swindle Rabin. Cryptologia 3(3), 187–191 (1979).

  132. Zheng Y., Pieprzyk J., Seberry J.: HAVAL—a one-way hashing algorithm with variable length of output. In: Advances in Cryptology—AUSCRYPT ’92. Lecture Notes in Computer Science, vol. 718, pp. 83–104. Springer, Heidelberg (1993).

Download references

Acknowledgments

This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). Elena Andreeva and Bart Mennink are Postdoctoral Fellows of the Research Foundation—Flanders (FWO).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Bart Mennink.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Cryptography, Codes, Designs and Finite Fields: In Memory of Scott A. Vanstone”.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Andreeva, E., Mennink, B. & Preneel, B. Open problems in hash function security. Des. Codes Cryptogr. 77, 611–631 (2015). https://doi.org/10.1007/s10623-015-0096-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-015-0096-0

Keywords

Mathematics Subject Classification

Navigation