Abstract
We consider constructions for cryptographic hash functions based on m-bit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 23m/4 encryptions, which should be compared to 2m encryptions for a brute force attack. This attack breaks the last remaining subclass in a wide class of efficient hash functions which have been proposed in the literature. We then analyze hash functions based on a collision resistant compression function for which finding a collision requires at least 2m encryptions, providing a lower bound of the complexity of collisions of the hash function. A new class of constructions is proposed, based on error correcting codes over GF(22) and a proof of security is given, which relates their security to that of single block hash functions. For example, a compression function is presented which requires about 4 encryptions to hash an m-bit block, and for which finding a collision requires at least 2m encryptions. This scheme has the same hash rate as MDC-4, but better security against collision attacks. Our method can be used to construct compression functions with even higher levels of security at the cost of more internal memory.
The work in this paper was initiated while the authors were visiting the Isaac Newton Institute, Cambridge, U.K., February 1996
sponsored by the National Fund for Scientific Research (Belgium).
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
R. Anderson, “The classification of hash functions,” Codes and Cyphers: Cryptography and Coding IV, P.G. Farrell, Ed., Institute of Mathematics & Its Applications (IMA), 1995, pp. 83–93.
B.O. Brachtl, D. Coppersmith, M.M. Hyden, S.M. Matyas, C.H. Meyer, J. Oseas, S. Pilpel, M. Schilling, “Data Authentication Using Modification Detection Codes Based on a Public One Way Encryption Function,” U.S. Patent Number 4,908,861, March 13, 1990.
A.E. Brouwer, “Linear code bound,” http://www.win.tue.nl/win/math/dw/voorlincod.html.
L. Brown, J. Pieprzyk, J. Seberry, “LOKI — a cryptographic primitive for authentication and secrecy applications,” Advances in Cryptology, Proc. Auscrypt'90, LNCS 453, J. Seberry, J. Pieprzyk, Eds., Springer-Verlag, 1990, pp. 229–236.
I.B. Damgård, “A design principle for hash functions,” Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416–427.
B. den Boer, A. Bosselaers, “Collisions for the compression function of MD5,” Advances in Cryptology, Proc. Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 293–304.
H. Dobbertin, “Cryptanalysis of MD4,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 53–69.
H. Dobbertin, “Cryptanalysis of MD5 compress,” Presented at the rump session of Eurocrypt'96, May 1996.
W. Feller, “An Introduction to Probability Theory and Its Applications, Vol. 1,” Wiley & Sons, 1968.
FIPS 46, “Data Encryption Standard,” Federal Information Processing Standard (FIPS), Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., January 1977.
W. Hohl, X. Lai, T. Meier, C. Waldvogel, “Security of iterated hash functions based on block ciphers,” Advances in Cryptology, Proc. Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 379–390.
ISO/IEC 10118, “Information technology — Security techniques — Hash-functions, Part 1: General and Part 2: Hash-functions using an n-bit block cipher algorithm,” IS 10118, 1994.
L.R. Knudsen, ”A Key-schedule Weakness in SAFER K-64,” Advances in Cryptology, Proc. Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 274–286.
L.R. Knudsen, X. Lai, “New attacks on all double block length hash functions of hash rate 1, including the parallel-DM,” Advances in Cryptology, Proc. Eurocrypt'94, LNCS 959, A. De Santis, Ed., Springer-Verlag, 1995, pp. 410–418.
L.R. Knudsen, X. Lai, B. Preneel, “Attacks on Fast Double Block Length Hash Functions”. Submitted to the Journal of Cryptology.
X. Lai, “On the Design and Security of Block Ciphers,” ETH Series in Information Processing, Vol. 1, J.L. Massey, Ed., Hartung-Gorre Verlag, Konstanz, 1992.
F.J. MacWilliams, N.J. A. Sloane, “The Theory of Error-Correcting Codes,” North-Holland Publishing Company, Amsterdam, 1978.
S.M. Matyas, C.H. Meyer, J. Oseas, “Generating strong one-way functions with cryptographic algorithm,” IBM Techn. Disclosure Bull., Vol. 27, No. 10A, 1985, pp. 5658–5659.
R. Merkle, “One way hash functions and DES,” Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 428–446.
J.H. Moore, G.J. Simmons, “Cycle structure of the DES for keys having palindromic (or antipalindromic) sequences of round keys,” IEEE Trans. on Software Engineering, Vol. SE-13, No. 2, 1987, pp. 262–273.
M. Naor, M. Yung, “Universal one-way hash functions and their cryptographic applications,” Proc. 21st ACM Symposium on the Theory of Computing, ACM, 1989, pp. 387–394.
B. Preneel, “Analysis and design of cryptographic hash functions,” Doctoral Dissertation, Katholieke Universiteit Leuven, 1993.
B. Preneel, R. Govaerts, J. Vandewalle, “On the power of memory in the design of collision resistant hash functions,” Advances in Cryptology, Proc. Auscrypt'92, LNCS 718, J. Seberry, Y. Zheng, Eds., Springer-Verlag, 1993, pp. 105–121.
B. Preneel, R. Govaerts, J. Vandewalle, “Hash functions based on block ciphers: a synthetic approach,” Advances in Cryptology, Proc. Crypto '93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 368–378.
J.-J. Quisquater, J.-P. Delescaille, “How easy is collision search? Application to DES,” Advances in Cryptology, Proc. Eurocrypt'89, LNCS 434, J.-J. Quisquater, J. Vandewalle, Eds., Springer-Verlag, 1990, pp. 429–434.
R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proc. Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.
R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
P.C. van Oorschot, M.J. Wiener, “Parallel collision search with application to hash functions and discrete logarithms,” Proc. 2nd ACM Conference on Computer and Communications Security, ACM, 1994, pp. 210–218.
M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto'93.
G. Yuval, “How to swindle Rabin,” Cryptologia, Vol. 3, No. 3, 1979, pp. 187–189.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag
About this paper
Cite this paper
Knudsen, L., Preneel, B. (1996). Hash functions based on block ciphers and quaternary codes. In: Kim, K., Matsumoto, T. (eds) Advances in Cryptology — ASIACRYPT '96. ASIACRYPT 1996. Lecture Notes in Computer Science, vol 1163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0034837
Download citation
DOI: https://doi.org/10.1007/BFb0034837
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61872-0
Online ISBN: 978-3-540-70707-3
eBook Packages: Springer Book Archive