A Family of Fast Syndrome Based Cryptographic Hash Functions

  • Daniel Augot
  • Matthieu Finiasz
  • Nicolas Sendrier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3715)

Abstract

Recently, some collisions have been exposed for a variety of cryptographic hash functions [20,21] including some of the most widely used today. Many other hash functions using similar constructions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs.

In this article is presented a family of secure hash functions, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes.

Taking into account the analysis by Coron and Joux [4] based on Wagner’s generalized birthday algorithm [19] we study the asymptotical security of our functions. We demonstrate that this attack is always exponential in terms of the length of the hash value.

We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter description for the function.

Keywords

cryptographic hash functions provable security syndrome decoding NP-completeness Wagner’s generalized birthday problem 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Augot, D., Finiasz, M., Sendrier, N.: A fast provably secure cryptographic hash function. Cryptology ePrint Archive (2003), http://eprint.iacr.org/2003/230/
  2. 2.
    Barg, A.: Complexity issues in coding theory. In: Pless, V.S., Huffman, W.C. (eds.) Handbook of Coding theory, ch. 7, vol. I, pp. 649–754. North-Holland, Amsterdam (1998)Google Scholar
  3. 3.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3) (May 1978)Google Scholar
  4. 4.
    Coron, J.-S., Joux, A.: Cryptanalysis of a provably secure cryptographic hash function. Cryptology ePrint Archive (2004), http://eprint.iacr.org/2004/013/
  5. 5.
    Dai, W.: Crypto++ library, http://www.eskimo.com/~weidai/
  6. 6.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Gurevich, Y.: Average case completeness. Journal of Computer and System Sciences 42(3), 346–398 (1991)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Joux, A., Granboulan, L.: A practical attack against knapsack based hash functions. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 58–66. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  9. 9.
    Levin, L.: Average case complete problems. SIAM Journal on Computing 15(1), 285–286 (1986)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. In: DSN Prog. Rep., Jet Prop. Lab., California Inst. Technol., Pasadena, CA, January 1978, pp. 114–116 (1978)Google Scholar
  11. 11.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  12. 12.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  13. 13.
    National Insitute of Standards and Technology. FIPS Publication 180: Secure Hash Standard (1993)Google Scholar
  14. 14.
    Niederreiter, H.: Knapsack-type crytosystems and algebraic coding theory. Prob. Contr. Inform. Theory 15(2), 157–166 (1986)MathSciNetGoogle Scholar
  15. 15.
    Preneel, B.: The state of cryptographic hash functions. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 158–182. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  17. 17.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Sendrier, N.: On the security of the McEliece public-key cryptosystem. In: Blaum, M., Farrell, P.G., van Tilborg, H. (eds.) Information, Coding and Mathematics, pp. 141–163. Kluwer, Dordrecht (2002); Proceedings of Workshop honoring Prof. Bob McEliece on his 60th birthdayGoogle Scholar
  19. 19.
    Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions md4 and ripemd. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Wang, X., Yu, H.: How to break md5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Daniel Augot
    • 1
  • Matthieu Finiasz
    • 1
    • 2
  • Nicolas Sendrier
    • 1
  1. 1.Projet Codes, INRIA RocquencourtLe ChesnayFrance
  2. 2.LASECÉcole Polytechnique Fédérale de Lausanne (EPFL)LausanneSwitzerland

Personalised recommendations