Breaking a New Hash Function Design Strategy Called SMASH
We present a collision attack on SMASH. SMASH was proposed as a new hash function design strategy that does not rely on the structure of the MD4 family. The presented attack method allows us to produce almost any desired difference in the chaining variables of the iterated hash function. Due to the absence of a secret key, we are able to construct differences with probability 1. Furthermore, we get only few constraints on the colliding messages, which allows us to construct meaningful collisions. The presented collision attack uses negligible resources and we conjecture that it works for all hash functions built following the design strategy of SMASH.
KeywordsSMASH hash functions cryptanalysis collision
- 9.National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), Available online at: http://www.itl.nist.gov/fipspubs/
- 11.Preneel, B.: Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven (1993)Google Scholar
- 13.Wang, X., Feng, D., Lai, X., Yu, X.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD (August 2004), preprint, available at: http://eprint.iacr.org/2004/199