Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC’98

  • Donghoon Chang
  • Jaechul Sung
  • Soohak Sung
  • Sangjin Lee
  • Jongin Lim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


Shin et al. [4] proposed a new hash function with 160-bit output length at PKC’98. Recently, at FSE 2002, Han et al. [5] cryptanalyzed the hash function proposed at PKC’98 and suggested a method finding a collision pair with probability 2-30, supposing that boolean functions satisfy the SAC(Strict Avalanche Criterion). This paper improves their attack and shows that we can find a collision pair from the original version of the hash function with probability 2-37.13 through the improved method. Furthermore we point out a weakness of the function comes from shift values dependent on message.


Boolean Function Hash Function Original Version Compression Function Attack Probability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    F. Chabaud and A. Joux, Differential Collisions in SHA-0, Advances in CRYPTO’98, LNCS 1462, Springer-Verlag, 1998, pp. 56–71.zbMATHGoogle Scholar
  2. 2.
    H. Dobbertin, Cryptanalysis of MD4, Fast Software Encryption, LNCS 1039, Springer-Verlag,1996, pp. 53–69.CrossRefGoogle Scholar
  3. 3.
    H. Dobbertin, Cryptanalysis of MD5 Compress, May. 1996.
  4. 4.
    Sanguk Shin, Kyunghyune Rhee, Daehyun Ryu, Sangjin Lee, A New Hash Function Based on MDx-family and Its Application to MAC, Public Key Cryptography’98, pp. 234–246. 1998.Google Scholar
  5. 5.
    Daewan Han, Sangwoo Park, Seongtaek Chee, Cryptanalysis of a Hash Function Proposed at PKC’98, Fast Software Encryption 2002, LNCS 2365, pp. 252–262.CrossRefGoogle Scholar
  6. 6.
    P.R. Kasselman and W.T. Penzhorn, Cryptanalysis of reduced version of HAVAL, Electronics Letters 6th January 2000 Vol.36 No.1, pp. 30–31.CrossRefGoogle Scholar
  7. 7.
    S.W. Park, S.H. Sung, S.T. Chee, J.I. Lim, On the Security of Reduced Versions of 3-Pass HAVAL, ACISP 2002, LNCS 2384, pp. 406–419.Google Scholar
  8. 8.
    R. Rivest, The MD4 message digest algorithm, RFC 1320, Internet Activities Board, Internet Privacy Task Force, Apr. 1992.Google Scholar
  9. 9.
    R. Rivest, The MD5 message digest algorithm, RFC 1321, Internet Activities Board, Internet Privacy Task Force, Apr. 1992.Google Scholar
  10. 11.
    Y. Zheng, J. Pieprzyk and J. Sebberry, HAVAL-A one-way hashing algorithm with variable length of output, Advances in Cryptology-Auscrypt’92, LNCS 718, Springer-Verlag, 1993, pp. 83–104.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Donghoon Chang
    • 1
  • Jaechul Sung
    • 2
  • Soohak Sung
    • 3
  • Sangjin Lee
    • 1
  • Jongin Lim
    • 1
  1. 1.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.Korea Information Security Agency(KISA)SeoulKorea
  3. 3.Paichai UniversityDaejeonKorea

Personalised recommendations