Hash functions based on block ciphers: a synthetic approach

  • Bart Preneel
  • René Govaerts
  • Joos Vandewalle
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 773)

Abstract

Constructions for hash functions based on a block cipher are studied where the size of the hashcode is equal to the block length of the block cipher and where the key size is approximately equal to the block length. A general model is presented, and it is shown that this model covers 9 schemes that have appeared in the literature. Within this general model 64 possible schemes exist, and it is shown that 12 of these are secure; they can be reduced to 2 classes based on linear transformations of variables. The properties of these 12 schemes with respect to weaknesses of the underlying block cipher are studied. The same approach can be extended to study keyed hash functions (MAC’s) based on block ciphers and hash functions based on modular arithmetic. Finally a new attack is presented on a scheme suggested by R. Merkle..

References

  1. 1.
    S.G. Akl, “On the security of compressed encodings,” Advances in Cryptology, Proc. Crypto’83, D. Chaum, Ed., Plenum Press, New York, 1984, pp. 209–230.Google Scholar
  2. 2.
    E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3–72.CrossRefMATHMathSciNetGoogle Scholar
  3. 3.
    L. Brown, J. Pieprzyk, and J. Seberry, “LOKI — a cryptographic primitive for authentication and secrecy applications,” Advances in Cryptology, Proc. Auscrypt’90, LNCS 453, J. Seberry and J. Pieprzyk, Eds., Springer-Verlag, 1990, pp. 229–236.CrossRefGoogle Scholar
  4. 4.
    I.B. Damgård, “Collision free hash functions and public key signature schemes,” Advances in Cryptology, Proc. Eurocrypt’87, LNCS 304, D. Chaum and W.L. Price, Eds., Springer-Verlag, 1988, pp. 203–216.Google Scholar
  5. 5.
    I.B. Damgård, “A design principle for hash functions,” Advances in Cryptology, Proc. Crypto’89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416–427.CrossRefGoogle Scholar
  6. 6.
    D. Davies and W. L. Price, “The application of digital signatures based on public key cryptosystems,” NPL Report DNACS 39/80, December 1980.Google Scholar
  7. 7.
    D. Davies, “Applying the RSA digital signature to electronic mail,” IEEE Computer, Vol. 16, February 1983, pp. 55–62.Google Scholar
  8. 8.
    D. Davies and W. L. Price, “Digital signatures, an update,” Proc. 5th International Conference on Computer Communication, October 1984, pp. 845–849.Google Scholar
  9. 9.
    D. Denning, “Digital signatures with RSA and other public-key cryptosystems,” Communications ACM, Vol. 27, April 1984, pp. 388–392.CrossRefMathSciNetGoogle Scholar
  10. 10.
    FIPS 46, “Data Encryption Standard,” Federal Information Processing Standard, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., January 1977.Google Scholar
  11. 11.
    FIPS 81, “DES Modes of operation,” Federal Information Processing Standard, National Bureau of Standards, US Department of Commerce, Washington D.C., December 1980.Google Scholar
  12. 12.
    M. Girault, “Hash-functions using modulo-n operations,” Advances in Cryptology, Proc. Eurocrypt’87, LNCS 304, D. Chaum and W.L. Price, Eds., Springer-Verlag, 1988, pp. 217–226.Google Scholar
  13. 13.
    ISO/IEC 9797, “Information technology-Data cryptographic techniques-Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm,” 1993.Google Scholar
  14. 14.
    ISO/IEC 10116, “Information technology-Security techniques-Modes of operation of an n-bit block cipher algorithm,” 1991.Google Scholar
  15. 15.
    “Hash functions using a pseudo random algorithm,” ISO-IEC/JTC1/SC27/WG2 N98, Japanese contribution, 1991.Google Scholar
  16. 16.
    ISO/IEC 10118, “Information technology-Security techniques-Hash-functions-Part 1: General and Part 2: Hash-functions using an n-bit block cipher algorithm,” 1993.Google Scholar
  17. 17.
    X. Lai and J.L. Massey “Hash functions based on block ciphers,” Advances in Cryptology, Proc. Eurocrypt’92, LNCS 658, R.A. Rueppel, Ed., Springer-Verlag, 1993, pp. 55–70.Google Scholar
  18. 18.
    S.M. Matyas, C.H. Meyer, and J. Oseas, “Generating strong one-way functions with cryptographic algorithm,” IBM Techn. Disclosure Bull., Vol. 27, No. 10A, 1985, pp. 5658–5659.Google Scholar
  19. 19.
    R. Merkle, “Secrecy, Authentication, and Public Key Systems,” UMI Research Press, 1979.Google Scholar
  20. 20.
    R. Merkle, “One way hash functions and DES,” Advances in Cryptology, Proc. Crypto’89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 428–446.CrossRefGoogle Scholar
  21. 21.
    R. Merkle, “A fast software one-way hash function,” Journal of Cryptology, Vol. 3, No. 1, 1990, pp. 43–58.CrossRefMATHMathSciNetGoogle Scholar
  22. 22.
    C.H. Meyer and M. Schilling, “Secure program load with Manipulation Detection Code,” Proc. Securicom 1988, pp. 111–130.Google Scholar
  23. 23.
    C. Mitchell, F. Piper, and P. Wild, “Digital signatures,” in “Contemporary Cryptology: The Science of Information Integrity,” G.J. Simmons, Ed., IEEE Press, 1991, pp. 325–378.Google Scholar
  24. 24.
    S. Miyaguchi, M. Iwata, and K. Ohta, “New 128-bit hash function,” Proc. 4th International Joint Workshop on Computer Communications, Tokyo, Japan, July 13–15, 1989, pp. 279–288.Google Scholar
  25. 25.
    S. Miyaguchi, K. Ohta, and M. Iwata, “Confirmation that some hash functions are not collision free,” Advances in Cryptology, Proc. Eurocrypt’90, LNCS 473, I.B. Damgård, Ed., Springer-Verlag, 1991, pp. 326–343.Google Scholar
  26. 26.
    B. Preneel, R. Govaerts, and J. Vandewalle, “On the power of memory in the design of collision resistant hash functions,” Advances in Cryptology, Proc. Auscrypt’92, LNCS 718, J. Seberry and Y. Zheng, Eds., Springer-Verlag, 1993, pp. 105–121Google Scholar
  27. 27.
    B. Preneel, “Cryptographic hash functions,” Kluwer Academic Publishers, 1994.Google Scholar
  28. 28.
    M.O. Rabin, “Digitalized signatures,” in “Foundations of Secure Computation,” R. Lipton and R. DeMillo, Eds., Academic Press, New York, 1978, pp. 155–166.Google Scholar
  29. 29.
    R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proc. Crypto’90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.Google Scholar
  30. 30.
    K. Van Espen and J. Van Mieghem, “Evaluatie en Implementatie van Authentiseringsalgoritmen (Evaluation and Implementation of Authentication Algorithms — in Dutch),” ESAT Laboratorium, Katholieke Universiteit Leuven, Thesis grad. eng., 1989.Google Scholar
  31. 31.
    R.S. Winternitz, “Producing a one-way hash function from DES,” Advances in Cryptology, Proc. Crypto’83, D. Chaum, Ed., Plenum Press, New York, 1984, pp. 203–207.Google Scholar
  32. 32.
    R.S. Winternitz, “A secure one-way hash function built from DES,” Proc. IEEE Symposium on Information Security and Privacy 1984, 1984, pp. 88–90.Google Scholar
  33. 33.
    G. Yuval, “How to swindle Rabin,” Cryptologia, Vol. 3, 1979, pp. 187–189.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Bart Preneel
    • 1
  • René Govaerts
    • 1
  • Joos Vandewalle
    • 1
  1. 1.Laboratorium ESAT-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations