LFSR-based Hashing and Authentication

  • Hugo Krawczyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 839)


We present simple and efficient hash functions applicable to secure authentication of information. The constructions are mainly intended for message authentication in systems implementing stream cipher encryption and are suitable for other applications as well. The proposed hash functions are implemented through linear feedback shift registers and therefore attractive for hardware applications. As an example, a single 64 bit LFSR will be used to authenticate 1 Gbit of information with a failure probability of less than 2−30. One of the constructions is the cryptographic version of the well known cyclic redundancy codes (CRC); the other is based on Toeplitz hashing where the matrix entries are generated by a LFSR. The later construction achieves essentially the same hashing and authentication strength of a completely random matrix but at a substantially lower cost in randomness, key size and implementation complexity. Of independent interest is our characterization of the properties required from a family of hash functions in order to be secure for authentication when combined with a (secure) stream cipher.


  1. 1.
    Noga Alon, Oded Goldreich, Johan Hastad, and Rene Peralta. Simple constructions of almost k-wise independent random variables. In 31th Annual Symposium on Foundations of Computer Science, St. Louis, Missouri, pages 544–553, October 1990.Google Scholar
  2. 2.
    Bierbrauer J., Johansson T., Kabatianskii G., and Smeets, B., “On Families of Hash Functions via Geometric Codes and Concatenation”, Proc. of Crypto’93, pp. 331–342.Google Scholar
  3. 3.
    Birch, J., Christensen, L.G., and Skov, M., “A programmable 800 Mbit/s CRC check/generator unit for LANs and MANs”, Comp. Networks and ISDN Sys., 1992.Google Scholar
  4. 4.
    Brassard, G., “On computationally secure authentication tags requiring short secret shared keys”, Proc. of Crypto’82, pp.79–86.Google Scholar
  5. 5.
    Carter, J.L. and Wegman, M.N., “Universal Classes of Hash Functions”, JCSS, 18, 1979, pp. 143–154.Google Scholar
  6. 6.
    Desmedt, Y., “Unconditionally secure authentication schemes and practical and theoretical consequences”, Proc. of Crypto’ 85, pp.42–55.Google Scholar
  7. 7.
    Gemmell, P., and Naor, M., “Codes for Interactive Authentication”, Proc. of Crypto’ 93, pp. 355–367.Google Scholar
  8. 8.
    Gilbert, E.N., MacWilliams, F.J., and Sloane, N.J.A., “Codes which detect deception”, Bell Syst. Tech. J., Vol. 53, 1974, pp. 405–424.MathSciNetGoogle Scholar
  9. 9.
    John A Gordon, “Very simple method to find the minimal polynomial of an arbitrary non-zero element of a finite field”, Electronics Letters, Vol. 12, 1976, pp. 663–664.CrossRefMathSciNetGoogle Scholar
  10. 10.
    Johansson T., “A Shift Register Construction of Unconditionally Secure Authentication Codes”, Design, Codes and Cryptography, 4, 1994, pp. 69–81.MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Johansson T., Kabatianskii G., and Smeets, B., “On the Relation Between A-Codes and Codes Correcting Independent Errors”, Proc. of Eurocrypt’ 93, pp. 1–11.Google Scholar
  12. 12.
    Lai, X., Rueppel, R.A., and Woollven, J., “A Fast Cryptographic Checksum Algorithm Based on Stream Ciphers”, Auscrypt’ 92, pp. 339–348.Google Scholar
  13. 13.
    Lidl, R., and Niederreiter, H., “Finite Fields”, in Encyclopedia of Mathematics and Its Applications, Vol. 20, Reading, MA: Addison-Wesley, 1983.Google Scholar
  14. 14.
    Mansour, Y., Nisan, N., and Tiwari, P., “The Computational Complexity of Universal Hashing”, STOC’ 90, pp. 235–243.Google Scholar
  15. 15.
    Joseph Naor and Moni Naor. Small bias probability spaces: efficient construction and applications. In Proceedings of the 22 nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, pages 213–223, May 1990.Google Scholar
  16. 16.
    Rabin, M.O., “Fingerprinting by Random Polynomials”, Tech. Rep. TR-15-81, Center for Research in Computing Technology, Harvard Univ., Cambridge, Mass., 1981.Google Scholar
  17. 17.
    Simmons, G.J., “Authentication theory/coding theory”, Proc. of Crypto’ 84, 411–431.Google Scholar
  18. 18.
    Simmons, G.J., “A Survey of Information Authentication”, in Gustavos J. Simmons, editor, Contemporary Cryptology, The Science of Information, IEEE Press, 1992.Google Scholar
  19. 19.
    Stinson, D.R., “Universal hashing and authentication codes”, Proc. of Crypto’ 91, pp. 74–85.Google Scholar
  20. 20.
    Taylor, R., “An integrity check value algorithm for stream ciphers”, Proc. of Crypto’93, pp. 40–48.Google Scholar
  21. 21.
    Wegman, M.N., and Carter, J.L., “New Hash Functions and Their Use in Authentication and Set Equality”, JCSS, 22, 1981, pp. 265–279.MATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Hugo Krawczyk
    • 1
  1. 1.IBM T.J. Watson Research CenterYorktown Heights

Personalised recommendations