New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru

  • Eli Biham
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)

Abstract

In 1989–1990, two new hash functions were presented, Snefru and MD4. Snefru was soon broken by the newly introduced differential cryptanalysis, while MD4 remained unbroken for several more years. As a result, newer functions based on MD4, e.g., MD5 and SHA-1, became the de-facto and international standards. Following recent techniques of differential cryptanalysis for hash function, today we know that MD4 is even weaker than Snefru. In this paper we apply recent differential cryptanalysis techniques to Snefru, and devise new techniques that improve the attacks on Snefru further, including using generic attacks with differential cryptanalysis, and using virtual messages with second preimage attacks for finding preimages. Our results reduce the memory requirements of prior attacks to a negligible memory, and present a preimage of 2-pass Snefru. Finally, some observations on the padding schemes of Snefru and MD4 are discussed.

References

  1. 1.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)MATHGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer (extended abstract). In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 156–171. Springer, Heidelberg (1992)Google Scholar
  3. 3.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  4. 4.
    Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, 3rd edn., vol. 2. Addison-Wesley, Reading (1997)Google Scholar
  5. 5.
    Merkle, R.C.: Secrecy, Authentication, and Public Key Systems. UMI Research press (1982)Google Scholar
  6. 6.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Merkle, R.C.: A Fast Software One-Way Hash Function. Journal of Cryptology 3(1), 43–58 (1990)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    National Institute of Standards and Technology, Secure Hash Standard, U.S. Department of Commerce, FIPS pub. 180-1 (April 1995)Google Scholar
  9. 9.
    Nivasch, G.: Cycle Detection using a Stack. Information Processing Letters 90(3), 135–140 (2004)CrossRefMathSciNetGoogle Scholar
  10. 10.
    van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Applications to Hash Functions and Discrete Logarithms. In: Proceedings of 2nd ACM Conference on Computer and Communications Security, pp. 210–218. ACM Press, New York (1994)CrossRefGoogle Scholar
  11. 11.
    Pollard, J.M.: A Monte Carlo method for factorization. BIT Numerical Mathematics 15(3), 331–334 (1975)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Quisquater, J.-J., Delescaille, J.-P.: How Easy is Collision Search? Application to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 429–434. Springer, Heidelberg (1990)Google Scholar
  13. 13.
    Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Rivest, R.L.: The MD5 Message Digest Algorithm, Internet Request for Comments, RFC 1321 (April 1992)Google Scholar
  15. 15.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Eli Biham
    • 1
  1. 1.Computer Science DepartmentTechnion – Israel Institute of TechnologyHaifaIsrael

Personalised recommendations