The Hash Function Family LAKE

  • Jean-Philippe Aumasson
  • Willi Meier
  • Raphael C. -W. Phan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)


This paper advocates a new hash function family based on the HAIFA framework, inheriting built-in randomized hashing and higher security guarantees than the Merkle-Damgård construction against generic attacks. The family has as its special design features: a nested feedforward mechanism and an internal wide-pipe construction within the compression function. As examples, we give two proposed instances that compute 256- and 512-bit digests, with a 8- and 10-round compression function respectively.


Hash function HAIFA Randomized hashing Salt Wide-pipe 


  1. 1.
    Andreeva, E., Neven, G., Preneel, B., Shrimpton, T.: Seven-properties-preserving iterated hashing: The RMC construction. Technical Report STVL4-KUL15-RMC-1.0, ECRYPT (2006)Google Scholar
  2. 2.
    Andreeva, E., Neven, G., Preneel, B., Shrimpton, T.: Seven-property-preserving iterated hashing: ROX. In: Kurosawa [21], pp. 130–146Google Scholar
  3. 3.
    Barreto, P., Rijmen, V.: The Whirlpool hashing function. In: First Open NESSIE Workshop (2000)Google Scholar
  4. 4.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: The case of hashing and signing. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, Chen [22], pp. 299–314Google Scholar
  6. 6.
    Bernstein, D.J.: The cpucycles library,
  7. 7.
    Bernstein, D.J.: Salsa20. Technical Report 2005/25, ECRYPT eSTREAM, 2005 (2005),
  8. 8.
    Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. Cryptology ePrint Archive, Report 2007/278, 2007. In: The second NIST Hash Function Workshop (2006)Google Scholar
  9. 9.
    Biryukov, A. (ed.): FSE 2007. LNCS, vol. 4593. Springer, Heidelberg (2007)Google Scholar
  10. 10.
    De Cannière, C., Rechberger, C.: Finding SHA-1 characteristics: General results and applications. In: Lai, Chen [22], pp. 1–20Google Scholar
  11. 11.
    Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk [20], pp. 56–71Google Scholar
  12. 12.
    Devine, C.: XySSL,
  13. 13.
    Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD. In: FSE 1996. LNCS, vol. 1039, pp. 71–82. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Englund, H., Johansson, T., Turan, M.S.: A framework for chosen IV statistical analysis of stream ciphers. In: Special ECRYPT Workshop – Tools for Cryptanalysis (2007),
  15. 15.
    Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Hellman, M.: A cryptanalytic time-memory tradeoff. IEEE Transactions on Information Theory 26, 401–406 (1980)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Hong, D., Chang, D., Sung, J., Lee, S., Hong, S., Lee, J., Moon, D., Chee, S.: A new dedicated 256-bit hash function: FORK-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 195–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Knudsen, L.R.: SMASH - a cryptographic hash function. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 228–242. Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl hash functions. In: Biryukov [9], pp. 39–57,
  20. 20.
    Krawczyk, H. (ed.): CRYPTO 1998. LNCS, vol. 1462. Springer, Heidelberg (1998)MATHGoogle Scholar
  21. 21.
    Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007)MATHGoogle Scholar
  22. 22.
    Lai, X., Chen, K. (eds.): ASIACRYPT 2006. LNCS, vol. 4284. Springer, Heidelberg (2006)MATHGoogle Scholar
  23. 23.
    Lucks, S.: Design principles for iterated hash functions. Cryptology ePrint Archive, Report 2004/253 (2004)Google Scholar
  24. 24.
    Lucks, S.: A failure-friendly design principle for hash functions. In: Roy, B.K. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Matusiewicz, K., Peyrin, T., Billet, O., Contini, S., Pieprzyk, J.: Cryptanalysis of FORK-256. In: Biryukov [9], pp. 19–38,
  26. 26.
    Mendel, F., Rechberger, C., Schläffer, M.: Collisions for round-reduced LAKE (submitted, 2008)Google Scholar
  27. 27.
    Mendel, F., Rijmen, V.: Cryptanalysis of the Tiger hash function. In: Kurosawa [21], pp. 536–550.Google Scholar
  28. 28.
    Naor, M., Reingold, O.: From unpredictability to indistinguishability: A simple construction of pseudo-random functions from MACs (extended abstract). In: Krawczyk [20], pp. 267–282Google Scholar
  29. 29.
    NIST. FIPS 180-2 secure hash standard (2002)Google Scholar
  30. 30.
    NIST. Cryptographic hash project (2007),
  31. 31.
    O’Neil, S.: Algebraic structure defectoscopy ,
  32. 32.
    O’Neil, S.: Algebraic structure defectoscopy. In: Special ECRYPT Workshop – Tools for Cryptanalysis (2007),
  33. 33.
    Pal, P., Sarkar, P.: PARSHA-256 - a new parallelizable hash function and a multithreaded implementation. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 347–361. Springer, Heidelberg (2003)Google Scholar
  34. 34.
    Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa [21], pp. 551–567.Google Scholar
  35. 35.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Breaking a new hash function design strategy called SMASH. In: Preneel, B., Tavares, S.E. (eds.) SAC 2005. LNCS, vol. 3897, pp. 233–244. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  36. 36.
    Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search? Application to DES (extended summary). In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 429–434. Springer, Heidelberg (1990)Google Scholar
  37. 37.
    Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: The Twofish Encryption Algorithm. Wiley, Chichester (1999)Google Scholar
  38. 38.
    Sedgewick, R., Szymanski, T.G., Yao, A.C.-C.: The complexity of finding cycles in periodic functions. SIAM Journal of Computing 11(2), 376–390 (1982)MATHCrossRefMathSciNetGoogle Scholar
  39. 39.
    Wheeler, D.J., Needham, R.M.: TEA, a tiny encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)Google Scholar
  40. 40.
    Whiting, D., Schneier, B., Lucks, S., Muller, F.: Phelix - fast encryption and authentication in a single cryptographic primitive. Technical Report 2005/20, ECRYPT eSTREAM (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Willi Meier
    • 1
  • Raphael C. -W. Phan
    • 2
  1. 1.FHNWWindischSwitzerland
  2. 2.Electronic & Electrical EngineeringLoughborough UniversityUnited Kingdom

Personalised recommendations