Advertisement

Provably Good Codes for Hash Function Design

  • Charanjit S. Jutla
  • Anindya C. Patthak
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)

Abstract

We develop a new technique to lower bound the minimum distance of quasi-cyclic codes with large dimension by reducing the problem to lower bounding the minimum distance of a few significantly smaller dimensional codes. Using this technique, we prove that a code which is similar to the SHA-1 message expansion code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respectively). We expect our technique to be helpful in designing future practical collision-resistant hash functions. We also use the technique to find the minimum weight of the SHA-1 code (25 in the last 60 words), which was an open problem.

Keywords

linear codes minimum distance collision-resistant hash functions SHA-1 

References

  1. 1.
    Biham, E., Chen, R.: Near collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Biham, E., Chen, R.: New results on SHA-0 and SHA-1. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Chepyzhov, V.V.: New lower bounds for minimum distance of linear quasi-cyclic and almost linear cyclic codes. Problems of information Transmission 28(1) (1992)Google Scholar
  5. 5.
    Dumer, I., Micciancio, D., Sudan, M.: Hardness of approximating the minimum distance of a linear code. IEEE Transaction on Information Theory 49(1) (2003)Google Scholar
  6. 6.
    Jutla, C.S., Patthak, A.C.: A Matching Lower Bound on the Minimum Weight of SHA-1 Expansion Code. Cryptology ePrint Archive, Report 2005/266 (2005), http://eprint.iacr.org/
  7. 7.
    Kasami, T., Lin, S., Peterson, W.W.: New Generalization of the Reed-Muller Codes Part I: Primitive Codes. IEEE Transactions on Information Theory IT-14(2), 189–199 (1968)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Lally, K.: Quasicyclic codes of index ℓ over \({\mathbb F}_q\) Viewed as \({\mathbb F}_q[x]\)-submodules of \({\mathbb F}_{q^l}[x]/\langle{x^m-1}\rangle\). In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) Applied Algebra, Algebraic Algorithms and Error-Correcting Codes. LNCS, vol. 2643, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Ling, S., Solé, P.: Structure of quasi-clcyic codes III: Generator theory. In: IEEE Transaction on Information Theory (2005)Google Scholar
  10. 10.
    Matusiewicz, K., Pieprzyk, J.: Finding good differential patterns for attacks on SHA-1. In: International Workshop on Coding and Cryptography (2005)Google Scholar
  11. 11.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Rivest, R.: RFC1321: The MD5 message-digest algorithm. In: Internet Activities Board (1992)Google Scholar
  13. 13.
    Townsend, R.L., Weldon, E.J.: Self-orthogonal quasi-cyclic codes. IEEE Transaction on Information Theory (1967)Google Scholar
  14. 14.
    United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180. Secure Hash Standard (1993)Google Scholar
  15. 15.
    United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180-1 (addendum to [14]). Secure Hash Standard (1995)Google Scholar
  16. 16.
    United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180-2. Secure Hash Standard (August 2002)Google Scholar
  17. 17.
    van Lint, J.H.: Introduction to Coding Theory. Springer, Heidelberg (1998)Google Scholar
  18. 18.
    Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Transaction on Information Theory 43(6) (1997)Google Scholar
  19. 19.
    Wang, X., Yao, A., Yao, F.: New collision search for SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks in SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Wang, X., Yu, H., Yin, Y.L.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Wang, X.Y.: The collision attack on SHA-0. In Chinese (1997)Google Scholar
  23. 23.
    Wang, X.Y.: The Improved collision attack on SHA-0. In Chinese (1997), http://www.infosec.edu.cn/
  24. 24.
    Zierler, N.: On a variation of the first-order reed-muller codes. In: M.I.T. Lincoln Lab., Group Report, 34-80, Lexington, Mass (October 1958)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Charanjit S. Jutla
    • 1
  • Anindya C. Patthak
    • 2
  1. 1.IBM Thomas J. Watson Research Center 
  2. 2.University of Texas at Austin 

Personalised recommendations