Characterizing Padding Rules of MD Hash Functions Preserving Collision Security

  • Mridul Nandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5594)


This paper characterizes collision preserving padding rules and provides variants of Merkle-Damgård (MD) which are having less or no overhead costs due to length. We first show that suffix-free property of padding rule is necessary as well as sufficient to preserve the collision security of MD hash function for an arbitrary domain {0,1}*. Knowing this, we propose a simple suffix-free padding rule padding only log|M| bits for a message M, which is less than that of Damgard’s and Sarkar’s padding rules. We also prove that the length-padding is not absolutely necessary. We show that a simple variant of MD with 10 d -padding (or any injective padding) is collision resistant provided that the underlying compression function is collision resistant after chopping the last-bit. Finally, we design another variant of MD hash function preserving all three basic security notions of hash functions, namely collision and (2nd) preimage, which is an improvement over a recently designed (SAC-08) three-property preserving hash function.


MD hash function padding rule suffix-free collision resistant 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andreeva, E., Preneel, B.: A Three-Property-Preserving Hash Function. To appear in: Selected Areas in Cryptography (2008)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Introduction to Modern Cryptography,
  4. 4.
    Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  6. 6.
    Damgård, I.B.: Collision Free Hash Functions and Public Key Signature Schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  7. 7.
    Gibson, J.K.: Discrete logarithm hash function that is collision free and one-way. IEE Proceedings-E 138, 407–410 (1991)Google Scholar
  8. 8.
    Don., B.J.: Improving Hash Function Padding. NIST hash workshop (2005),
  9. 9.
    Kelsey, J., Schneier, B.: Second Preimages on n-bit Hash Functions for Much Less than 2n Work. Cryptology ePrint Archive (2004),
  10. 10.
    Merkle, R.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, pp. 33–43. ACM Press, New York (1989)Google Scholar
  12. 12.
    NIST/NSA. FIPS 180-2 Secure Hash Standard (August 2002),
  13. 13.
    Rogaway, P.: Formalizing Human Ignorance: Collision-Resistant Hashing without the Keys. Eprint archive (2006),
  14. 14.
    Rogaway, P., Shrimpton, T.: Cryptographic Hash Function Basics: Definitions, Implications, and Separations for Pre-image Resistance, Second Pre-image Resistance, and Collision Resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Sarkar, P.: Domain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgard Iteration. Discrete Applied Mathematics 157(5), 1086–1097 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. CRC Press, Inc., Boca RatonGoogle Scholar
  17. 17.
    Stinson, D.R.: Some observations on the theory of cryptographic hash functions. ePrint Archive Report (2001),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mridul Nandi
    • 1
  1. 1.National Institute of Standards and TechnologyUSA

Personalised recommendations