Generalized Iterated Hash Fuctions Revisited: New Complexity Bounds for Multicollision Attacks

  • Tuomas Kortelainen
  • Ari Vesanen
  • Juha Kortelainen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)


We study the complexity of multicollision attacks on generalized iterated hash functions. In 2004 A. Joux showed that the size of a multicollision on any iterated hash function can be increased exponentially while the amount of work (or, equivalently, the length of the collision messages) grows only linearly. In Joux’s considerations it was essential that each message block was used only once when computing the hash value. In 2005 M. Nandi and D. Stinson generalized Joux’s method to iterated hash functions where each message block could be employed at most twice and in an arbitrary order. In the following year J. Hoch and A. Shamir further extended Joux’s ideas, this time to so called ICE hash functions that scan the input message any fixed number of times in an arbitrary order. It was proved that by increasing the work polynomially, exponentially large multicollision sets could be created. The informal attack algorithm of Hoch and Shamir was more rigorously described in [8] where also the amount of work of the attack algorithm (and, as well, the length of the multicollision messages) was more precisely evaluated. In [10] new combinatorial results were proved which allowed a considerably more efficient collision set construction. In this paper we introduce a new set of tools for the combinatorial analysis of long words in which the number of occurrences of any symbol is restricted by a fixed constant. By applying these tools we are able to further shorten the length of the collison messages in an any fixed size collision set leading to a good deal smaller attack complexity. Finally, we study the structure of efficient rules for compression in bounded generalized iterated hash functions (called ICE hash functions in [4]).


Hash Function Random Oracle Security Property Compression Function Message Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  3. 3.
    Dobbertin, H.: Cryptanalysis of MD4. Journal of Cryptology 11(4), 253–271 (1998)zbMATHCrossRefGoogle Scholar
  4. 4.
    Hoch, J.J., Shamir, A.: Breaking the ICE - Finding Multicollisions in Iterated Concatenated and Expanded (ICE) Hash Functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 179–194. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Klima, V.: Finding MD5 collisions on a notebook PC using multi-message modifications, Cryptology ePrint Archive, Report 2005/102 (2005),
  7. 7.
    Klima, V.: Huge multicollisions and multipreimages of hash functions BLENDER-n, Cryptology ePrint Archive, Report 2009/006 (2009),
  8. 8.
    Kortelainen, J., Halunen, K., Kortelainen, T.: Multicollision Attacks and Generalized Iterated Hash Functions. J. Math. Cryptol. 4, 239–270 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Kortelainen, J., Kortelainen, T., Vesanen, A.: Unavoidable Regularities in Long Words with Bounded Number of Symbol Occurrences. In: Fu, B., Du, D.-Z. (eds.) COCOON 2011. LNCS, vol. 6842, pp. 519–530. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Kortelainen, J., Kortelainen, T., Vesanen, A.: Unavoidable regularities in long words with bounded number of symbol occurrences. J. Comp. Optim. (in print)Google Scholar
  11. 11.
    Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Nandi, M., Stinson, D.: Multicollision attacks on some generalized sequential hash functions. IEEE Trans. Inform. Theory 53, 759–767 (2007)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Stevens, M.: Fast collision attack on MD5. Cryptology ePrint Archive, Report 2006/104 (2006),
  14. 14.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions, IEICE Transactions 91-A(1), 39–45 (2008)Google Scholar
  15. 15.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  17. 17.
    Yu, H., Wang, X.: Multi-collision Attack on the Compression Functions of MD4 and 3-Pass HAVAL. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 206–226. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tuomas Kortelainen
    • 1
  • Ari Vesanen
    • 2
  • Juha Kortelainen
    • 2
  1. 1.Mathematics Division, Department of Electrical and Information EngineeringUniversity of OuluFinland
  2. 2.Department of Information Processing ScienceUniversity of OuluFinland

Personalised recommendations