Cryptanalysis of the Full HAVAL with 4 and 5 Passes

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)


HAVAL is a cryptographic hash function with variable digest size proposed by Zheng, Pieprzyk and Seberry in 1992. It has three variants, 3-, 4-, and 5-pass HAVAL. Previous results on HAVAL suggested only practical collision attacks for 3-pass HAVAL. In this paper, we present collision attacks for 4 and 5 pass HAVAL. For 4-pass HAVAL, we describe two practical attacks for finding 2-block collisions, one with 243 computations and the other with 236 computations. In addition, we show that collisions for 5-pass HAVAL can be found with about 2123 computations, which is the first attack more efficient than the birthday attack.


Hash function collision differential path message modification 


  1. 1.
    Rompay, B.V., Biryukov, A., Preneel, B., Vandewalle, J.: Cryptanalysis of 3-Pass HAVAL. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 228–245. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Yoshida, H., Biryukov, A., Canniere, C.D., Lano, J., Preneel, B.: Non-randomness of the Full 4 and 5-Pass HAVAL. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 324–336. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Rivest, R.L.: The MD5 Message-Digest Algorithm, Request for Comments(RFC 1320), Internet Activities Board, Internet Privacy Task Force (1992)Google Scholar
  5. 5.
    Wang, X.Y., Feng, D., Yu, X.: An attack on Hash Function HAVAL-128. Science in China Ser. F. Information Sciences 48(5), 545–556 (2005)zbMATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    Wang, X.Y., Lai, X.J., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Wang, X.Y., Yu, H.B.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Wang, X.Y., Yu, H.B., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Wang, X.Y., Yin, Y.L., Yu, H.B.: Finding collisions on the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Wang, X.Y.: The Collision attack on SHA-0, in Chinese (1997) (to appear),
  11. 11.
    Zheng, Y., Pieprzyk, J., Seberry, J.: HAVAL — A One-way Hashing Algorithm with Variable Length of Output. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 83–104. Springer, Heidelberg (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Shandong UniversityJinanChina
  2. 2.Shandong University and Tsinghua UniversityChina
  3. 3.National Security Research InstituteDaejeonKorea

Personalised recommendations