The Knapsack Hash Function proposed at Crypto’89 can be broken

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 547)


Ivan Damgård [4] suggested at Crypto’89 concrete examples of hash functions among which a knapsack scheme. We will here show that a probabilistic algorithm can break this scheme with a number in the region of 232 computations. That number of operations is feasible in realistic time with modern computers. Thus the proposed hash function is not very secure. Among those computations a substantial number can be performed once for all. A faster result can be obtained since parallelism is easy. Moreover, ways to extend the present algorithm to other knapsacks than the present (256, 128) suggested by Damgård are investigated.


Abelian Group Hash Function Signature Scheme Binary Sequence Probabilistic Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    P. Camion, Can a Fast signature Scheme Without Secret Key be Secure?, in AAECC-2, Lecture Notes in Computer Science no 228, Springer-Verlag.Google Scholar
  2. [2]
    P. Camion and Ph. Goldewski, Manipulation and Errors, Localization and Detection, Proceedings of EuroCrypt’88, Lecture Notes in Computer Science no 330, Springer-Verlag.Google Scholar
  3. [3]
    M. Campana and M. Girault, How to Use Compressed Encoding Mechanisms in Data Protection, Securicom 88, March 15–17, pp. 91–110.Google Scholar
  4. [4]
    D. Dacunha-Castelle and D. Revuz, Recueil de problèmes de calcul des probabilités, Masson et Cie, Paris, 1970.zbMATHGoogle Scholar
  5. [5]
    I. Damgård, Design Principles for Hash Functions, Proceedings of Crypto’89, Springer-Verlag.Google Scholar
  6. [6]
    D.W. Davis and W.L. Price, Security for computer Networks, John Wiley and Sons, Chichester 1984.Google Scholar
  7. [7]
    M. Girault, Hash Functions Using Modulo-n Operations, Proceedings of EuroCrypt’87, Springer-Verlag.Google Scholar
  8. [8]
    J.K. Gibson, Some comments on Damgard’s hashing principle, Electronic letters 19th July 1990, Vol. 26 no 15.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  1. 1.Domaine de Voluceau — RocquencourtINRIALe Chesnay CedexFrance

Personalised recommendations