F.F.T. Hashing is not Collision-free

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 658)


The FFT Hashing Function proposed by C.P. Schnorr [1] hashes messages of arbitrary length into a 128-bit hash value. In this paper, we show that this function is not collision free, and we give an example of two distinct 256-bit messages with the same hash value. Finding a collision (in fact a large family of, colliding messages) requires approximately 223 partial computations of the hash function, and takes a few hours on a SUN3- workstation, and less than an hour on a SPARC-workstation.

A similar result discovered independently has been announced at the Asiacrypt’91 rump session by Daemen-Bosselaers-Govaerts-Vandewalle [2].

5 References

  1. [1]
    C.P. SCHNORR; FFT-Hashing: An Efficient Cryptographic Hash Function; July 15, 1991 (This paper was presented at the rump session of the CRYPTO’91 Conference, Santa Barbara, August, 11–15, 1991)Google Scholar
  2. [2]
    DAEMEN-BOSSELAERS-GOVAERTS-VANDEWALLE: Announcement made at the rump session of the ASIACRYPT’ 91 Conference, Fujiyoshida, Japan, November 11–14, 1991)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  1. 1.CNET PAA/TSA/SRCIssy Les MoulineauxFrance
  2. 2.SEPT PEMCaenFrance

Personalised recommendations