Full Cryptanalysis of LPS and Morgenstern Hash Functions

  • Christophe Petit
  • Kristin Lauter
  • Jean-Jacques Quisquater
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zémor and Tillich [17], but it was not clear whether computing preimages was also easy for this hash function. We present a probabilistic polynomial time algorithm solving this problem. Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. Our attacks build upon the ideas of Zémor and Tillich but are not straightforward extensions of it. Finally, we discuss fixes for the Morgenstern hash function and other applications of our results.


Hash Function Cayley Graph Diagonal Matrice Graph Generator Irreducible Factor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    FIPS 180-2 secure hash standardGoogle Scholar
  3. 3.
    Charles, D.X., Goren, E.Z., Lauter, K.E.: Cryptographic hash functions from expander graphs. Journal of Cryptology (to appear)Google Scholar
  4. 4.
    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an efficient and provable collision-resistant hash function. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 165–182. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Flajolet, P., Soria, M.: Gaussian limiting distributions for the number of components in combinatorial structures. J. Comb. Theory Ser. A 53(2), 165–182 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Hoory, S., Linial, N., Wigderson, A.: Expander graphs and their applications. Bull. Amer. Math. Soc. 43, 439–561 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Lubotzky, A., Phillips, R., Sarnak, P.: Ramanujan graphs. Combinatorica 8, 261–277 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: Provably secure FFT hashing. In: NIST 2nd Cryptogaphic Hash Workshop (2006)Google Scholar
  9. 9.
    Morgenstern, M.: Existence and explicit construction of q + 1 regular Ramanujan graphs for every prime power q. Journal of Combinatorial Theory B 62, 44–62 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Petit, C., Lauter, K.E., Quisquater, J.-J.: Full cryptanalysis of LPS and Morgenstern hash functions. Cryptology ePrint Archive, Report 2008/173 (2008),
  11. 11.
    Petit, C., Lauter, K.E., Quisquater, J.-J.: Cayley hashes: A class of efficient graph-based hash functions (preprint, 2007)Google Scholar
  12. 12.
    Shoup, V.: On the deterministic complexity of factoring polynomials over finite fields. Inf. Process. Lett. 33(5), 261–267 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Tillich, J.-P., Zémor, G.: Hashing with SL 2. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 40–49. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Tillich, J.-P., Zémor, G.: Group-theoretic hash functions. In: Cohen, G., Lobstein, A., Zémor, G., Litsyn, S.N. (eds.) Algebraic Coding 1993. LNCS, vol. 781, pp. 90–110. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Zémor, G.: Hash functions and Cayley graphs. Des. Codes Cryptography 4(4), 381–394 (1994)zbMATHCrossRefGoogle Scholar
  17. 17.
    Zémor, G., Tillich, J.-P.: Collisions for the LPS expander graph hash function. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Christophe Petit
    • 1
  • Kristin Lauter
    • 2
  • Jean-Jacques Quisquater
    • 1
  1. 1.UCL Crypto Group 
  2. 2.Microsoft Research 

Personalised recommendations