Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Workshop on Fast Software Encryption

FSE 2012: Fast Software Encryption pp 163–179Cite as

  1. Home
  2. Fast Software Encryption
  3. Conference paper
On the (In)Security of IDEA in Various Hashing Modes

On the (In)Security of IDEA in Various Hashing Modes

  • Lei Wei17,
  • Thomas Peyrin17,
  • Przemysław Sokołowski18,
  • San Ling17,
  • Josef Pieprzyk18 &
  • …
  • Huaxiong Wang17 
  • Conference paper
  • 1697 Accesses

  • 10 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7549)

Abstract

In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

Keywords

  • IDEA
  • block cipher
  • hash function
  • cryptanalysis
  • collision
  • preimage

The first, fourth and sixth authors are supported by the Singapore National Research Foundation under Research Grant NRF-CRP2-2007-03 and the first author is also supported by the Singapore Ministry of Education under Research Grant T206B2204 and by the NTU NAP Startup Grant M58110000. The second author is supported by the Lee Kuan Yew Postdoctoral Fellowship 2011 and the Singapore National Research Foundation Fellowship 2012.

Download conference paper PDF

References

  1. Menezes, A., van Oorschot, P., Vanstone, S.: CRC-Handbook of Applied Cryptography. CRC Press (1996)

    Google Scholar 

  2. Ayaz, E.S., Selçuk, A.A.: Improved DST Cryptanalysis of IDEA. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 1–14. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  3. Biham, E., Dunkelman, O., Keller, N.: New Cryptanalytic Results on IDEA. In: Lai and Chen [25], pp. 412–427

    Google Scholar 

  4. Biham, E., Dunkelman, O., Keller, N.: A New Attack on 6-Round IDEA. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 211–224. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  5. Biham, E., Dunkelman, O., Keller, N., Shamir, A.: New Data-Efficient Attacks on Reduced-Round IDEA. Cryptology ePrint Archive, Report 2011/417 (2011)

    Google Scholar 

  6. Biryukov, A., Nakahara Jr., J., Preneel, B., Vandewalle, J.: New Weak-Key Classes of IDEA. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 315–326. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  7. Black, J.A., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  8. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)

    MATH  Google Scholar 

  9. Chang, D.: Near-Collision Attack and Collision-Attack on Double Block Length Compression Functions based on the Block Cipher IDEA. Cryptology ePrint Archive, Report 2006/478 (2006), http://eprint.iacr.org/

  10. Daemen, J., Govaerts, R., Vandewalle, J.: Weak Keys for IDEA. In: Stinson [37], pp. 224–231

    Google Scholar 

  11. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)

    Google Scholar 

  12. Damgård, I.: A Design Principle for Hash Functions. In: Brassard [8], pp. 416–427

    Google Scholar 

  13. Demirci, H., Selçuk, A.A., Türe, E.: A New Meet-in-the-Middle Attack on the IDEA Block Cipher. In: Matsui and Zuccherato [32], pp. 117–129

    Google Scholar 

  14. den Boer, B., Bosselaers, A.: Collisions for the Compression Function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  15. Dobbertin, H.: Cryptanalysis of MD5 compress. Presented at the Rump Session of EUROCRYPT 1996 (1996)

    Google Scholar 

  16. Fleischmann, E., Gorski, M., Lucks, S.: On the Security of Tandem-DM. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 84–103. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  17. Fleischmann, E., Gorski, M., Lucks, S.: Security of Cyclic Double Block Length Hash Functions including Abreast-DM. Cryptology ePrint Archive, Report 2009/261 (2009), http://eprint.iacr.org/

  18. Hawkes, P.: Differential-Linear Weak Key Classes of IDEA. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 112–126. Springer, Heidelberg (1998)

    CrossRef  Google Scholar 

  19. Hirose, S.: Provably Secure Double-Block-Length Hash Functions in a Black-Box Model. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 330–342. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  20. Hirose, S.: Some Plausible Constructions of Double-Block-Length Hash Functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  21. Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)

    Google Scholar 

  22. Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-Bicliques: Cryptanalysis of Full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392–410. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  23. Klimov, A., Shamir, A.: Cryptographic Applications of T-Functions. In: Matsui and Zuccherato [32], pp. 248–261

    Google Scholar 

  24. Knudsen, L.R., Rijmen, V.: Known-Key Distinguishers for Some Block Ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  25. Lai, X., Chen, K. (eds.): ASIACRYPT 2006. LNCS, vol. 4284. Springer, Heidelberg (2006)

    MATH  Google Scholar 

  26. Lai, X., Massey, J.L.: A Proposal for a New Block Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)

    CrossRef  Google Scholar 

  27. Lai, X., Massey, J.L.: Hash Functions Based on Block Ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)

    CrossRef  Google Scholar 

  28. Lee, J., Kwon, D.: The Security of Abreast-DM in the Ideal Cipher Model. Cryptology ePrint Archive, Report 2009/225 (2009), http://eprint.iacr.org/

  29. Lee, J., Stam, M.: MJH: A Faster Alternative to MDC-2. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 213–236. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  30. Lee, J., Stam, M., Steinberger, J.: The Collision Security of Tandem-DM in the Ideal Cipher Model. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 561–577. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  31. Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)

    CrossRef  MathSciNet  MATH  Google Scholar 

  32. Matsui, M., Zuccherato, R.J. (eds.): SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004)

    Google Scholar 

  33. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard [8], pp. 428–446

    Google Scholar 

  34. Muller, F., Peyrin, T.: Cryptanalysis of T-Function-Based Hash Functions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 267–285. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  35. Peyrin, T., Gilbert, H., Muller, F., Robshaw, M.J.B.: Combining Compression Functions and Block Cipher-Based Hash Functions. In: Lai and Chen [25], pp. 315–331

    Google Scholar 

  36. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson [37], pp. 368–378

    Google Scholar 

  37. Stinson, D.R. (ed.): CRYPTO 1993. LNCS, vol. 773. Springer, Heidelberg (1994)

    MATH  Google Scholar 

  38. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  39. Lai, X.: On the Design and Security of Block Ciphers. Hartung-Gorre Verlag, Konstanz (1992)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

    Lei Wei, Thomas Peyrin, San Ling & Huaxiong Wang

  2. Macquarie University, Australia

    Przemysław Sokołowski & Josef Pieprzyk

Authors
  1. Lei Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Peyrin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Przemysław Sokołowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. San Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Josef Pieprzyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Huaxiong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INRIA Paris-Rocquencourt, B.P. 105, 78153, Le Chesnay, France

    Anne Canteaut

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wei, L., Peyrin, T., Sokołowski, P., Ling, S., Pieprzyk, J., Wang, H. (2012). On the (In)Security of IDEA in Various Hashing Modes. In: Canteaut, A. (eds) Fast Software Encryption. FSE 2012. Lecture Notes in Computer Science, vol 7549. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34047-5_10

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-34047-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34046-8

  • Online ISBN: 978-3-642-34047-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature