New attacks on all double block length hash functions of hash rate 1, including the Parallel-DM

  • Lars R. Knudsen
  • Xuejia Lai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)


In this paper attacks on double block length hash functions using a block cipher are considered. We present attacks on all double block length hash functions of hash rate 1, that is, hash functions where in each round the block cipher is used twice, s.t. one encryption is needed per message block. In particular, our attacks break the Parallel-DM presented at Crypto'93[3].


  1. 1.
    L. Brown, J. Pieprzyk and J. Seberry, “LOKI — A Cryptographic Primitive for Authentication and Secrecy Applications”, Advances in Cryptology — AUSCRYPT'90, Proceedings, LNCS 453, pp. 229–236, Springer-Verlag, 1990.Google Scholar
  2. 2.
    I. B. Damgaard, “A Design Principle for Hash Functions”, Advances in Cryptology — CRYPTO'89, LNCS 435, pp. 416–427, Springer-Verlag, 1990.Google Scholar
  3. 3.
    W. Hohl, X. Lai, T. Meier and C. Waldvogel, “Security of Iterated Hash Function Based on Block Ciphers”, Advances in Cryptology — CRYPTO'93 Proceedings, pp. 379–390, LNCS 773, Springer Verlag, 1994.Google Scholar
  4. 4.
    ISO/IEC 10118, Information technology — Security techniques — Hash-functions, Part 2:Hash-functions using an n-bit block cipher, I.S.O., 1994.Google Scholar
  5. 5.
    X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information Processing (Edt: J. L. Massey), Vol. 1, Hartung-Gorre Verlag, Konstanz, 1992.Google Scholar
  6. 6.
    X. Lai and L. Knudsen “Attacks on Double Block Length Hash Functions” To appear in the proceedings from The Algortihm Workshop, Cambridge, U.K., Dec. 1993.Google Scholar
  7. 7.
    X. Lai and J.L. Massey, “Hash Functions Based on Block Ciphers”, Advances in Cryptology — EUROCRYPT'92 Proceedings, pp. 55–70, LNCS 658, Springer Verlag, 1993.Google Scholar
  8. 8.
    C. H. Meyer and M. Schilling, “Secure Program Code with Modification Detection Code”, Proceedings of SECURICOM 88, pp. 111–130, SEDEP.8, Rue de la Michodies, 75002, Paris, France.Google Scholar
  9. 9.
    B. Preneel, A. Bosselaers, R. Govaerts and J. Vandewalle, “Collisionfree Hashfunctions Based on Blockcipher Algorithms”, Proceedings of 1989 International Carnahan Conference on Security Technology, pp. 203–210, 1989.Google Scholar
  10. 10.
    B. Preneel, Analysis and Design of Cryptographic Hash Hashfunctions, Ph.D thesis, Katholieke Universiteit Leuven, Belgium, January 1993.Google Scholar
  11. 11.
    B. Preneel, ”Hash functions based on block ciphers: A synthetic approach”, Advances in Cryptology — Proceedings of Crypto'93, pp. 368–378, LNCS 773, Springer Verlag, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  • Xuejia Lai
    • 2
  1. 1.Aarhus UniversityDenmark
  2. 2.R3 Security EngineeringAathalSwitzerland

Personalised recommendations