Rotation-symmetric functions and fast hashing

  • Josef Pieprzyk
  • Cheng Xin Qu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1438)


Efficient hashing is a centerpiece of modern cryptography. The progress in computing technology enables us to use 64-bit machines with the promise of 128-bit machines in the near future. To exploit fully the technology for fast hashing, we need to be able to design cryptographically strong Boolean functions in many variables which can be evaluated faster using partial evaluations from the previous rounds. We introduce a new class of Boolean functions whose evaluation is especially efficient and we call them rotation symmetric. Basic cryptographic properties of rotation-symmetric functions are investigated in a broader context of symmetric functions. An algorithm for the design of rotation-symmetric functions is given and two classes of functions are examined. These classes are important from a practical point of view as their forms are short. We show that shortening of rotation-symmetric functions paradoxically leads to more expensive evaluation process.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Antoon Bosselaers, René Govaerts, and Joos Vandewalle. Fast hasing on the Pentium. In L. Koblitz, editor, Advances in Cryptology — CRYPTO'96, pages 298–312. Springer, 1996. Lecture Notes in Computer Science No. 1109.Google Scholar
  2. 2.
    H. Dobbertin. Cryptanalysis of MD4. In Fast Software Encryption, Lecture Notes in Computer Science, Vol. 1039, D.Gollmann (Ed.), pages 71–82. Springer-Verlag, 1996.Google Scholar
  3. 3.
    H. Dobbertin. Cryptanalysis of MD5 compress. Announcement on Internet, May 1996.Google Scholar
  4. 4.
    H. Feistel. Cryptography and computer privacy. Scientific American, 228:15–23, May 1973.CrossRefGoogle Scholar
  5. 5.
    C. Fontaine. The nonlinearity of a class of boolean functions with short representation. In J. Pribyl, editor, Proceedings of PRAGOCRYPT96, pages 129–144. CTU Publishing House, 1996.Google Scholar
  6. 6.
    R. Forré. The strict avalanche criterion: Spectral properties of boolean functions and an extended definition. In S. Goldwasser, editor, Advances in Cryptology — CRYPTO'88, pages 450–468. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.Google Scholar
  7. 7.
    M. Garey and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, 1979.Google Scholar
  8. 8.
    F.J. MacWilliams and N.J.A. Sloane. The theory of error-correcting codes. North-Holland, Amsterdam, 1977.MATHGoogle Scholar
  9. 9.
    W. Meier and O. Staffelbach. Nonlinearity criteria for cryptographic functions. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology — EUROCRYPT'89, pages 549–562. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 434.Google Scholar
  10. 10.
    A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, 1997.MATHGoogle Scholar
  11. 11.
    K. Nyberg. On the construction of highly nonlinear permutations. In R.A. Rueppel, editor, Advances in Cryptology — Eurocrypt '92, pages 92–98, Berlin, 1993. Springer-Verlag.Google Scholar
  12. 12.
    K. Nyberg. Generalized feistel networks. In K. Kim and T. Matsumoto, editors, Advances in Cryptology — ASIACRYPT'96, volume 1163 of Lecture Notes in Computer Science, pages 91–104, Berlin, 1996. Springer.Google Scholar
  13. 13.
    J. Pieprzyk. Bent permutations. In G. Mullen and P. Shiue, editors, Lecture Notes in Pure and Applied Mathematics, Vol 141, Proceedings of 1st International Conference on Finite Fields, Coding Theory, and Advances in Communications and Computing, Las Vegas, 1991, 1992.Google Scholar
  14. 14.
    B. Preneel. Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven, 1993.Google Scholar
  15. 15.
    B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle. Propagation characteristics of Boolean functions. In I.B. Damgård, editor, Advances in Cryptology — Eurocrypt '90, pages 161–173, Berlin, 1991. Springer-Verlag.Google Scholar
  16. 16.
    Ronald L. Rivest. The MD4 message digest algorithm. Technical Report MIT/LCS/TM-434, MIT Laboratory for Computer Science, October 1990.Google Scholar
  17. 17.
    Ronald L. Rivest. The MD5 message-digest algorithm. Internet Request for Comments, April 1992. RFC 1321.Google Scholar
  18. 18.
    M.J.B. Robshaw. MD2, MD4, MD5, SHA and other hash functions. Technical Report TR 101, RSA Laboratories, July 1994.Google Scholar
  19. 19.
    B.E. Sagan. The Symmetric Group: Representations, Combinatorial Algorithms, and Symmtric Functions. Wadsworth & Brooks, 1991.Google Scholar
  20. 20.
    Bruce Schneier. Applied Cryptography. John Wiley &: Sons, 1996.Google Scholar
  21. 21.
    Jennifer Seberry, Xian-Mo Zhang, and Yuliang Zheng. Nonlinearly balanced boolean functions and their propagation characteristics. In Douglas R. Stinson, editor, Advances in Cryptology — CRYPTO'93, pages 49–60. Springer, 1994. Lecture Notes in Computer Science No. 773.Google Scholar
  22. 22.
    C. E. Shannon. Communication theory of secrecy systems. Bell Sys. Tech. J., 28:657–715, 1949.Google Scholar
  23. 23.
    D.R. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.Google Scholar
  24. 24.
    Y. Zheng, J. Pieprzyk, and J. Seberry. HAVAL — a one-way hashing algorithm with variable length of output. In J. Seberry and Y. Zheng, editors, Advances in Cryptology — Auscrypt '92, pages 83–104, Berlin, 1993. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Josef Pieprzyk
    • 1
  • Cheng Xin Qu
    • 1
  1. 1.Centre for Computer Security Research School of Information Technology and Computer ScienceUniversity of WollongongWollongongAustralia

Personalised recommendations