Abstract
Cryptographic hash functions play a central role in applications of cryptography. In spite of this, there has been only limited interest for theoretical work on the definitions and foundations. Until recently, there were about hundred practical designs, of which more than three quarter are broken, and the most widely used hash functions were MD5 and SHA-1. Cryptanalysis during the 1990s showed that these functions offered only a very limited security margin, and in 2004 Wang et al. managed to enhance differential cryptanalysis to a point that finding collisions for MD5 became very easy; for SHA-1 a substantial reduction of the security margin was obtained. This breakthrough has resulted in a flurry of research, resulting in both more theoretical research and new constructions. NIST has announced in November 2007 that it would organize the SHA-3 competition, with as goal to select a new hash function family by 2012. On October 31, 2008, 64 submissions were received, 51 of which have been selected for the first round. This extended abstract presents a brief outline of the state of the art of hash functions at the beginning of the competition and tries to clarify the context in which this competition is starting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings 28th ACM Symposium on the Theory of Computing, pp. 99–108 (1996)
Andreeva, E., Neven, G., Preneel, B., Shrimpton, T.: Seven-property-preserving iterated hashing: ROX. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 130–146. Springer, Heidelberg (2007)
Barreto, P.S.L.M., Rijmen, V.: The Whirlpool hashing function. NESSIE submission (September 2000)
Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: the case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)
Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)
Bellovin, S.M., Rescorla, E.K.: Deploying a new hash algorithm. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2006, The Internet Society (2006)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)
Biham, E., Dunkelman, O.: A framework for iterative hash functions – HAIFA. In: Proceedings Second NIST Hash Functions Workshop 2006, Santa Barbara (CA), USA (August 2006)
Black, J.A., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)
Brachtl, B.O., Coppersmith, D., Hyden, M.M., Matyas, S.M., Meyer, C.H., Oseas, J., Pilpel, S., Schilling, M.: Data Authentication Using Modification Detection Codes Based on a Public One Way Encryption Function, U.S. Patent Number 4,908,861, March 13 (1990)
Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)
Charles, D.X., Goren, E.Z., Lauter, K.E.: Cryptographic hash functions from expander graphs. In: Proceedings Second NIST Hash Functions Workshop 2006, Santa Barbara (CA), USA (August 2006)
Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an efficient and provable collision-resistant hash function. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 165–182. Springer, Heidelberg (2006)
Coppersmith, D.: Analysis of ISO/CCITT Document X.509 Annex D. IBM T.J. Watson Center, Yorktown Heights, N.Y., 10598, Internal Memo, June 11 (1989) (also ISO/IEC JTC1/SC20/WG2/N160)
Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)
Damgård, I.B.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)
Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)
Dean, R.D.: Formal aspects of mobile code security. PhD thesis, Princeton University (January 1999)
De Cannière, C., Rechberger, C.: Preimages for reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)
den Boer, B., Bosselaers, A.: Collisions for the compression function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. on Information Theory IT-22(6), 644–654 (1976)
Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes 2(2), 1–6 (Summer, 1996)
Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: a strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71–82. Springer, Heidelberg (1996), http://www.esat.kuleuven.ac.be/~bosselae/ripemd160
ECRYPTÂ II, The SHA-3 Zoo, http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
FIPS 46, Data Encryption Standard, Federal Information Processing Standard, NBS, U.S. Department of Commerce (January 1977) (revised as FIPS 46-1(1988); FIPS 46-2(1993), FIPS 46-3(1999))
FIPSÂ 180-1, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 17 (1995)
FIPS 180-2, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-2, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., August 26 (Change notice 1 published on December 1 2002) (2002)
Fleischmann, E., Forler, C., Gorski1, M.: Classifcation of the SHA-3 candidates, February 1 (2009), http://eprint.iacr.org/2008/511.pdf
Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006)
Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and other non-random properties for step-reduced SHA-256. In: Avanzi, R., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptology– SAC 2008. LNCS. Springer, Heidelberg (in print, 2009)
ISO/IEC 10118, Information technology – Security techniques – Hash-functions, Part 1: General (2000), Part 2: Hash-functions using an n-bit block cipher algorithm (2000), Part 3: Dedicated hash-functions (2003), Part 4: Hash-functions using modular arithmetic (1998)
Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)
Kaliski Jr., B.S.: The MD2 Message-Digest algorithm. Request for Comments (RFC) 1319, Internet Activities Board, Internet Privacy Task Force (April 1992)
Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183–200. Springer, Heidelberg (2006)
Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)
Klima, V.: Tunnels in hash functions: MD5 collisions within a minute. IACR ePrint archive (2006), http://eprint.iacr.org/2006/105.pdf
Knudsen, L.R., Lai, X., Preneel, B.: Attacks on fast double block length hash functions. Journal of Cryptology 11(1), 59–72 (Winter 1998)
Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)
Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412–428. Springer, Heidelberg (2008)
Manuel, S., Peyrin, T.: Collisions on SHA-0 in one hour. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 16–35. Springer, Heidelberg (2008)
Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)
Merkle, R.: Secrecy, Authentication, and Public Key Systems. UMI Research Press (1979)
Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)
Merkle, R.: A fast software one-way hash function. Journal of Cryptology 3(1), 43–58 (1990)
Miyaguchi, S., Iwata, M., Ohta, K.: New 128-bit hash function. In: Proceedings 4th International Joint Workshop on Computer Communications, Tokyo, Japan, July 13–15, pp. 279–288 (1989)
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings 21st ACM Symposium on the Theory of Computing, pp. 387–394 (1990)
NIST SHA-3 Competition, http://csrc.nist.gov/groups/ST/hash/
Pal, P., Sarkar, P.: PARSHA-256 – A new parallelizable hash function and a multithreaded implementation. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 347–361. Springer, Heidelberg (2003)
Patarin, J.: Collisions and inversions for Damgård’s whole hash function. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 307–321. Springer, Heidelberg (1995)
Preneel, B.: Analysis and design of cryptographic hash functions. Doctoral Dissertation, Katholieke Universiteit Leuven (1993)
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)
Rabin, M.O.: Digitalized signatures. In: Lipton, R., DeMillo, R. (eds.) Foundations of Secure Computation, pp. 155–166. Academic Press, New York (1978)
Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Rivest, R.L.: The MD5 message-digest algorithm. Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force (April 1992)
Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)
Rogaway, P., Steinberger, J.P.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433–450. Springer, Heidelberg (2008)
Saarinen, M.-J.O.: Security of VSH in the real world. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 95–103. Springer, Heidelberg (2006)
Sanadhya, S.K., Sarkar, P.: New collision attacks against up to 24-step SHA-2. In: Roy Chowdhury, D., Rijmen, V., Das, A. (eds.) Progress in Cryptology – Indocrypt 2008. LNCS, vol. 5365, pp. 91–103. Springer, Heidelberg (2008)
Sasaki, Y., Aoki, K.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptocraphy – SAC 2008. LNCS. Springer, Heidelberg (in print, 2009)
Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: MD5 considered harmful today. Creating a rogue CA certificate, http://www.win.tue.nl/hashclash/rogue-ca/
Stam, M.: Beyond uniformity: Better security/Efficiency tradeoffs for compression functions. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008)
Stam, M.: Blockcipher based hashing revisited. In: Dunkelman, O. (ed.) Fast Software Encryption 2009. LNCS. Springer, Heidelberg (to appear, 2009)
Steinberger, J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)
Tillich, J.-P., Zémor, G.: Collisions for the LPS expander graph hash function. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 254–269. Springer, Heidelberg (2008)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)
Winternitz, R.: A secure one-way hash function built from DES. In: Proceedings IEEE Symposium on Information Security and Privacy, pp. 88–90. IEEE Press, Los Alamitos (1984)
Yasuda, K.: How to fill up Merkle-Damgård hash functions. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 272–289. Springer, Heidelberg (2008)
Yuval, G.: How to swindle Rabin. Cryptologia 3, 187–189 (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Preneel, B. (2009). The State of Hash Functions and the NIST SHA-3 Competition . In: Yung, M., Liu, P., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2008. Lecture Notes in Computer Science, vol 5487. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01440-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-01440-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01439-0
Online ISBN: 978-3-642-01440-6
eBook Packages: Computer ScienceComputer Science (R0)