Secure Block Ciphers Are Not Sufficient for One-Way Hash Functions in the Preneel-Govaerts-Vandewalle Model

  • Shoichi Hirose
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


There are many proposals of unkeyed hash functions based on block ciphers. Preneel, Govaerts and Vandewalle, in their CRYPTO’93 paper, presented the general model of unkeyed hash functions based on block ciphers such that the size of the hashcode is equal to the block size and is almost equal to the key size. In this article, it is shown that, for every unkeyed hash function in their model, there exist block ciphers secure against the adaptive chosen plaintext attack such that the unkeyed hash function based on them is not one-way. The proof is constructive: the secure block ciphers are explicitly defined based on which one-way unkeyed hash functions cannot be constructed. Some of the block ciphers presented are secure even against the adaptive chosen plaintext/ciphertext attack.


Hash Function Block Cipher Encryption Function Round Function Cryptographic Hash Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    I. B. Damgård. A design principle for hash functions. In CRYPTO’89, pages 416–427, 1990. Lecture Notes in Computer Science 435.Google Scholar
  2. 2.
    D. Davies and W. L. Price. Digital signatures, an update. In Proceedings of the 5th International Conference on Computer Communication, pages 845–849, 1984.Google Scholar
  3. 3.
    S. M. Matyas, C. H. Meyer, and J. Oseas. Generating strong one-way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin, 27:5658–5659, 1985.Google Scholar
  4. 4.
    A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  5. 5.
    R. C. Merkle. A fast software one-way hash function. Journal of Cryptology, 3:43–58, 1990.MathSciNetCrossRefGoogle Scholar
  6. 6.
    C. H. Meyer and M. Schilling. Secure program load with manipulation detection code. In Proceedings of the 6th Worldwide Congress on Computer and Communications Security and Protection (SECURICOM’88), pages 111–130, 1988.Google Scholar
  7. 7.
    B. Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven, 1993.Google Scholar
  8. 8.
    B. Preneel. The state of cryptographic hash functions. In Lectures on Data Security, pages 158–182, 1998. Lecture Notes in Computer Science 1561.CrossRefGoogle Scholar
  9. 9.
    B. Preneel, R. Govaerts, and J. Vandewalle. Hash functions based on block ciphers: A synthetic approach. In CRYPTO’93, pages 368–378, 1994. Lecture Notes in Computer Science 773.Google Scholar
  10. 10.
    D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In EUROCRYPT’98, pages 334–345, 1998. Lecture Notes in Computer Science 1403.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Shoichi Hirose
    • 1
  1. 1.Graduate School of InformaticsKyoto UniversityKyotoJapan

Personalised recommendations