Skip to main content
SpringerLink
Log in

How to Construct Sufficient Conditions for Hash Functions

  • Conference paper
Progress in Cryptology - VIETCRYPT 2006 (VIETCRYPT 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4341))

Included in the following conference series:

Abstract

Wang et al. have proposed collision attacks for various hash functions. Their approach is to first construct a differential path, and then determine the conditions (sufficient conditions) that maintain the differential path. If a message that satisfies all sufficient conditions is found, a collision can be generated. Therefore, in order to apply the attack of Wang et al., we need techniques for constructing differential paths and for determining sufficient conditions.

In this paper, we propose the “SC algorithm”, an algorithm that can automatically determine the sufficient conditions. The input of the SC algorithm is a differential path, that is, all message differentials and differentials of the chaining variables. The SC algorithm then outputs the sufficient conditions. The computation time of the SC algorithm is within few seconds. In applying the method of Wang et al. to MD5, there are 3 types of sufficient conditions: conditions for controlling the carry length when differentials appear in the chaining variables, conditions for controlling the output differentials of the Boolean function when the input variables of the function have differentials and conditions for controlling the relationship between the carry effect and left rotation operation. Sufficient conditions for SHA-1, SHA-0 and MD4 consist of only Type 1 and Type 2. Type 3 is unique to MD5. The SC algorithm can construct Type 1 and Type 2 conditions; we use the method of Liang et al. to construct Type 3 conditions.

The complexity of the collision attack depends on the number of sufficient conditions needed. The SC algorithm constructs the fewest possible sufficient conditions. To check the feasibility of the SC algorithm, we apply it to the differential path of MD5 given by Wang et al. It is shown to yield 12 fewer conditions than the latest work on MD5. The SC algorithm is applicable to the MD-family and the SHA-family. This paper focuses on the sufficient conditions of MD5, but only as an example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Black, J., Cochran, M., Highland, T.: A Study of the MD5 Attacks: Insights and Improvements. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 262–277. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Hawkes, P., Paddon, M., Rose, G.G.: Musings on the Wang et al. MD5 Collision. Cryptology ePrint Archive, Report 2004/264 (2004)

    Google Scholar 

  3. Liang, J., Lai, X.: Improved Collision Attack on Hash Function MD5. Cryptology ePrint Archive, Report 2005/425 (2005)

    Google Scholar 

  4. NIST. Secure hash standard. Federal Information Processing Standard, FIPS-180 (May 1993)

    Google Scholar 

  5. NIST. Secure hash standard. Federal Information Processing Standard, FIPS-180-1 (April 1995)

    Google Scholar 

  6. Rivest, R.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991), http://theory.lcs.mit.edu/~rivest/Rivest-MD4.txt

    Google Scholar 

  7. Rivest, R.: The MD5 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991), http://theory.lcs.mit.edu/~rivest/Rivest-MD5.txt

    Google Scholar 

  8. Schlaffer, M., Oswald, E.: Searching for Differential Paths in MD4. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 242–261. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Wang, X., Feng, D., Chen, H., Lai, X., Yu, X.: Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. In: Rump Session of CRYPTO 2004 and Cryptology ePrint Archive, Report 2004/199 (2004)

    Google Scholar 

  10. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Wang, X., Yu, H., Lisa Yin, Y.: Efficient Collision Search Attack on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Google Scholar 

  13. Wang, X., Lisa Yin, Y., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

  14. Yajima, J., Shimoyama, T.: On the collision search and the sufficient conditions of MD5, ISEC 2005-78, pp.15–22 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Electro-Communications, Chofugaoka 1-5-1, Chofu-shi, Tokyo, 182-8585, Japan

    Yu Sasaki, Yusuke Naito, Noboru Kunihiro & Kazuo Ohta

  2. Fujitsu Laboratories Ltd, 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki, 211-8585, Japan

    Jun Yajima & Takeshi Shimoyama

Authors
  1. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yusuke Naito
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jun Yajima
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takeshi Shimoyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Noboru Kunihiro
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kazuo Ohta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département d’Informatique, École Normale Supérieure, 45 rue d’Ulm, 75230, Paris Cedex 05, France

    Phong Q. Nguyen

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sasaki, Y., Naito, Y., Yajima, J., Shimoyama, T., Kunihiro, N., Ohta, K. (2006). How to Construct Sufficient Conditions for Hash Functions. In: Nguyen, P.Q. (eds) Progress in Cryptology - VIETCRYPT 2006. VIETCRYPT 2006. Lecture Notes in Computer Science, vol 4341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11958239_16

Download citation

  • DOI: https://doi.org/10.1007/11958239_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68799-3

  • Online ISBN: 978-3-540-68800-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation