On the Security of Reduced Versions of 3-Pass HAVAL
HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this paper, we study the security of reduced versions of 3-pass HAVAL. We find a 256-bit collision of the first two passes of 3-pass HAVAL and of the last two passes of 3-pass HAVAL.
KeywordsBoolean Function Hash Function Compression Function Message Block Collision Attack
Unable to display preview. Download preview PDF.
- 1.Thomas A. Berson. Differential cryptanalysis mod 232 with applications to MD5. In Rainer A. Rueppel, editor, Advances in Cryptology-Eurocrypt’92, volume 658 of Lecture Notes in Computer Science, pages 71–80. Springer-Verlag, Berlin, 1992.Google Scholar
- 2.Christophe Debaert and Henri Gilbert. The RIPEMDL and RIPEMDR improved variants of MD4 are not collision free. In Preproceegins of FSE 2001, 8th Fast Software Encryption Workshop, pages 54–69, Yokohama, Japan, April 2001.Google Scholar
- 3.Bert den Boer and Antoon Bosselaers. An attack on the last two rounds of MD4. In Joan Feigenbaum, editor, Advances in Cryptology-Crypto’91, volume 576 of Lecture Notes in Computer Science, pages 194–203. Springer-Verlag, Berlin, 1992.Google Scholar
- 4.Bert den Boer and Antoon Bosselaers. Collisions for the compression function of MD5. In Tor Helleseth, editor, Advances in Cryptology-Eurocrypt’93, volume 765 of Lecture Notes in Computer Science, pages 293–304. Springer-Verlag, Berlin, 1993.Google Scholar
- 7.Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. RIPEMD-160: A strengthened version of RIPEMD. ftp.esat.kuleuven.ac.be/pub/COSIC/bossselae/ripemd, April 1996.
- 8.P.R. Kasselman and W.T. Penzhorn. Cryptanalysis of reduced version of HAVAL. Electronics Letters, 36(1):30–31, January 2001.Google Scholar
- 9.National Institute of Standards and Technology. FIPS PUB 180-1: Secure Hash Standard, April 1995.Google Scholar
- 10.Research and Development in Advanced Communications Technologies in Europe. RIPE: Integrity primitives for secure information systems. Final Report of RACE Integrity Primitives Evaluation(R1040),RACE, 1995.Google Scholar
- 11.Ronald L. Rivest. The MD4 message digest algorithm. In Alfred J. Menezes and Scott A. Vanstone, editors, Advances in Cryptology-Crypto’90, volume 537 of Lecture Notes in Computer Science, pages 303–311. Springer-Verlag, 1991.Google Scholar
- 12.Ronald L. Rivest. The MD5 message digest algorithm. In Request for Comments(RFC) 1321, April. Internet Activities Board, Internet Privacy Task Force, 1992.Google Scholar
- 13.Serge Vaudenay. On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In Bart Preneel, editor, Fast Software Encryption, Second International Workshop, volume 1008 of Lecture Notes in Computer Science, pages 286–297, Leuven, Belgium, December 1995. Springer-Verlag, Berlin.Google Scholar
- 14.Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry. HAVAL-A One-Way Hashing Algorithm with Variable Length of Output. In Jennifer Seberry and Yuliang Zheng, editors, Advances in Cryptology-Auscrypt’92, volume 718 of Lecture Notes in Computer Science, pages 83–104. Springer, 1992.Google Scholar