On the Security of Reduced Versions of 3-Pass HAVAL

  • Sangwoo Park
  • Soo Hak Sung
  • Seongtaek Chee
  • Jongin Lim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


HAVAL is a dedicated hash function of the MD family which was proposed by Zheng et al. In this paper, we study the security of reduced versions of 3-pass HAVAL. We find a 256-bit collision of the first two passes of 3-pass HAVAL and of the last two passes of 3-pass HAVAL.


Boolean Function Hash Function Compression Function Message Block Collision Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Thomas A. Berson. Differential cryptanalysis mod 232 with applications to MD5. In Rainer A. Rueppel, editor, Advances in Cryptology-Eurocrypt’92, volume 658 of Lecture Notes in Computer Science, pages 71–80. Springer-Verlag, Berlin, 1992.Google Scholar
  2. 2.
    Christophe Debaert and Henri Gilbert. The RIPEMDL and RIPEMDR improved variants of MD4 are not collision free. In Preproceegins of FSE 2001, 8th Fast Software Encryption Workshop, pages 54–69, Yokohama, Japan, April 2001.Google Scholar
  3. 3.
    Bert den Boer and Antoon Bosselaers. An attack on the last two rounds of MD4. In Joan Feigenbaum, editor, Advances in Cryptology-Crypto’91, volume 576 of Lecture Notes in Computer Science, pages 194–203. Springer-Verlag, Berlin, 1992.Google Scholar
  4. 4.
    Bert den Boer and Antoon Bosselaers. Collisions for the compression function of MD5. In Tor Helleseth, editor, Advances in Cryptology-Eurocrypt’93, volume 765 of Lecture Notes in Computer Science, pages 293–304. Springer-Verlag, Berlin, 1993.Google Scholar
  5. 5.
    Hans Dobbertin. RIPEMD with two rounds compress function is not collision-free. Journal of Cryptology, 10(1):51–69, 1997.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Hans Dobbertin. Cryptanalysis of MD4. Journal of Cryptology, 11(4):253–271, 1998.zbMATHCrossRefGoogle Scholar
  7. 7.
    Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. RIPEMD-160: A strengthened version of RIPEMD., April 1996.
  8. 8.
    P.R. Kasselman and W.T. Penzhorn. Cryptanalysis of reduced version of HAVAL. Electronics Letters, 36(1):30–31, January 2001.Google Scholar
  9. 9.
    National Institute of Standards and Technology. FIPS PUB 180-1: Secure Hash Standard, April 1995.Google Scholar
  10. 10.
    Research and Development in Advanced Communications Technologies in Europe. RIPE: Integrity primitives for secure information systems. Final Report of RACE Integrity Primitives Evaluation(R1040),RACE, 1995.Google Scholar
  11. 11.
    Ronald L. Rivest. The MD4 message digest algorithm. In Alfred J. Menezes and Scott A. Vanstone, editors, Advances in Cryptology-Crypto’90, volume 537 of Lecture Notes in Computer Science, pages 303–311. Springer-Verlag, 1991.Google Scholar
  12. 12.
    Ronald L. Rivest. The MD5 message digest algorithm. In Request for Comments(RFC) 1321, April. Internet Activities Board, Internet Privacy Task Force, 1992.Google Scholar
  13. 13.
    Serge Vaudenay. On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In Bart Preneel, editor, Fast Software Encryption, Second International Workshop, volume 1008 of Lecture Notes in Computer Science, pages 286–297, Leuven, Belgium, December 1995. Springer-Verlag, Berlin.Google Scholar
  14. 14.
    Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry. HAVAL-A One-Way Hashing Algorithm with Variable Length of Output. In Jennifer Seberry and Yuliang Zheng, editors, Advances in Cryptology-Auscrypt’92, volume 718 of Lecture Notes in Computer Science, pages 83–104. Springer, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Sangwoo Park
    • 1
  • Soo Hak Sung
    • 2
  • Seongtaek Chee
    • 1
  • Jongin Lim
    • 3
  1. 1.National Security Research InstituteKorea
  2. 2.Department of Applied MathematicsPai Chai UniversityKorea
  3. 3.Center for Information Security Technologies(CIST)Korea UniversityKorea

Personalised recommendations