Abstract
Cryptographic hash functions obtained by iterating a round function constructed from a block cipher and for which the hash-code length is twice the block length m of the underlying block cipher are considered. The computational security of such hash functions against two particular attacks, namely, the free-start target and free-start collision attacks, is investigated; these two attacks differentiate themselves from the “usual” target and collision attacks by not specifying the initial value of the iterations. The motivation is that computationally secure iterated hash functions against these two particular attacks implies computationally secure iterated hash functions against the “usual” target and collision attacks. For a general class of such 2m-bit iterated hash functions, tighter upper bounds than the one yet published in the literature on the complexity of free-start target and free-start collision attacks are derived. A proposal for a 2m-bit iterated hash function achieving these upper bounds is made; this new proposal is shown to be computationally more secure against free-start target and free-start collision attacks than some of the already proposed schemes falling into this general class. It is also shown that our proposal is better than the present proposal for an ISO standard in the sense that both schemes achieve these upper bounds but one encryption is required in our proposal for hashing one m-bit message block as opposed to two encryptions in the ISO proposal. Finally, two new attacks on the LOKI Double-Block-Hash function are presented with lower complexities than the known ones.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
L. Brown, J. Pieprzyk and J. Seberry, “LOKI-A Cryptographic Primitive for Authentication and Secrecy Applications”, Advances in Cryptology-AUSCRYPT’90 Proceedings, pp. 229–236, Springer-Verlag, 1990.
I.B. Damgaard, “A Design Principle for Hash Functions”, Advances in Cryptology-CRYPT0’89 Proceedings, pp. 416–427, Springer-Verlag, 1990.
R.W. Davies and W.L. Price, “Digital Signature-an Update”, Proc. International Conference on Computer Communications, Sydney, Oct. 1984, Elsevier, North Holland, pp. 843–847, 1985.
ISO/IEC CD 10118, Information technology-Security techniques-Hash-functions, I.S.O., 1991.
X. Lai and J.L. Massey, “Hash Functions Based on Block Ciphers”, Advances in Cryptology-EUROCRYPT’92 Proceedings, pp. 55–70, LNCS 658, Springer-Verlag, 1993.
S.M. Matyas, C.H. Meyer and J. Oseas, “Generating Strong One-Way Functions with Cryptographic Algorithm”, IBM Technical Disclosure Bulletin, Vol. 27, No. 10A, pp. 5658–5659, March 1985.
S.M. Matyas, “Key Processing with Control Vectors”, Journal of Cryptology, Vol.3, No.2, pp. 113–136, 1991.
R.C. Merkle, “One-Way Hash Functions and DES”, Advances in Cryptology-CRYPTO’89 Proceedings, pp. 428–446, Springer-Verlag, 1990.
C. H. Meyer and M. Schilling, “Secure Program Code with Modification Detection Code”, Proceedings of SECURICOM 88, pp. 111–130, SEDEP.8, Rue de la Michodies, 75002, Paris, France.
S. Miyaguchi, K. Ohta and M. Iwata, Confirmation that Some Hash Functions Are Not Collision Free, Advances in Cryptology-EUROCRYPT’ 90, Proceedings, LNCS 473, pp. 326–343, Springer Verlag, Berlin, 1991.
M. Naor and M. Yung, “Universal One-way Hash Functions and Their Cryptographic Applications”, Proc. 21 Annual ACM Symposium on Theory of Computing, Seattle, Washington, May 15–17, 1989, pp. 33–43.
B. Preneel, A. Bosselaers, R. Govaerts and J. Vandewalle, “Collision-Free Hashfunctions Based on Blockcipher Algorithm”, Proceedings of 1989 International Carnahan Conference on Security Technology, pp.203–210, 1989.
B. Preneel, Analysis and Design of Cryptographic Hash Hashfunctions, Ph.D thesis, Katholieke Universiteit Leuven, Belgium, January 1993.
J.J. Quisquater and M. Girault, “2n-bit Hash Functions Using n-bit Symmetric Block Cipher Algorithms”, Abstracts of EUROCRYPT’89.
R.S. Winternitz, “Producing One-Way Hash Function from DES”, Advances in Cryptology-CRYPTO’83 Proceedings, pp. 203–207, Plenum Press, New York, 1984.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hohl, W., Lai, X., Meier, T., Waldvogel, C. (1994). Security of Iterated Hash Functions Based on Block Ciphers. In: Stinson, D.R. (eds) Advances in Cryptology — CRYPTO’ 93. CRYPTO 1993. Lecture Notes in Computer Science, vol 773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48329-2_32
Download citation
DOI: https://doi.org/10.1007/3-540-48329-2_32
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57766-9
Online ISBN: 978-3-540-48329-8
eBook Packages: Springer Book Archive