Abstract
We provide a collision attack and preimage attacks on the MDC-2 construction, which is a method (dating back to 1988) of turning an n-bit block cipher into a 2n-bit hash function. The collision attack is the first below the birthday bound to be described for MDC-2 and, with n = 128, it has complexity 2124.5, which is to be compared to the birthday attack having complexity 2128. The preimage attacks constitute new time/memory trade-offs; the most efficient attack requires time and space about 2n, which is to be compared to the previous best known preimage attack of Lai and Massey (Eurocrypt ’92), having time complexity 23n/2 and space complexity 2n/2, and to a brute force preimage attack having complexity 22n.
This work has been supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-642-01001-9_35
Chapter PDF
References
Brachtl, B.O., Coppersmith, D., Hyden, M.M., Matyas Jr., S.M., Meyer, C.H.W., Oseas, J., Pilpel, S., Schilling, M.: Data authentication using modification detection codes based on a public one way encryption function, March 13, 1990, US Patent no. 4,908,861. Assigned to IBM. Filed (August 28, 1987), http://www.google.com/patents?vid=USPAT4908861 (2008/09/02)
Brent, R.P.: An improved Monte Carlo factorization algorithm. BIT Numerical Mathematics 20(2), 176–184 (1980)
Cormen, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to Algorithms. MIT Press, Cambridge (1990)
De Cannière, C., Rechberger, C.: Preimages for Reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)
Feller, W.: An Introduction to Probability Theory and Its Applications, 3rd edn., vol. 1. Wiley, Chichester (1968)
Floyd, R.W.: Nondeterministic Algorithms. Journal of the Association for Computing Machinery 14(4), 636–644 (1967)
Hellman, M.E.: A Cryptanalytic Time–Memory Trade-Off. IEEE Transactions on Information Theory IT-26(4), 401–406 (1980)
Hirose, S.: Some Plausible Constructions of Double-Block-Length Hash Functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006)
International Organization for Standardization. ISO/IEC 10118-2:1994. Information technology – Security techniques – Hash-functions – Part 2: Hash-functions using an n-bit block cipher algorithm (1994) (Revised in 2000)
International Organization for Standardization. ISO 9735-6:2002. Electronic data interchange for administration, commerce and transport (EDIFACT) – Application level syntax rules (Syntax version number: 4, Syntax release number: 1) – Part 6: Secure authentication and acknowledgement message (message type – AUTACK) (2002), http://www.gefeg.com/jswg/v41/data/V41-9735-6.pdf (2008/09/02)
Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)
Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)
Knudsen, L.R., Lai, X., Preneel, B.: Attacks on Fast Double Block Length Hash Functions. Journal of Cryptology 11(1), 59–72 (1998)
Knudsen, L.R., Preneel, B.: Fast and Secure Hashing Based on Codes. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 485–498. Springer, Heidelberg (1997)
Kraus, D.: Integrity mechanism in German and international payment systems (2002), http://www.src-gmbh.de/whitepapers/Intergrity_mechanisms_in_payment_systems_Kraus_en.pdf (2008/09/02)
Lai, X., Massey, J.L.: Hash Functions Based on Block Ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)
Leurent, G.: MD4 is Not One-Way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412–428. Springer, Heidelberg (2008)
Lucks, S.: A Failure-Friendly Design Principle for Hash Functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)
Mendel, F., Rijmen, V.: Weaknesses in the HAS-V Compression Function. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 335–345. Springer, Heidelberg (2007)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Meyer, C.H., Schilling, M.: Secure Program Load with Manipulation Detection Code. In: Proceedings of SECURICOM 1988, pp. 111–130 (1988)
Nandi, M.: Towards Optimal Double-Length Hash Functions. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 77–89. Springer, Heidelberg (2005)
Nandi, M., Lee, W., Sakurai, K., Lee, S.: Security Analysis of a 2/3-Rate Double Length Compression Function in the Black-Box Model. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 243–254. Springer, Heidelberg (2005)
National Bureau of Standards. Data Encryption Standard (DES), Federal Information Processing Standards Publication (FIPS PUB) 46 (January 15, 1977)
Steinberger, J.P.: The Collision Intractability of MDC-2 in the Ideal-Cipher Model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)
Struif, B.: German Health Professional Card and Security Module Card, Specification, Pharmacist & Physician, v. 2.0 (2003), http://www.dkgev.de/media/file/2589.spez-engl-3.pdf (2008/09/02)
van Tilborg, H.C.A. (ed.): Encyclopedia of Cryptography and Security. Springer, Heidelberg (2005)
Viega, J.: The AHASH Mode of Operation, Manuscript (September 2004), http://www.cryptobarn.com/papers/ahash.pdf (2008/09/02)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knudsen, L.R., Mendel, F., Rechberger, C., Thomsen, S.S. (2009). Cryptanalysis of MDC-2. In: Joux, A. (eds) Advances in Cryptology - EUROCRYPT 2009. EUROCRYPT 2009. Lecture Notes in Computer Science, vol 5479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01001-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-01001-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01000-2
Online ISBN: 978-3-642-01001-9
eBook Packages: Computer ScienceComputer Science (R0)