Skip to main content
SpringerLink
Log in

On the Collision and Preimage Resistance of Certain Two-Call Hash Functions

  • Conference paper
Cryptology and Network Security (CANS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6467))

Included in the following conference series:

  • 614 Accesses

Abstract

In this paper we present concrete collision and preimage attacks on a large class of compression function constructions making two calls to the underlying ideal primitives. The complexity of the collision attack is above the theoretical lower bound for constructions of this type, but below the birthday complexity; the complexity of the preimage attack, however, is equal to the theoretical lower bound.

We also present undesirable properties of some of Stam’s compression functions proposed at CRYPTO ’08. We show that when one of the n-bit to n-bit components of the proposed 2n-bit to n-bit compression function is replaced by a fixed-key cipher in the Davies-Meyer mode, the complexity of finding a preimage would be 2n/3. We also show that the complexity of finding a collision in a variant of the 3n-bits to 2n-bits scheme with its output truncated to 3n/2 bits is 2n/2. The complexity of our preimage attack on this hash function is about 2n. Finally, we present a collision attack on a variant of the proposed m + s-bit to s-bit scheme, truncated to s − 1 bits, with a complexity of O(1). However, none of our results compromise Stam’s security claims.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Black, J., Cochran, M., Shrimpton, T.: On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 526–541. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  3. Lucks, S.: A failure-friendly design principle for hash functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  5. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  6. Meyer, C.H., Schilling, M.: Secure program load with manipulation detection code. In: Proceedings SECURICOM 1988, pp. 111–130 (1988)

    Google Scholar 

  7. Morita, H., Ohta, K., Miyaguchi, S.: A Switching Closure Test to Analyze Cryptosystems. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 183–193. Springer, Heidelberg (1992)

    Google Scholar 

  8. National Institute of Standards and Technology. FIPS PUB 180-2, Secure Hash Standard. Federal Information Processing Standards Publication 180-2, U.S. Department of Commerce (August 2002)

    Google Scholar 

  9. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Google Scholar 

  10. Quisquater, J.-J., Delescaille, J.-P.: How Easy is Collision Search. New Results and Applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)

    Google Scholar 

  11. Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)

    Google Scholar 

  12. Rivest, R.L.: The MD5 Message-Digest Algorithm, Network Working Group, Request For Comments: 1321 (April 1992)

    Google Scholar 

  13. Rogaway, P., Steinberger, J.: Security/Efficiency Tradeoffs for Permutation-Based Hashing. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220–236. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Rogaway, P., Steinberger, J.P.: Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433–450. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Shrimpton, T., Stam, M.: Building a Collision-Resistant Compression Function from Non-compressing Primitives. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 643–654. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Stam, M.: Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Stam, M.: Blockcipher-Based Hashing Revisited. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 67–83. Springer, Heidelberg (2009)

    Google Scholar 

  18. Wagner, D.: A Generalized Birthday Problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical Engineering Department, Shahid Rajaee University, Tehran, Iran

    Nasour Bagheri

  2. Department of Mathematics, Technical University of Denmark, DK-2800, Kgs. Lyngby, Denmark

    Praveen Gauravaram & Søren S. Thomsen

  3. Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran

    Nasour Bagheri & Majid Naderi

Authors
  1. Nasour Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Praveen Gauravaram
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Majid Naderi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Søren S. Thomsen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, 75450, Melaka, Malaysia

    Swee-Huay Heng

  2. Department of Computer Science, Rutgers University, 96 Frelinghuysen Road, 08854, Piscataway, NJ, USA

    Rebecca N. Wright

  3. Faculty of Engineering and Science, Universiti Tunku Abdul Rahman, Kuala Lumpur Campus, Jalan Genting Klang, 53300, Kuala Lumpur, Malaysia

    Bok-Min Goi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bagheri, N., Gauravaram, P., Naderi, M., Thomsen, S.S. (2010). On the Collision and Preimage Resistance of Certain Two-Call Hash Functions. In: Heng, SH., Wright, R.N., Goi, BM. (eds) Cryptology and Network Security. CANS 2010. Lecture Notes in Computer Science, vol 6467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17619-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17619-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17618-0

  • Online ISBN: 978-3-642-17619-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation