MDC-4 is the enhanced version of MDC-2, which is a well-known hash mode of block ciphers. However, it does not guarantee sufficient securities required for a cryptographic hash function. In the ideal cipher model, the MDC-4 compression function has the collision security bound close to 25n/8 and the preimage security bound close to 25n/4, where the underlying block cipher has the block size of n bits. We have studied how to improve MDC-4 with simple modification to strengthen its security. It is meaningful work because users often want to improve their familiar systems with low cost. In this paper, we achieve it by proposing MDC-4+, which is a light variation of MDC-4. We prove that MDC-4+ is much more secure than MDC-4 by showing that it has the collision security bound close to optimal 2n and the preimage security bound close to 24n/3. We also discuss its efficiency by comparing existing hash modes.

We give some attacks on the DBL hash modes MDC-4 and MJH. Our preimage attack on the MDC-4 hash function requires the time complexity O(23n/2) for the block length n of the underlying block cipher, which significantly improves the previous results. Our collision attack on the MJH hash function has a time complexity less than 2124 for n=128. Our preimage attack on the the MJH compression function finds a preimage with the time complexity of 2n. It is converted to a preimage attack on the hash function with the time complexity of O(23n/2). As far as we know, any cryptanalytic result for MJH has not been published before. Our results are helpful for understanding the security of the hash modes together with their security proofs.