The search functionality is under construction.

The search functionality is under construction.

We analyze the security of iterated 2*m*-bit hash functions with rate 1 whose round functions use a block cipher with an *m*-bit input (output) and a 2*m*-bit key. We first show a preimage attack with *O*(2^{m}) complexity on Yi and Lam's hash function of this type. This means that their claim is wrong and it is less secure than MDC-2. Next, it is shown that a very wide class of such functions is also less secure than MDC-2. More precisely, we prove that there exist a preimage attack and a 2nd preimage attack with *O*(2^{m}) complexity and a collision attack with *O*(2^{3m/4}) complexity, respectively. Finally, we suggest a class of hash functions with a 2*m*-bit hashed value which seem to be as secure as MDC-2.

- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E82-A No.1 pp.55-62

- Publication Date
- 1999/01/25

- Publicized

- Online ISSN

- DOI

- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)

- Category

The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.

Copy

Takashi SATOH, Mio HAGA, Kaoru KUROSAWA, "Towards Secure and Fast Hash Functions" in IEICE TRANSACTIONS on Fundamentals,
vol. E82-A, no. 1, pp. 55-62, January 1999, doi: .

Abstract: We analyze the security of iterated 2*m*-bit hash functions with rate 1 whose round functions use a block cipher with an *m*-bit input (output) and a 2*m*-bit key. We first show a preimage attack with *O*(2^{m}) complexity on Yi and Lam's hash function of this type. This means that their claim is wrong and it is less secure than MDC-2. Next, it is shown that a very wide class of such functions is also less secure than MDC-2. More precisely, we prove that there exist a preimage attack and a 2nd preimage attack with *O*(2^{m}) complexity and a collision attack with *O*(2^{3m/4}) complexity, respectively. Finally, we suggest a class of hash functions with a 2*m*-bit hashed value which seem to be as secure as MDC-2.

URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/e82-a_1_55/_p

Copy

@ARTICLE{e82-a_1_55,

author={Takashi SATOH, Mio HAGA, Kaoru KUROSAWA, },

journal={IEICE TRANSACTIONS on Fundamentals},

title={Towards Secure and Fast Hash Functions},

year={1999},

volume={E82-A},

number={1},

pages={55-62},

abstract={We analyze the security of iterated 2*m*-bit hash functions with rate 1 whose round functions use a block cipher with an *m*-bit input (output) and a 2*m*-bit key. We first show a preimage attack with *O*(2^{m}) complexity on Yi and Lam's hash function of this type. This means that their claim is wrong and it is less secure than MDC-2. Next, it is shown that a very wide class of such functions is also less secure than MDC-2. More precisely, we prove that there exist a preimage attack and a 2nd preimage attack with *O*(2^{m}) complexity and a collision attack with *O*(2^{3m/4}) complexity, respectively. Finally, we suggest a class of hash functions with a 2*m*-bit hashed value which seem to be as secure as MDC-2.},

keywords={},

doi={},

ISSN={},

month={January},}

Copy

TY - JOUR

TI - Towards Secure and Fast Hash Functions

T2 - IEICE TRANSACTIONS on Fundamentals

SP - 55

EP - 62

AU - Takashi SATOH

AU - Mio HAGA

AU - Kaoru KUROSAWA

PY - 1999

DO -

JO - IEICE TRANSACTIONS on Fundamentals

SN -

VL - E82-A

IS - 1

JA - IEICE TRANSACTIONS on Fundamentals

Y1 - January 1999

AB - We analyze the security of iterated 2*m*-bit hash functions with rate 1 whose round functions use a block cipher with an *m*-bit input (output) and a 2*m*-bit key. We first show a preimage attack with *O*(2^{m}) complexity on Yi and Lam's hash function of this type. This means that their claim is wrong and it is less secure than MDC-2. Next, it is shown that a very wide class of such functions is also less secure than MDC-2. More precisely, we prove that there exist a preimage attack and a 2nd preimage attack with *O*(2^{m}) complexity and a collision attack with *O*(2^{3m/4}) complexity, respectively. Finally, we suggest a class of hash functions with a 2*m*-bit hashed value which seem to be as secure as MDC-2.

ER -