Collision Attacks against the Knudsen-Preneel Compression Functions
نویسندگان
چکیده
Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. Their main design goal was to deliver compression functions with collision resistance up to, and even beyond, the block size of the underlying blockciphers. In this paper, we present new collision-finding attacks against these compression functions using the ideas of an unpublished work of Watanabe and the preimage attack of Özen, Shrimpton, and Stam (FSE’10). In brief, our best attack has a time complexity strictly smaller than the block-size for all but two of the parameter sets. Consequently, the time complexity lower bound proven by Knudsen and Preneel is incorrect and the compression functions do not achieve the security level they were designed for.
منابع مشابه
Provable Security of the Knudsen-Preneel Compression Functions
This paper discusses the provable security of the compression functions introduced by Knudsen and Preneel [?,?,?] that use linear error-correcting codes to build wide-pipe compression functions from underlying blockciphers operating in Davies-Meyer mode. In the information theoretic model, we prove that the Knudsen-Preneel compression function based on an [r, k, d]2e code is collision resistant...
متن کاملDesign and Analysis of Multi-Block-Length Hash Functions
Cryptographic hash functions are used in many cryptographic applications, and the design of provably secure hash functions (relative to various security notions) is an active area of research. Most of the currently existing hash functions use the Merkle–Damgård paradigm, where by appropriate iteration the hash function inherits its collision and preimage resistance from the underlying compressi...
متن کاملHash Functions Based on Block Ciphers and Quaternary Codes
We consider constructions for cryptographic hash functions based onm-bit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 2 encryptions, which should be compared to 2 encryptions for a brute force attack. This attack breaks the last remaining subclass in a wide class of efficient hash functions which have been proposed in the literature. We then a...
متن کاملAttacking the Knudsen-Preneel Compression Functions
Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random functions. We give a new non-ada...
متن کاملConstruction of secure and fast hash functions using nonbinary error-correcting codes
This paper considers iterated hash functions. It proposes new constructions of fast and secure compression functions with -bit outputs for integers 1 based on error-correcting codes and secure compression functions with -bit outputs. This leads to simple and practical hash function constructions based on block ciphers such as Data Encryption Standard (DES), where the key size is slightly smalle...
متن کامل