SM3 is a hash function, designed by Xiaoyun Wang et al. and published by the Chinese Commercial Cryptography Administration Office for the use of electronic authentication service system. The design of SM3 builds upon the design of the SHA-2 hash function, but introduces additional strengthening features. In this paper, we present boomerang distinguishers for the SM3 compression function reduce...

This note presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different simplified variants of FORK-256. Finally, as a concrete application of those observations we present a method of finding chosen IV collisions fo...

The security notion of indifferentiability was proposed by Maurer, Renner, and Holenstein in 2004. In 2005, Coron, Dodis, Malinaud, and Puniya discussed the indifferentiability of hash functions. They showed that the Merkle-Damg̊ard construction is not secure in the sense of indifferentiability. In this paper, we analyze the security of single-block-length and rate-1 compression functions in the...

Recently Nandi etc. have proposed a 1/3-rate and a 2/3-rate double length compression functions and studied their security in the black-box model. They proved that to find a collision for the compression function, it requires Ω(2) queries, where n is the length of output size. In this paper, we show that not all hash functions based on block cipher constructed according to their model are of th...

The hash function HAVAL is an Australian extension of well known Merkle-Damg̊ard hash functions such as MD4 and MD5. It has three variants, 3-, 4and 5-pass HAVAL. On 3-pass HAVAL, the best known attack finds a collision pair with 2 computations of the compression function. To find k collision pairs, it requires 2k computations. In this paper, we present a better collision attack on 3-pass HAVAL,...

Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-rou...

We look at a different security property one might require of encryption, namely one-way security. The notion is natural and seems like a minimal requirement on an encryption scheme. It makes sense for both symmetric and public-key encryption schemes. To make the discussion more concrete, we look at the so-called “textbook” variant of the RSA encryption, and see how to pick keys in relation to ...

Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing m-bit and 2m-bit hash round functions fromm-bit block ciphers are studied. A principle is formalized for eva...

Since Bellare and Ristenpart showed a multi-property preserving domain extension transform, the problem of the construction for multi-property hash functions has been reduced to that of the construction for multi-property compression functions. However, the Davies-Meyer compression function that is widely used for standard hash functions is not a multi-property compression function. That is, in...

One way hash functions are an important tool in achieving authentication and data integrity The aim of this paper is to propose a novel one way hash function based on cellular automata whose cryp tographic properties have been extensively studied over the past decade or so Furthermore security of the proposed one way hash function is analyzed by the use of very recently published results on app...