Some thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1

The design principle of Merkle-Damg̊ard construction is collision resistance of the compression function implies collision resistance of the hash function. Recently multi-block collisions have been found on the hash functions MD5, SHA-0 and SHA-1 using differential cryptanalysis. These multi-block collisions raise several questions on some definitions and properties used in the hash function literature. In this report, we take a closer look at some of the literature in cryptographic hash functions and give our insights on them. We bring out some important differences between the 1989’s Damg̊ard’s hash function and the hash functions that followed it. We conclude that these hash functions did not consider the pseudo-collision attack in their design criteria. We also doubt whether these hash functions achieve the design principle of Merkle-Damg̊ard’s construction. We formalise some definitions on the properties of hash functions in the literature.

[1]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[2]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[3]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[4]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[5]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[8]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[9]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[10]  Pieter Retief Kasselman,et al.  Analysis and design of cryptographic hash functions , 1999 .

[11]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[12]  Stefan Lucks,et al.  Design Principles for Iterated Hash Functions , 2004, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[14]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[15]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[16]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[17]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[18]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.