论文信息 - Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98

Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98

Shin et al.[4] proposed a new hash function with 160-bit output length at PKC'98. Recently, at FSE 2002, Han et al.[5] cryptanalyzed the hash function proposed at PKC'98 and suggested a method finding a collision pair with probability 2-30, supposing that boolean functions satisfy the SAC(Strict Avalanche Criterion). This paper improves their attack and shows that we can find a collision pair from the original version of the hash function with probability 2-37.13 through the improved method. Furthermore we point out a weakness of the function comes from shift values dependent on message.

Donghoon Chang | Sangjin Lee | Jongin Lim | Soo Hak Sung | Jaechul Sung

[1] P. R. Kasselman,et al. Cryptanalysis of reduced version of HAVAL , 2000 .

[2] Antoine Joux,et al. Differential Collisions in SHA-0 , 1998, CRYPTO.

[3] Hans Dobbertin. Cryptanalysis of MD4 , 1996, FSE.

[4] Sangwoo Park,et al. Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98 , 2002, FSE.

[5] Hans Dobbertin. Cryptanalysis of MD5 Compress , 1996 .

[6] Ronald L. Rivest,et al. The MD4 Message-Digest Algorithm , 1990, RFC.

[7] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[8] Jongin Lim,et al. On the Security of Reduced Versions of 3-Pass HAVAL , 2002, ACISP.

[9] Jennifer Seberry,et al. HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[10] Sangjin Lee,et al. A New Hash Function Based on MDx-Family and Its Application to MAC , 1998, Public Key Cryptography.