Constructing Secure Hash Functions by Enhancing Merkle-Damgård Construction

Recently multi-block collision attacks (MBCA) were found on the Merkle-Damgard (MD)-structure based hash functions MD5, SHA-0 and SHA-1. In this paper, we introduce a new cryptographic construction called 3C devised by enhancing the MD construction. We show that the 3C construction is at least as secure as the MD construction against single-block and multi-block collision attacks. This is the first result of this kind showing a generic construction which is at least as resistant as MD against MBCA. To further improve the resistance of the design against MBCA, we propose the 3C+ design as an enhancement of 3C. Both these constructions are very simple adjustments to the MD construction and are immune to the straight forward extension attacks that apply to the MD hash function. We also show that 3C resists some known generic attacks that work on the MD construction. Finally, we compare the security and efficiency features of 3C with other MD based proposals.

[1]  Stefan Lucks,et al.  Design Principles for Iterated Hash Functions , 2004, IACR Cryptol. ePrint Arch..

[2]  Eli Biham,et al.  Near-Collisions of SHA-0 , 2004, CRYPTO.

[3]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[4]  Bart Preneel Cryptographic hash functions , 1994, Eur. Trans. Telecommun..

[5]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[6]  Hans Dobbertin Cryptanalysis of MD4 , 1996, FSE.

[7]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[8]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[9]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .

[10]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[11]  Stefan Lucks,et al.  A Failure-Friendly Design Principle for Hash Functions , 2005, ASIACRYPT.

[12]  William Millan,et al.  CRUSH: A New Cryptographic Hash Function using Iterated Halving Technique , 2004, Cryptographic Algorithms and their Uses.

[13]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[16]  Helena Handschuh,et al.  Security Analysis of SHA-256 and Sisters , 2003, Selected Areas in Cryptography.

[17]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[18]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[19]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[20]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[21]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[22]  Charanjit S. Jutla,et al.  Is SHA-1 conceptually sound? , 2005, IACR Cryptol. ePrint Arch..

[23]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[24]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[25]  Vincent Rijmen,et al.  Analysis of Step-Reduced SHA-256 , 2006, FSE.

[26]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[27]  Xiaoyun Wang,et al.  Colliding X.509 Certificates , 2005, IACR Cryptol. ePrint Arch..

[28]  William Millan,et al.  3C- A Provably Secure Pseudorandom Function and Message Authentication Code.A New mode of operation for Cryptographic Hash Function , 2005, IACR Cryptol. ePrint Arch..

[29]  Michael Szydlo,et al.  Collision-Resistant Usage of MD5 and SHA-1 Via Message Preprocessing , 2006, CT-RSA.

[30]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[31]  Alex Biryukov,et al.  Analysis of a SHA-256 Variant , 2005, Selected Areas in Cryptography.

[32]  Charanjit S. Jutla,et al.  A Simple and Provably Good Code for SHA Message Expansion , 2005, IACR Cryptol. ePrint Arch..

[33]  Bruce Schneier One-way hash functions , 1991 .

[34]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.