Full Cryptanalysis of LPS and Morgenstern Hash Functions

Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zemor and Tillich [17], but it was not clear whether computing preimages was also easy for this hash function. We present a probabilistic polynomial time algorithm solving this problem. Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. Our attacks build upon the ideas of Zemor and Tillich but are not straightforward extensions of it. Finally, we discuss fixes for the Morgenstern hash function and other applications of our results.

[1]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[2]  Ron Steinfeld,et al.  VSH, an Efficient and Provable Collision Resistant Hash Function , 2006, IACR Cryptol. ePrint Arch..

[3]  Philippe Flajolet,et al.  Gaussian limiting distributions for the number of components in combinatorial structures , 1990, J. Comb. Theory, Ser. A.

[4]  N. Linial,et al.  Expander Graphs and their Applications , 2006 .

[5]  Gilles Zémor,et al.  Group-theoretic hash functions , 1993, Algebraic Coding.

[6]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[7]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[8]  Gilles Zémor Hash functions and Cayley graphs , 1994, Des. Codes Cryptogr..

[9]  Victor Shoup On the Deterministic Complexity of Factoring Polynomials over Finite Fields , 1990, Inf. Process. Lett..

[10]  Chris Peikert,et al.  Provably Secure FFT Hashing , 2006 .

[11]  Gilles Zémor,et al.  Hashing with SL_2 , 1994, CRYPTO.

[12]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[13]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[14]  Gilles Zémor,et al.  Collisions for the LPS Expander Graph Hash Function , 2008, EUROCRYPT.

[15]  A. Lubotzky,et al.  Ramanujan graphs , 2017, Comb..

[16]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[17]  Moshe Morgenstern,et al.  Existence and Explicit Constructions of q + 1 Regular Ramanujan Graphs for Every Prime Power q , 1994, J. Comb. Theory, Ser. B.