Cryptanalysis of the HaF family of hash functions

2015 ◽  
Vol 52 (2) ◽  
pp. 277-287
Author(s):  
Mateusz Buczek ◽  
Marcin Kontak
Keyword(s):  
Fixed Points ◽  
Hash Functions ◽  
Exhaustive Search ◽  
Short Message ◽  
Compression Function ◽  
Collision Attack ◽  
University Of Technology ◽  
Function Call ◽  
Improved Function

HaF is a family of hash functions developed in Poland at Poznán University of Technology, see [1, 2]. It is a classical Merkle-Damgård construction with the output sizes of 256, 512 or 1024 bits. In this paper we present a collision attack with negligible complexity (collisions can be found without using a computer) for all the members of HaF family. We have also shown that the improved function (without the critical transformation) is still insecure. It is possible to find a preimage for a short message with the complexity lower than the exhaustive search. We are also able to create some fixed points with a complexity of single compression function call.

scholarly journals Quantum Free-Start Collision Attacks on Double Block Length Hashing with Round-Reduced AES-256

2021 ◽  
pp. 316-336
Author(s):  
Amit Kumar Chauhan ◽  
Abhishek Kumar ◽  
Somitra Kumar Sanadhya
Keyword(s):  
Time Complexity ◽  
Block Length ◽  
Compression Function ◽  
Collision Attack ◽  
Classical Setting ◽  
Quantum Version ◽  
Collision Attacks ◽  
Double Block Length

Recently, Hosoyamada and Sasaki (EUROCRYPT 2020), and Xiaoyang Dong et al. (ASIACRYPT 2020) proposed quantum collision attacks against AES-like hashing modes AES-MMO and AES-MP. Their collision attacks are based on the quantum version of the rebound attack technique exploiting the differential trails whose probabilities are too low to be useful in the classical setting but large enough in the quantum setting. In this work, we present dedicated quantum free-start collision attacks on Hirose’s double block length compression function instantiated with AES-256, namely HCF-AES-256. The best publicly known classical attack against HCF-AES-256 covers up to 9 out of 14 rounds. We present a new 10-round differential trail for HCF-AES-256 with probability 2−160, and use it to find collisions with a quantum version of the rebound attack. Our attack succeeds with a time complexity of 285.11 and requires 216 qRAM in the quantum-attack setting, where an attacker can make only classical queries to the oracle and perform offline computations. We also present a quantum free-start collision attack on HCF-AES-256 with a time complexity of 286.07 which outperforms Chailloux, Naya-Plasencia, and Schrottenloher’s generic quantum collision attack (ASIACRYPT 2017) in a model when large qRAM is not available.

scholarly journals On the Construction of20×20and24×24Binary Matrices with Good Implementation Properties for Lightweight Block Ciphers and Hash Functions

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Muharrem Tolga Sakallı ◽  
Sedat Akleylek ◽  
Bora Aslan ◽  
Ercan Buluş ◽  
Fatma Büyüksaraçoğlu Sakallı
Keyword(s):  
Positive Integer ◽  
Fixed Points ◽  
Irreducible Polynomial ◽  
Hash Functions ◽  
Block Ciphers ◽  
Companion Matrix ◽  
Algebraic Construction ◽  
Branch Number ◽  
Binary Matrices ◽  
Software And Hardware

We present an algebraic construction based on state transform matrix (companion matrix) forn×n(wheren≠2k,kbeing a positive integer) binary matrices with high branch number and low number of fixed points. We also provide examples for20×20and24×24binary matrices having advantages on implementation issues in lightweight block ciphers and hash functions. The powers of the companion matrix for an irreducible polynomial overGF(2)with degree 5 and 4 are used in finite field Hadamard or circulant manner to construct20×20and24×24binary matrices, respectively. Moreover, the binary matrices are constructed to have good software and hardware implementation properties. To the best of our knowledge, this is the first study forn×n(wheren≠2k,kbeing a positive integer) binary matrices with high branch number and low number of fixed points.

scholarly journals Building a 256-bit hash function on a stronger MD variant

2014 ◽  
Vol 4 (2) ◽  
Author(s):  
Harshvardhan Tiwari ◽  
Krishna Asawa
Keyword(s):  
Hash Function ◽  
Design Principle ◽  
Hash Functions ◽  
High Sensitivity ◽  
Differential Attack ◽  
Compression Function ◽  
Single Output ◽  
Generic Attacks ◽  
Cryptographic Techniques ◽  
Cryptographic Hash Functions

AbstractCryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-1, RIPEMD-160 and FORK-256 are built on Merkle-Damgård iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions and their underlying Merkle-Damgård construction. In this paper we propose a hash function follows design principle of NewFORK-256 and based on HAIFA construction. Its compression function takes three inputs and generates a single output of 256-bit length. An extra input to a compression function is a 64-bit counter (number of bits hashed so far). HAIFA construction shows strong resistance against major generic and other cryptanalytic attacks. The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail. It is shown that the proposed hash function has high sensitivity to an input message and is secure against different cryptanalytic attacks.

scholarly journals A New Design of Cryptographic Hash Function: Gear

2016 ◽  
Vol 1 (1) ◽  
Author(s):  
Abdulaziz M Alkandari ◽  
Khalil Ibrahim Alkandari ◽  
Imad Fakhri Alshaikhli ◽  
Mohammad A. AlAhmad
Keyword(s):  
Hash Function ◽  
Block Cipher ◽  
Hash Functions ◽  
Fixed Size ◽  
Compression Function ◽  
Cryptographic Hash Function ◽  
Mode Of Operation ◽  
Main Components ◽  
Map Data ◽  
And Diffusion

A hash function is any function that can be used to map data of arbitrary sizeto data of fixed size. A hash function usually has two main components: a permutationfunction or compression function and mode of operation. We will propose a new concretenovel design of a permutation based hash functions called Gear in this paper. It is a hashfunction based on block cipher in Davies-Meyer mode. It uses the patched version ofMerkle-Damgård, i.e. the wide pipe construction as its mode of operation. Thus, theintermediate chaining value has at least twice larger length than the output hash. Andthe permutations functions used in Gear are inspired from the SHA-3 finalist Grøestl hashfunction which is originally inspired from Rijndael design (AES). There is a very strongconfusion and diffusion in Gear as a result.

scholarly journals Merkle-Damgård Construction Method and Alternatives

2017 ◽  
Vol 41 (2) ◽  
pp. 283-304 ◽  
Author(s):  
Harshvardhan Tiwari
Keyword(s):  
Information Security ◽  
Hash Function ◽  
Hash Functions ◽  
Construction Method ◽  
Security Requirements ◽  
Security Design ◽  
Compression Function ◽  
Cryptographic Hash Function ◽  
Initialization Vector ◽  
Generic Attacks

Cryptographic hash function is an important cryptographic tool in the field of information security. Design of most widely used hash functions such as MD5 and SHA-1 is based on the iterations of compression function by Merkle-Damgård construction method with constant initialization vector. Merkle-Damgård construction showed that the security of hash function depends on the security of the compression function. Several attacks on Merkle-Damgård construction based hash functions motivated researchers to propose different cryptographic constructions to enhance the security of hash functions against the differential and generic attacks. Cryptographic community had been looking for replacements for these weak hash functions and they have proposed new hash functions based on different variants of Merkle-Damgård construction. As a result of an open competition NIST announced Keccak as a SHA-3 standard. This paper provides a review of cryptographic hash function, its security requirements and different design methods of compression function.

Sign in / Sign up

Export Citation Format

Share Document