Attacking the Knudsen-Preneel Compression Functions
نویسندگان
چکیده
Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random functions. We give a new non-adaptive preimage attack, beating the one given by Knudsen and Preneel, that is optimal in terms of query complexity. Moreover, our new attack falsifies their (conjectured) preimage resistance security bound and shows that intuitive bounds based on the number of ‘active’ components can be treacherous. Complementing our attack is a formal analysis of the query complexity (both lower and upper bounds) of preimage-finding attacks. This analysis shows that for many concrete codes the time complexity of our attack is optimal.
منابع مشابه
Provable Security of the Knudsen-Preneel Compression Functions
This paper discusses the provable security of the compression functions introduced by Knudsen and Preneel [?,?,?] that use linear error-correcting codes to build wide-pipe compression functions from underlying blockciphers operating in Davies-Meyer mode. In the information theoretic model, we prove that the Knudsen-Preneel compression function based on an [r, k, d]2e code is collision resistant...
متن کاملCollision Attacks against the Knudsen-Preneel Compression Functions
Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. Their main design goal was to deliver compression functions with collision resistance up to, and even beyond, the block size of the underlying blockciphers. In thi...
متن کاملDesign and Analysis of Multi-Block-Length Hash Functions
Cryptographic hash functions are used in many cryptographic applications, and the design of provably secure hash functions (relative to various security notions) is an active area of research. Most of the currently existing hash functions use the Merkle–Damgård paradigm, where by appropriate iteration the hash function inherits its collision and preimage resistance from the underlying compressi...
متن کاملConstruction of secure and fast hash functions using nonbinary error-correcting codes
This paper considers iterated hash functions. It proposes new constructions of fast and secure compression functions with -bit outputs for integers 1 based on error-correcting codes and secure compression functions with -bit outputs. This leads to simple and practical hash function constructions based on block ciphers such as Data Encryption Standard (DES), where the key size is slightly smalle...
متن کاملHash Functions Based on Block Ciphers and Quaternary Codes
We consider constructions for cryptographic hash functions based onm-bit block ciphers. First we present a new attack on the LOKIDBH mode: the attack finds collisions in 2 encryptions, which should be compared to 2 encryptions for a brute force attack. This attack breaks the last remaining subclass in a wide class of efficient hash functions which have been proposed in the literature. We then a...
متن کامل