Cryptanalysis of the Yi-Lam Hash
نویسنده
چکیده
This paper analyzes the security of a hash mode recently proposed by Yi and Lam. Given a block cipher with m-bit block size and 2m-bit key, they build a hash function with 2m-bit outputs that can hash messages as fast as the underlying block cipher can encrypt. This construction was conjectured to have ideal security, i.e., to resist all collision attacks faster than brute force. We disprove this conjecture by presenting a collision attack that is substantially faster than brute force and which could even be considered practical for typical security parameters.
منابع مشابه
Analysis of a hash - function of Yi and Lam
A block cipher based hash-function of Yi and Lam 5] is analysed and shown to be signiicantly weaker than originally intended.
متن کاملAn Approach for SMS Security using Authentication Functions
Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. Password key exchange protocol based on Diffie-Hellman key exchange algorithm allows users to exchange a secret key that can be used in message encryption. The security of this protocol can be increased by using the MAC (message authentication code) or hash function with the e...
متن کاملDifferential Cryptanalysis of Feal and N-Hash
In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[8] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the N-Hash hash function.
متن کاملHigher Order Differential Cryptanalysis on the SHA-3 Cryptographic Hash Algorithm Competition Candidates
SHA-3 Cryptographic Hash Algorithm Competition is a competition raised by NIST in response to recent advances of cryptanalysis, aiming at selecting new hash algorithm instead of SHA-2 like AES selection. The compression function of a hash function could be written in the form of multivariate boolean function. In this paper, we introduce our algorithms of evaluating boolean function and applied ...
متن کاملCryptanalysis of the SHA-3 candidates EnRUPT and SHAMATA
In this talk, we review the successful cryptanalysis of two cryptographic hash functions, EnRUPT and SHAMATA. Both were submitted as candidates to the NIST SHA-3 competition.
متن کامل