Difference between revisions of "HAS-V"
From The ECRYPT Hash Function Website
Npramstaller (talk | contribs) (→Specification) |
(→Best Known Results) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
| − | + | * digest size: 128 - 320 bits | |
| − | * digest size: | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
| − | * compression function: | + | * compression function: 1024-bit message block, 320-bit chaining variable |
* Specification: | * Specification: | ||
<bibtex> | <bibtex> | ||
| Line 22: | Line 21: | ||
} | } | ||
</bibtex> | </bibtex> | ||
| − | |||
== Cryptanalysis == | == Cryptanalysis == | ||
| Line 28: | Line 26: | ||
=== Best Known Results === | === Best Known Results === | ||
| − | + | Mendel and Rijmen show weaknesses in the compression function of HAS-V. They present pseudo-collisions for HAS-V for all output sizes. Furthermore, they show a preimage and second preimage attack on HAS-V (with output size >160) with complexity of about 2<sup>162</sup> compression function evaluations. | |
---- | ---- | ||
| Line 50: | Line 48: | ||
=== Others === | === Others === | ||
| + | <bibtex> | ||
| + | @inproceedings{iciscMendelR07a, | ||
| + | author = {Florian Mendel and Vincent Rijmen}, | ||
| + | title = {Weaknesses in the HAS-V Compression Function}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2007}, | ||
| + | pages = {335-345}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-76788-6_27}, | ||
| + | editor = {Kil-Hyun Nam and Gwangsoo Rhee}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4817}, | ||
| + | isbn = {978-3-540-76787-9}, | ||
| + | abstract = {HAS-V is a cryptographic hash function which processes 1024-bit message blocks and produces a hash value of variable length. The design of the hash function is based on design principles of the MD4 family. Recently, weaknesses have been shown in members of this family. Therefore, the analysis of the HAS-V hash function is of great interest. To the best of our knowledge this is the first article that investigates the security of the HAS-V hash function. In this article, we point out several structural weaknesses in HAS-V which lead to pseudo-collision attacks on HAS-V with tailored output. Furthermore, we show that (second) preimages can be found for HAS-V with a complexity of about 2^{162} hash computations.}, | ||
| + | } | ||
| + | </bibtex> | ||
Latest revision as of 12:49, 10 November 2008
Contents
1 Specification
- digest size: 128 - 320 bits
- max. message length: < 264 bits
- compression function: 1024-bit message block, 320-bit chaining variable
- Specification:
Nan Kyoung Park, Joon Ho Hwang, Pil Joong Lee - HAS-V: A New Hash Function with Variable Output Length
- Selected Areas in Cryptography 2012:202-216,2000
- http://link.springer.de/link/service/series/0558/bibs/2012/20120202.htm
BibtexAuthor : Nan Kyoung Park, Joon Ho Hwang, Pil Joong Lee
Title : HAS-V: A New Hash Function with Variable Output Length
In : Selected Areas in Cryptography -
Address :
Date : 2000
2 Cryptanalysis
2.1 Best Known Results
Mendel and Rijmen show weaknesses in the compression function of HAS-V. They present pseudo-collisions for HAS-V for all output sizes. Furthermore, they show a preimage and second preimage attack on HAS-V (with output size >160) with complexity of about 2162 compression function evaluations.
2.2 Generic Attacks
2.3 Collision Attacks
2.4 Second Preimage Attacks
2.5 Preimage Attacks
2.6 Others
Florian Mendel, Vincent Rijmen - Weaknesses in the HAS-V Compression Function
