Difference between revisions of "PKC-HASH"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
|||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
− | |||
* digest size: 160 bits | * digest size: 160 bits | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
* compression function: 512-bit message block, 160-bit chaining variable | * compression function: 512-bit message block, 160-bit chaining variable | ||
* Specification: | * Specification: | ||
− | --> | + | |
+ | <bibtex> | ||
+ | @inproceedings{pkcShinRRL98, | ||
+ | author = {Sang Uk Shin and Kyung Hyune Rhee and Dae-Hyun Ryu and Sangjin Lee}, | ||
+ | title = {A New Hash Function Based on MDx-Family and Its Application to MAC}, | ||
+ | pages = {234-246}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/1431/14310234.htm}, | ||
+ | editor = {Hideki Imai and Yuliang Zheng}, | ||
+ | booktitle = {Public Key Cryptography}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {1431}, | ||
+ | year = {1998}, | ||
+ | isbn = {3-540-64693-0}, | ||
+ | abstract = {Several fast software hash functions have been proposed since the hash function MD4 was introduced by R. Rivest in 1990. At the moment, SHA-1, RIPEMD-160, and HAVAL are known as secure dedicated hash functions in MDx-family hash functions. In this paper, we propose a new hash function based on advantages of these three hash functions, which keeps the maximum security of them and is more efficient in performance. The proposed hash function processes an arbitrary finite message by 512-bit block and outputs 160 bits digest. The key feature of the proposed hash function is data-dependent rotation. This feature guarantees the strength against existing known attacks. Moreover, we propose a new keyed MAC (Message Authentication Code) constructed using the proposed hash function. The proposed MAC uses a maximum keys of 160 bits and has a bitlength less than equal to the hash result. From the viewpoint of performance, the proposed MAC is only reduced about 10% comparing to the underlyinghash function.}, | ||
+ | } | ||
+ | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
Line 12: | Line 27: | ||
=== Best Known Results === | === Best Known Results === | ||
+ | The best collision attack on full PKC-hash was published by Mendel et al. It has complexity of 2<sup>20.5</sup> hash evaluations. The are no preimage or 2nd preimage attacks known. | ||
---- | ---- | ||
Line 22: | Line 38: | ||
=== Collision Attacks === | === Collision Attacks === | ||
+ | <bibtex> | ||
+ | @inproceedings{iciscMendelPR06, | ||
+ | author = {Florian Mendel and Norbert Pramstaller and Christian Rechberger}, | ||
+ | title = {Improved Collision Attack on the Hash Function Proposed at PKC'98}, | ||
+ | booktitle = {ICISC}, | ||
+ | year = {2006}, | ||
+ | pages = {8-21}, | ||
+ | url = {http://dx.doi.org/10.1007/11927587_3}, | ||
+ | editor = {Min Surp Rhee and Byoungcheon Lee}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {4296}, | ||
+ | isbn = {3-540-49112-0}, | ||
+ | abstract = {n this article, we present an improved collision attack on the hash function proposed by Shin et al. at PKC’98. The attack has a complexity of about 2^{20.5} hash computations, while the previous attack of Chang et al. presented at SAC 2002 has a complexity of about 2^{37.13} hash computations. In the analysis of the hash function we combined existing approaches with recent results in cryptanalysis of hash functions. We show that message-dependent rotations can be exploited to construct collisions. The weak design of the step function facilitates high-probability multi-block collisions.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @inproceedings{sacryptChangSSLL02, | ||
+ | author = {Donghoon Chang and Jaechul Sung and Soo Hak Sung and Sangjin Lee and Jongin Lim}, | ||
+ | title = {Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98}, | ||
+ | booktitle = {Selected Areas in Cryptography}, | ||
+ | year = {2002}, | ||
+ | pages = {160-174}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/2595/25950160.htm}, | ||
+ | editor = {Kaisa Nyberg and Howard M. Heys}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {2595}, | ||
+ | isbn = {3-540-00622-2}, | ||
+ | abstract = {Shin et al. [4] proposed a new hash function with 160-bit output length at PKC'98. Recently, at FSE 2002, Han et al. [5] cryptanalyzed the hash function proposed at PKC'98 and suggested a method finding a collision pair with probability $2^{-30}$, supposing that boolean functions satisfy the SAC(Strict Avalanche Criterion). This paper improves their attack and shows that we can find a collision pair from the original version of the hash function with probability $2^{-37.13}$ through the improved method. Furthermore we point out a weakness of the function comes from shift values dependent on message.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @inproceedings{fseHanPC02, | ||
+ | author = {Daewan Han and Sangwoo Park and Seongtaek Chee}, | ||
+ | title = {Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98}, | ||
+ | pages = {252-262}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/2365/23650252.htm}, | ||
+ | editor = {Joan Daemen and Vincent Rijmen}, | ||
+ | booktitle = {FSE}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {2365}, | ||
+ | year = {2002}, | ||
+ | isbn = {3-540-44009-7}, | ||
+ | abstract = {In the conference PKC’98, Shin et al. proposed a dedicated hash | ||
+ | function of the MD family. In this paper, we study the security | ||
+ | of Shin’s hash function. We analyze the property of the | ||
+ | Boolean functions, the message expansion, and the data | ||
+ | dependent rotations of the hash function. We propose a | ||
+ | method for finding the collisions of the modified Shin’s | ||
+ | hash function and show that we can find collisions with probability 2-30} | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- | ||
Latest revision as of 10:47, 12 March 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification:
Sang Uk Shin, Kyung Hyune Rhee, Dae-Hyun Ryu, Sangjin Lee - A New Hash Function Based on MDx-Family and Its Application to MAC
- Public Key Cryptography 1431:234-246,1998
- http://link.springer.de/link/service/series/0558/bibs/1431/14310234.htm
BibtexAuthor : Sang Uk Shin, Kyung Hyune Rhee, Dae-Hyun Ryu, Sangjin Lee
Title : A New Hash Function Based on MDx-Family and Its Application to MAC
In : Public Key Cryptography -
Address :
Date : 1998
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full PKC-hash was published by Mendel et al. It has complexity of 220.5 hash evaluations. The are no preimage or 2nd preimage attacks known.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Norbert Pramstaller, Christian Rechberger - Improved Collision Attack on the Hash Function Proposed at PKC'98
- ICISC 4296:8-21,2006
- http://dx.doi.org/10.1007/11927587_3
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger
Title : Improved Collision Attack on the Hash Function Proposed at PKC'98
In : ICISC -
Address :
Date : 2006
Donghoon Chang, Jaechul Sung, Soo Hak Sung, Sangjin Lee, Jongin Lim - Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
- Selected Areas in Cryptography 2595:160-174,2002
- http://link.springer.de/link/service/series/0558/bibs/2595/25950160.htm
BibtexAuthor : Donghoon Chang, Jaechul Sung, Soo Hak Sung, Sangjin Lee, Jongin Lim
Title : Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
In : Selected Areas in Cryptography -
Address :
Date : 2002
Daewan Han, Sangwoo Park, Seongtaek Chee - Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98
- FSE 2365:252-262,2002
- http://link.springer.de/link/service/series/0558/bibs/2365/23650252.htm
BibtexAuthor : Daewan Han, Sangwoo Park, Seongtaek Chee
Title : Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98
In : FSE -
Address :
Date : 2002