Difference between revisions of "PKC-HASH"
From The ECRYPT Hash Function Website
(→Collision Attacks) |
Crechberger (talk | contribs) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 27: | Line 27: | ||
=== Best Known Results === | === Best Known Results === | ||
| + | The best collision attack on full PKC-hash was published by Mendel et al. It has complexity of 2<sup>20.5</sup> hash evaluations. The are no preimage or 2nd preimage attacks known. | ||
---- | ---- | ||
| Line 36: | Line 37: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{iciscMendelPR06, | ||
| + | author = {Florian Mendel and Norbert Pramstaller and Christian Rechberger}, | ||
| + | title = {Improved Collision Attack on the Hash Function Proposed at PKC'98}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2006}, | ||
| + | pages = {8-21}, | ||
| + | url = {http://dx.doi.org/10.1007/11927587_3}, | ||
| + | editor = {Min Surp Rhee and Byoungcheon Lee}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4296}, | ||
| + | isbn = {3-540-49112-0}, | ||
| + | abstract = {n this article, we present an improved collision attack on the hash function proposed by Shin et al. at PKC’98. The attack has a complexity of about 2^{20.5} hash computations, while the previous attack of Chang et al. presented at SAC 2002 has a complexity of about 2^{37.13} hash computations. In the analysis of the hash function we combined existing approaches with recent results in cryptanalysis of hash functions. We show that message-dependent rotations can be exploited to construct collisions. The weak design of the step function facilitates high-probability multi-block collisions.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{sacryptChangSSLL02, | ||
| + | author = {Donghoon Chang and Jaechul Sung and Soo Hak Sung and Sangjin Lee and Jongin Lim}, | ||
| + | title = {Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98}, | ||
| + | booktitle = {Selected Areas in Cryptography}, | ||
| + | year = {2002}, | ||
| + | pages = {160-174}, | ||
| + | url = {http://link.springer.de/link/service/series/0558/bibs/2595/25950160.htm}, | ||
| + | editor = {Kaisa Nyberg and Howard M. Heys}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {2595}, | ||
| + | isbn = {3-540-00622-2}, | ||
| + | abstract = {Shin et al. [4] proposed a new hash function with 160-bit output length at PKC'98. Recently, at FSE 2002, Han et al. [5] cryptanalyzed the hash function proposed at PKC'98 and suggested a method finding a collision pair with probability $2^{-30}$, supposing that boolean functions satisfy the SAC(Strict Avalanche Criterion). This paper improves their attack and shows that we can find a collision pair from the original version of the hash function with probability $2^{-37.13}$ through the improved method. Furthermore we point out a weakness of the function comes from shift values dependent on message.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
<bibtex> | <bibtex> | ||
@inproceedings{fseHanPC02, | @inproceedings{fseHanPC02, | ||
Latest revision as of 10:47, 12 March 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification:
Sang Uk Shin, Kyung Hyune Rhee, Dae-Hyun Ryu, Sangjin Lee - A New Hash Function Based on MDx-Family and Its Application to MAC
- Public Key Cryptography 1431:234-246,1998
- http://link.springer.de/link/service/series/0558/bibs/1431/14310234.htm
BibtexAuthor : Sang Uk Shin, Kyung Hyune Rhee, Dae-Hyun Ryu, Sangjin Lee
Title : A New Hash Function Based on MDx-Family and Its Application to MAC
In : Public Key Cryptography -
Address :
Date : 1998
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full PKC-hash was published by Mendel et al. It has complexity of 220.5 hash evaluations. The are no preimage or 2nd preimage attacks known.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Norbert Pramstaller, Christian Rechberger - Improved Collision Attack on the Hash Function Proposed at PKC'98
- ICISC 4296:8-21,2006
- http://dx.doi.org/10.1007/11927587_3
BibtexAuthor : Florian Mendel, Norbert Pramstaller, Christian Rechberger
Title : Improved Collision Attack on the Hash Function Proposed at PKC'98
In : ICISC -
Address :
Date : 2006
Donghoon Chang, Jaechul Sung, Soo Hak Sung, Sangjin Lee, Jongin Lim - Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
- Selected Areas in Cryptography 2595:160-174,2002
- http://link.springer.de/link/service/series/0558/bibs/2595/25950160.htm
BibtexAuthor : Donghoon Chang, Jaechul Sung, Soo Hak Sung, Sangjin Lee, Jongin Lim
Title : Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
In : Selected Areas in Cryptography -
Address :
Date : 2002
Daewan Han, Sangwoo Park, Seongtaek Chee - Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98
- FSE 2365:252-262,2002
- http://link.springer.de/link/service/series/0558/bibs/2365/23650252.htm
BibtexAuthor : Daewan Han, Sangwoo Park, Seongtaek Chee
Title : Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98
In : FSE -
Address :
Date : 2002
