On hash functions using checksums

Praveen Gauravaram; John Kelsey; Lars Ramkilde Knudsen; Søren Steffen Thomsen

On hash functions using checksums

Praveen Gauravaram, John Kelsey, Lars Ramkilde Knudsen, Søren Steffen Thomsen

National Institute of Standards and Technology

Research output: Book/Report › Report › Research › peer-review

1109 Downloads (Pure)

Abstract

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno, and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto'04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least $2^{26}$ and $2^{54}$, respectively.

Original language	English

Publication status	Published - 2008

Series	MAT report
Number	2008-06

Keywords

checksums
multicollisions
second preimage and herding attack
Iterated hash functions

Access to Document

Chksum-tech-report-DTUSubmitted manuscript, 241 KB

OpenUrl availability

Full text

Cite this

@book{b381bc64e8cb4d2aa5848739e381c57d,

title = "On hash functions using checksums",

abstract = "We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno, and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto'04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least $2^{26}$ and $2^{54}$, respectively.",

keywords = "checksums, multicollisions, second preimage and herding attack, Iterated hash functions",

author = "Praveen Gauravaram and John Kelsey and Knudsen, {Lars Ramkilde} and Thomsen, {S{\o}ren Steffen}",

year = "2008",

language = "English",

series = "MAT report",

number = "2008-06",

}

TY - RPRT

T1 - On hash functions using checksums

AU - Gauravaram, Praveen

AU - Kelsey, John

AU - Knudsen, Lars Ramkilde

AU - Thomsen, Søren Steffen

PY - 2008

Y1 - 2008

N2 - We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno, and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto'04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least $2^{26}$ and $2^{54}$, respectively.

AB - We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno, and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto'04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least $2^{26}$ and $2^{54}$, respectively.

KW - checksums

KW - multicollisions

KW - second preimage and herding attack

KW - Iterated hash functions

M3 - Report

T3 - MAT report

BT - On hash functions using checksums

ER -

On hash functions using checksums

Abstract

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this