5 RING HASH IN 2N-BITE
CONCATENATED STRUCTURE
A natural construction to build large hash values is
to concatenate several smaller hashes. For example,
given two hash functions F and G, it seems
reasonable given a message M to form the large
hash value
()()
()
FM GM . In this construction, F
and G can either be two completely different hash
functions or two slightly different instances of the
same hash function. In (
Joux, 2004) Joux has shown
that if at least one of these hash function be a MD
iterated hash function, complexity of finding a
collision for this structure is slightly more than
finding collision for one branch and equal to
()
/2
/2 2
n
On × .
The basic idea in this attack is finding
/2
2
n
-way
collision for MD structure and find a collision
among this
/2
2
n
different message for the second
hash function. Clearly this collision is applicable to
booth branches. Whit similar task, adversary could
seek a collision for Ring hash structure. These
attacks are difference in the first part complexity
and complexity of the first par for SFRH and
MFRH are
()
/2
/2 2
n
On ×
and
()( )
(
/2
/2 /2 1 2
n
On n×+×
respectively.
6 CONCLUSIONS
In this paper, we showed that finding multi-
collisions in Ring hash structure are not much
harder to find than finding multi-collisions in MD
hash structure. Actually, we proved that finding
multi-collisions in SFRH is as difficult as finding it
on ordinary MD, and for MFRH, it is a little harder
than what for MD is. Also, we have shown that
finding
2
r
-way preimages and second preimages on
these structures are not really harder to find than
ordinary preimages and second preimages.
Moreover, we shown that ring hash structures can
not be used as a building block for creating 2n-bite
concatenated hash structure because of its strength
against collision attack, which is much less than
ideal one. Our study have shown that although this
structure is slightly more secure than MD iterated
hash structure, but is really far from perfect hash
function.
REFERENCES
Biham, E., Chen, R, and Joux, A., etc, 2005. Collisions of
SHA-0 and Reduced SHA-1, Advances in
Cryptology-EUROCRYPT’05, pp.36–57, Springer-
Verlag.
Damgard, I., 1990. A design principle for hash functions,
in Advances in Cryptology – Crypto’89 (G. Brassard,
ed.), no. 435 in Lecture Notes in Computer Science,
pp. 416–427, Springer-Verlag.
FIPS, 180–1, 1995. Secure hash standard. FIPS
publication.
Gauravaram, P., Millan, W., Dawson, E. and
Viswanathan, K., 2006. Constructing Secure Hash
Functions by Enhancing Merkle-Damgard
Construction., Information Security and Privacy,
(Batten, L., Safavi-Naini, R., ed.) volume 4058 of
Lecture Notes in Computer Science, pp. 407–420,
Springer.
Joux, A., 2004. Multi-collisions in Iterated Hash
Functions. Application to Cascaded Constructions
Advances in Cryptology-CRYPTO’04, pp. 306–316,
Springer-Verlag.
Lucks,S. , 2005. A failure-friendly design principle for
hash functions. In Bimal Roy, editor, Advances in
Cryptology-ASIACRYPT’05, volume 3788 of Lecture
Notes in Computer Science, pp. 474-494, Springer-
Verlag.
Merkle, R., C., 1990. One-way hash functions and DES in
Advances in Cryptology – Crypto’89 (G. Brassard,
ed.), no. 435 in Lecture Notes in Computer Science,
pp. 428–446, Springer-Verlag.
Rivest, R., L., 1992. The MD4 Message – Digest
Algorithm. Network MIT laboratory for Computer
Science and RSA Data Security , Inc RFC 1320.
Rivest, R., L., 1992. The MD5 message-digest algorithm,
Request for Comments (RFC1320), Internet Activities
Board, Internet Privacy Task Force.
Speirs, W., R. and Molly, J., 2007. Making large Hash
Functions from small compression function.
available:http://eprint.iacr.org/2007/239.ps.
Su, S., Yang, Y., Yang, B. and Zhang, S., 2006. The
Design and Analysis of a Hash Ring-iterative
Structure, available: http://eprint.iacr.org/2006/384.pdf
Wang, X., Yin, Y., L., and Yu, H., 2005. Finding
collisions in the full SHA-1, Advances in Cryptology-
CRYPTO’05, pp. 17–36, Springer-Verlag.
Wang, X. and Yu, H., 2005. How to Break MD5 and
Other Hash Functions, Advances in Cryptology -
EUROCRYPT’05, pp. 19–35, Springer-Verlag.
SECRYPT 2008 - International Conference on Security and Cryptography
284