Skip to main content
Springer Nature Link
Log in

Collisions and inversions for Damgård's whole hash function

  • Conference paper
  • First Online:
Advances in Cryptology — ASIACRYPT'94 (ASIACRYPT 1994)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 917))

Included in the following conference series:

Abstract

Ivan Damgård gave a great theorem about hash functions in

Then, he suggested, among others, to choose for f a knapsack scheme. However, in [1] and [4] it was shown that it is possible to find collisions on f, and even to find a preimage for f with an algebraic algorithm. Nevertheless, it was not shown how to find collision, or a preimage for h. (We call h Damgård's “whole” Hash function). Then, in [3] it was shown how to find a collision on h with the LLL Algorithm.

Here we will show how to find collision, and also how to find a preimage for h with an algebraic algorithm. A quick comparison of the two techniques (LLL and Algebraic) will be given.

For example, in about 233 operations and 224 storage it will be possible to find a collision for h. And with about 248 operations and 232 storage we will be able to find a preimage for h. (This is better than the previously known algorithm for a preimage given in [5] p. 202 which needs 264 in time and 232 in memory). Then we will study how to construct from f two new candidate hash functions H1 and H2 by slightly modifying Damgård's scheme in order to make the search of collisions more difficult, and in order to have a theorem showing why it looks “more difficult”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. P. Camion and J. Patarin, “The Knapsack Hash Function proposed at Crypto'89 can be broken”, Proceedings of Eurocrypt'91, pp. 39–53, Springer Verlag.

    Google Scholar 

  2. I. Damgård, “A Design Principles for Hash Functions”, Proceedings of Crypto'89, pp. 416–427, Springer Verlag.

    Google Scholar 

  3. A. Joux and L. Granboulan, “A practical attack against Knapsack based Hash Functions”, Proceedings of Eurocrypt'94.

    Google Scholar 

  4. J. Patarin, “How to find and avoid collisions for the Knapsack Hash Function”, Proceedings of Eurocrypt'93, pp. 305–317.

    Google Scholar 

  5. B. Preneel, “Analysis and Design of Cryptographic Hash Functions”, Katolieke Universiteit Leuven.

    Google Scholar 

  6. C.P. Schnorr, unpublished communication, 1991.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bull CP8, 68 route de Versailles, B.P.45, 78430, Louveciennes, France

    Jacques Patarin

Authors
  1. Jacques Patarin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Josef Pieprzyk Reihanah Safavi-Naini

Rights and permissions

Reprints and permissions

Copyright information

© 1995 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Patarin, J. (1995). Collisions and inversions for Damgård's whole hash function. In: Pieprzyk, J., Safavi-Naini, R. (eds) Advances in Cryptology — ASIACRYPT'94. ASIACRYPT 1994. Lecture Notes in Computer Science, vol 917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0000443

Download citation

  • DOI: https://doi.org/10.1007/BFb0000443

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-59339-3

  • Online ISBN: 978-3-540-49236-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation