Comparison of hash function algorithms against attacks: a review

Hash functions are considered key components of nearly all cryptographic protocols, as well as of many security applications such as message authentication codes, data integrity, password storage, and random number generation. Many hash function algorithms have been proposed in order to ensure authentication and integrity of the data, including MD5, SHA-1, SHA-2, SHA-3 and RIPEMD. This paper involves an overview of these standard algorithms, and also provides a focus on their limitations against common attacks. These study shows that these standard hash function algorithms suffer collision attacks and time inefficiency. Other types of hash functions are also highlighted in comparison with the standard hash function algorithm in performing the resistance against common attacks. It shows that these algorithms are still weak to resist against collision attacks

Collision-resistant hash function based on composition of functions

cryptographic hash function is a deterministic procedure that compresses an arbitrary block of numerical data and returns a fixed-size bit string. There exist many hash functions: MD5, HAVAL, SHA, ... It was reported that these hash functions are not longer secure. Our work is focused in the construction of a new hash function based on composition of functions. The construction used the NP-completeness of Three-dimensional contingency tables and the relaxation of the constraint that a hash function should also be a compression function.Comment: 18 pages, 1 figure. The preliminary version of this paper was published in the Conference CARI'10, pages 141-148, Yamoussoukro, Ivory Coast. The preliminary version was also published in the arXiv August 6, 2011 under number arXiv:1108.1478v1. This version was submittted to the journal ARIMA (January 2011

MOIM: a novel design of cryptographic hash function

A hash function usually has two main components: a compression function or permutation function and mode of operation. In this paper, we propose a new concrete novel design of a permutation based hash functions called MOIM. MOIM is based on concatenating two parallel fast wide pipe constructions as a mode of operation designed by Nandi and Paul, and presented at Indocrypt 2010 where the size of the internal state is significantly larger than the size of the output. And the permutations functions used in MOIM are inspired from the SHA-3 finalist Grøstl hash function which is originally inspired from Rijndael design (AES). As a consequence there is a very strong confusion and diffusion in MOIM. Also, we show that MOIM resists all the generic attacks and Joux attack in two defense security levels

Enhancing the Security Level of SHA-1 by Replacing the MD Paradigm

Cryptographic hash functions are important cryptographic techniques and are used widely in many cryptographic applications and protocols. All the MD4 design based hash functions such as MD5, SHA-0, SHA-1 and RIPEMD-160 are built on Merkle-Damgard iterative method. Recent differential and generic attacks against these popular hash functions have shown weaknesses of both specific hash functions and their underlying Merkle-Damgard construction. In this paper we propose a hash function which follows design principle of SHA-1 and is based on dither construction. Its compression function takes three inputs and generates a single output of 160-bit length. An extra input to a compression function is generated through a fast pseudo-random function. Dither construction shows strong resistance against major generic and other cryptanalytic attacks. The security of proposed hash function against generic attacks, differential attack, birthday attack and statistical attack was analyzed in detail. It is exhaustedly compared with SHA-1 because hash functions from SHA-2 and SHA-3 are of higher bit length and known to be more secure than SHA-1. It is shown that the proposed hash function has high sensitivity to an input message and is secure against different cryptanalytic attacks

2-Dimension Sums: Distinguishers Beyond Three Rounds of RIPEMD-128 and RIPEMD-160

This paper presents differential-based distinguishers against ISO standard hash functions RIPEMD-128 and RIPEMD-160. The compression functions of RIPEMD-128/-160 adopt the double-branch structure, which updates a chaining variable by computing two functions and merging their outputs. Due to the double size of the internal state and difficulties of controlling two functions simultaneously, only few results were published before. In this paper, second-order differential paths are constructed on reduced RIPEMD-128 and -160. This leads to a practical 4-sum attack on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. We then extend the distinguished property from the 4-sum to other properties, which we call \emph{a 2-dimension sum} and \emph{a partial 2-dimension sum}. As a result, the practical partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with a complexity of $2^{35}$ and $2^{36}$, respectively. Theoretically, $2$-dimension sums are generated faster than the exhaustive search up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with a complexity of $2^{101}$ and $2^{158}$, respectively. The practical attacks are implemented, and examples of generated (partial) 2-dimension sums are presented

The Sum Can Be Weaker Than Each Part

International audienceIn this paper we study the security of summing the outputs of two independent hash functions, in an effort to increase the security of the resulting design, or to hedge against the failure of one of the hash functions. The exclusive-or (XOR) combiner H1(M)⊕H2(M) is one of the two most classical combiners, together with the concatenation combiner H1(M) H2(M). While the security of the concatenation of two hash functions is well understood since Joux's seminal work on multicollisions, the security of the sum of two hash functions has been much less studied. The XOR combiner is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In a hash function setting, Hoch and Shamir have shown that if the compression functions are modeled as random oracles, or even weak random oracles (i.e. they can easily be inverted – in particular H1 and H2 offer no security), H1 ⊕ H2 is indifferentiable from a random oracle up to the birthday bound. In this work, we focus on the preimage resistance of the sum of two narrow-pipe n-bit hash functions, following the Merkle-Damgård or HAIFA structure (the internal state size and the output size are both n bits). We show a rather surprising result: the sum of two such hash functions, e.g. SHA-512 ⊕ Whirlpool, can never provide n-bit security for preimage resistance. More precisely, we present a generic preimage attack with a complexity of O(2 5n/6). While it is already known that the XOR combiner is not preserving for preimage resistance (i.e. there might be some instantiations where the hash functions are secure but the sum is not), our result is much stronger: for any narrow-pipe functions, the sum is not preimage resistant. Besides, we also provide concrete preimage attacks on the XOR combiner (and the concatenation combiner) when one or both of the compression functions are weak; this complements Hoch and Shamir's proof by showing its tightness for preimage resistance. Of independent interests, one of our main technical contributions is a novel structure to control simultaneously the behavior of independent hash computations which share the same input message. We hope that breaking the pairwise relationship between their internal states will have applications in related settings

Preimage Attack on MD4 Hash Function as a Problem of Parallel Sat-Based Cryptanalysis

In this paper we study the inversion problem of MD4 cryptographic hash function developed by R. Rivest in 1990. By MD4-k we denote a truncated variant of MD4 hash function in which k represents a number of steps used to calculate a hash value (the full version of MD4 function corresponds to MD4-48). H. Dobbertin has showed that MD4-32 hash function is not one-way, namely, it can be inverted for the given image of a random input. He suggested to add special conditions to the equations that describe the computation of concrete steps (chaining variables) of the considered hash function. These additional conditions allowed to solve the inversion problem of MD4-32 within a reasonable time by solving corresponding system of equations. The main result of the present paper is an automatic derivation of “Dobbertin’s conditions” using parallel SAT solving algorithms. We also managed to solve several inversion problems of functions of the kind MD4-k (for k from 31 up to 39 inclusive). Our method significantly outperforms previously existing approaches to solving these problems