An algebraic hash function based on SL2

Cryptographic hash functions are fundamental building blocks of many computer security systems and protocols, primarily being used to ensure data integrity. Recent attacks against modern hash functions have questioned the suitability of standard hash function construction principles. In this paper we consider a hash function construction based multiplication in the group of 2 x 2 matrices over a finite field proposed by Zemor and Tillich [48, 42, 43]. We also look at how the algebraic properties of hash functions following this design can be exploited in attacks. Finally, we consider variations to the approach of Zemor and Tillich that offer some resistance to those attacks

Preimage Attack on Hashing with Polynomials proposed at ICISC’06. Cryptology ePrint Archive: Report 2006/411, 2006. Available at http://eprint.iacr.org/2006/411

Abstract. In this paper, we suggest a preimage attack on Hashing with Polynomials [2]. The algorithm has n-bit hash output and n-bit intermediate state. (for example, n = 163). The algorithm is very simple and light so that it can be implement in low memory environment. Our attack is based on the meet-in-the-middle attack. We show that we can find a preimage with the time complexity 2 n−t + 2 t ∗ (n + 1/33) and the memory 2 t even though the recursive formula H uses any f whose each term’s degree in terms of x is 2 a for a non-negative integer a. We recommend that hash functions such as Hashing with Polynomials should have the intermediate state size at least two times bigger than the output size. Keywords: Hash Function, Polynomial, Preimage Attack. 1 Introduction