Lecture Notes in Computer Science vol:1294 pages:485-498
CRYPTO 1997 date:August 17-21, 1997
This paper considers hash functions based on block ciphers. It presents a new attack on the compression function of the 128-bit hash function MDC-4 using DES with a complexity far less that one would expect, and proposes new constructions of fast and secure compression functions based on error-correcting codes and m-bit block ciphers with an m-bit key. This leads to simple and practical hash function constructions based on block ciphers such as DES, where the key size is slightly smaller than the block size, IDEA, where the key size is twice the block size and to MD4-like hash functions. Under reasonable assumptions about the underlying block cipher, we obtain collision resistant compression functions. Finally we provide examples of hashing constructions based on both DES and IDEA more efficient than previous proposals and discuss applications of our approach for MD4-like hash functions.