Full Cryptanalysis of LPS and Morgenstern Hash Functions

Authors:
Christophe Petit;Kristin Lauter;Jean-Jacques Quisquater
Affiliations:
UCL Crypto Group,;Microsoft Research,;UCL Crypto Group,
Venue:
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Year:
2008

Citing 10
Cited 3

On the deterministic complexity of factoring polynomials over finite fields

Information Processing Letters
Gaussian limiting distributions for the number of components in combinatorial structures

Journal of Combinatorial Theory Series A
Existence and explicit constructions of q+1 regular Ramanujan graphs for every prime power q

Journal of Combinatorial Theory Series B
Hash functions and Cayley graphs

Designs, Codes and Cryptography
Group-theoretic hash functions

Proceedings of the First French-Israeli Workshop on Algebraic Coding
Hashing with SL_2

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Cryptographic Hash Functions from Expander Graphs

Journal of Cryptology
Collisions for the LPS expander graph hash function

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
VSH, an efficient and provable collision-resistant hash function

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Interpreting hash function security proofs

ProvSec'10 Proceedings of the 4th international conference on Provable security
Preimages for the Tillich-Zémor hash function

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zémor and Tillich [17], but it was not clear whether computing preimages was also easy for this hash function. We present a probabilistic polynomial time algorithm solving this problem. Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. Our attacks build upon the ideas of Zémor and Tillich but are not straightforward extensions of it. Finally, we discuss fixes for the Morgenstern hash function and other applications of our results.