Provably good codes for hash function design

Authors:
Charanjit S. Jutla;Anindya C. Patthak
Affiliations:
IBM Thomas J. Watson Research Center;University of Texas at Austin
Venue:
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Year:
2006

Citing 9
Cited 4

Introduction to Coding Theory

Introduction to Coding Theory
Differential Collisions in SHA-0

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Quasicyclic codes of index l over Fq viewed as Fq[x]-submodules of Fql[x]/ċ xmċ1ċ

AAECC'03 Proceedings of the 15th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Finding good differential patterns for attacks on SHA-1

WCC'05 Proceedings of the 2005 international conference on Coding and Cryptography
Update on SHA-1

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
The intractability of computing the minimum distance of a code

IEEE Transactions on Information Theory
Hardness of approximating the minimum distance of a linear code

IEEE Transactions on Information Theory

Provably good codes for hash function design

IEEE Transactions on Information Theory
Collisions for 70-step SHA-1: on the full cost of collision search

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Security analysis of SIMD

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.06

Visualization

Abstract

We develop a new technique to lower bound theminimum distance of quasi-cyclic codes with large dimension by reducing the problem to lower bounding the minimum distance of a few significantly smaller dimensional codes. Using this technique, we prove that a code which is similar to the SHA-1 message expansion code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respectively). We expect our technique to be helpful in designing future practical collision-resistant hash functions. We also use the technique to find the minimum weight of the SHA-1 code (25 in the last 60 words), which was an open problem.