Abstract
We develop a new technique to lower bound the minimum distance of quasi-cyclic codes with large dimension by reducing the problem to lower bounding the minimum distance of a few significantly smaller dimensional codes. Using this technique, we prove that a code which is similar to the SHA-1 message expansion code has minimum distance at least 82, and that too in just the last 64 of the 80 expanded words. Further the minimum weight in the last 60 words (last 48 words) is at least 75 (52 respectively). We expect our technique to be helpful in designing future practical collision-resistant hash functions. We also use the technique to find the minimum weight of the SHA-1 code (25 in the last 60 words), which was an open problem.
Chapter PDF
Similar content being viewed by others
References
Biham, E., Chen, R.: Near collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)
Biham, E., Chen, R.: New results on SHA-0 and SHA-1. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)
Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)
Chepyzhov, V.V.: New lower bounds for minimum distance of linear quasi-cyclic and almost linear cyclic codes. Problems of information Transmission 28(1) (1992)
Dumer, I., Micciancio, D., Sudan, M.: Hardness of approximating the minimum distance of a linear code. IEEE Transaction on Information Theory 49(1) (2003)
Jutla, C.S., Patthak, A.C.: A Matching Lower Bound on the Minimum Weight of SHA-1 Expansion Code. Cryptology ePrint Archive, Report 2005/266 (2005), http://eprint.iacr.org/
Kasami, T., Lin, S., Peterson, W.W.: New Generalization of the Reed-Muller Codes Part I: Primitive Codes. IEEE Transactions on Information Theory IT-14(2), 189–199 (1968)
Lally, K.: Quasicyclic codes of index ℓ over \({\mathbb F}_q\) Viewed as \({\mathbb F}_q[x]\)-submodules of \({\mathbb F}_{q^l}[x]/\langle{x^m-1}\rangle\). In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) Applied Algebra, Algebraic Algorithms and Error-Correcting Codes. LNCS, vol. 2643, Springer, Heidelberg (2003)
Ling, S., Solé, P.: Structure of quasi-clcyic codes III: Generator theory. In: IEEE Transaction on Information Theory (2005)
Matusiewicz, K., Pieprzyk, J.: Finding good differential patterns for attacks on SHA-1. In: International Workshop on Coding and Cryptography (2005)
Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, Springer, Heidelberg (2005)
Rivest, R.: RFC1321: The MD5 message-digest algorithm. In: Internet Activities Board (1992)
Townsend, R.L., Weldon, E.J.: Self-orthogonal quasi-cyclic codes. IEEE Transaction on Information Theory (1967)
United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180. Secure Hash Standard (1993)
United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180-1 (addendum to [14]). Secure Hash Standard (1995)
United States Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standard Publication #180-2. Secure Hash Standard (August 2002)
van Lint, J.H.: Introduction to Coding Theory. Springer, Heidelberg (1998)
Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Transaction on Information Theory 43(6) (1997)
Wang, X., Yao, A., Yao, F.: New collision search for SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks in SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Wang, X.Y.: The collision attack on SHA-0. In Chinese (1997)
Wang, X.Y.: The Improved collision attack on SHA-0. In Chinese (1997), http://www.infosec.edu.cn/
Zierler, N.: On a variation of the first-order reed-muller codes. In: M.I.T. Lincoln Lab., Group Report, 34-80, Lexington, Mass (October 1958)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jutla, C.S., Patthak, A.C. (2007). Provably Good Codes for Hash Function Design. In: Biham, E., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2006. Lecture Notes in Computer Science, vol 4356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74462-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-74462-7_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74461-0
Online ISBN: 978-3-540-74462-7
eBook Packages: Computer ScienceComputer Science (R0)