EndCryptor, the Davies-Meyer hash function construction

EndCryptor 's Davies-Meyer hash function construction from Rijndael
Home

A hash function's mainly usage is when a checksum of the file for digital signature is computed.

The cryptographic hash function is a Davies-Meyer construction with Merkle-Damgård strengthening from the block cipher Rijndael (AES) with 192-bit key and block size.

This construction is a block cipher based method. The used Davies-Meyer construction itself has been shown to be secure under the black-box model^1,2. The black-box model assumes that the used block cipher is secure.

A block cipher based construction is usually slower than a specific dedicated hash algorithm. On the other hand the construction's security is that of the used cipher's - which in the case of the industry standard AES is being carefully studied and monitored by the crypto community.

One place that keeps track of the cryptographic attacks against AES is the AES Lounge.

The possibility that Rijndael (AES) is being used as a hash function has been considered already during the cipher's design phase³.

Another possibility would be to use a dedicated hash function i.e. a program that is designed to perform only as a hash function. However, several dedicated hash functions have been cryptographically broken: MD4 ^4,5,7, MD5 ^6,7, HAVAL-128 ⁷, RIPEMD ⁷. The latest one is SHA-1 ^8,9. The National Institute of Standards and Technology (NIST) of USA is “initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES)¹⁰.” The new dedicated hash algorithm should be chosen at the end of the year 2011.

References

1. R. Winternitz. A secure one-way hash function built from DES. In Proceedings of the IEEE Symposium on Information Security and Privacy, p. 88-90. IEEE Press, 1984.

2. J. Black, P. Rogaway, T. Shrimpton. Black-Box Analysis of the Block-Cipher-Based Hash-Function Construction from PGV. In Advances in Cryptology - CRYPTO '02, volume 2442 of Lecture Notes in Computer Science. Springer-Verlag, 2002.

3. Joan Daemen, Vincent Rijmen. AES proposal: Rijndael, pages 41, 43.

4. B. den Boer and A. Bosselaers, An attack on the last two rounds of MD4, Advances in Cryptology, Proceedings Crypto'91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 194-203.

5. H. Dobbertin, Cryptanalysis of MD4, Fast Software Encryption, LNCS 1039, D. , Springer-Verlag, 1996.

6. B. den Boer and A. Bosselaers, Collisions for the compression function of MD5, Advances in Cryptology, Proceedings Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 293-304.

7. Xiaoyun Wang, Dengguo Feng, Xuejia Lai, Hongbo Yu, Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, Crypto'04 Rump Session, Cryptology ePrint Archive http://eprint.iacr.org/2004/199 .

8. Xiaoyun Wang, Yiqun Yin, Hongbo Yu, Finding Collisions in the Full SHA-1, Crypto'05.

9. The April 25, 2006 statement of National Institute of Standards and Technology (NIST) of USA regarding the attack by Wang can be found on this page.

10. See cryptographic hash competition.

Home