This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru | SpringerLink

Skip to main content Skip to sections

This service is more advanced with JavaScript available, learn more at []


International Workshop on Fast Software Encryption

FSE 2008: Fast Software Encryption pp 444-461 | Cite as

New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru

  • Eli Biham
Conference paper Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)


In 1989–1990, two new hash functions were presented, Snefru and MD4. Snefru was soon broken by the newly introduced differential cryptanalysis, while MD4 remained unbroken for several more years. As a result, newer functions based on MD4, e.g., MD5 and SHA-1, became the de-facto and international standards. Following recent techniques of differential cryptanalysis for hash function, today we know that MD4 is even weaker than Snefru. In this paper we apply recent differential cryptanalysis techniques to Snefru, and devise new techniques that improve the attacks on Snefru further, including using generic attacks with differential cryptanalysis, and using virtual messages with second preimage attacks for finding preimages. Our results reduce the memory requirements of prior attacks to a negligible memory, and present a preimage of 2-pass Snefru. Finally, some observations on the padding schemes of Snefru and MD4 are discussed.


Hash Function Marked Location Length Block Compression Function Generic Attack These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves. Download to read the full conference paper text


  1. 1. Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  2. 2. Biham, E., Shamir, A.: Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer (extended abstract). In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 156–171. Springer, Heidelberg (1992)Google Scholar
  3. 3. Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  4. 4. Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, 3rd edn., vol. 2. Addison-Wesley, Reading (1997)Google Scholar
  5. 5. Merkle, R.C.: Secrecy, Authentication, and Public Key Systems. UMI Research press (1982)Google Scholar
  6. 6. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  7. 7. Merkle, R.C.: A Fast Software One-Way Hash Function. Journal of Cryptology 3(1), 43–58 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8. National Institute of Standards and Technology, Secure Hash Standard, U.S. Department of Commerce, FIPS pub. 180-1 (April 1995)Google Scholar
  9. 9. Nivasch, G.: Cycle Detection using a Stack. Information Processing Letters 90(3), 135–140 (2004)CrossRefMathSciNetGoogle Scholar
  10. 10. van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Applications to Hash Functions and Discrete Logarithms. In: Proceedings of 2nd ACM Conference on Computer and Communications Security, pp. 210–218. ACM Press, New York (1994)CrossRefGoogle Scholar
  11. 11. Pollard, J.M.: A Monte Carlo method for factorization. BIT Numerical Mathematics 15(3), 331–334 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12. Quisquater, J.-J., Delescaille, J.-P.: How Easy is Collision Search? Application to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 429–434. Springer, Heidelberg (1990)Google Scholar
  13. 13. Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  14. 14. Rivest, R.L.: The MD5 Message Digest Algorithm, Internet Request for Comments, RFC 1321 (April 1992)Google Scholar
  15. 15. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Eli Biham
    • 1
  1. 1.Computer Science DepartmentTechnion – Israel Institute of TechnologyHaifaIsrael

Personalised recommendations

Cite paper