On the (in)security of IDEA in various hashing modes

Lei Wei*, Thomas Peyrin, Przemysław Sokołowski, San Ling, Josef Pieprzyk, Huaxiong Wang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

9 Citations (Scopus)

Abstract

In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

Original languageEnglish
Title of host publicationFast Software Encryption
Subtitle of host publication19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers
EditorsAnne Canteaut
Place of PublicationBerlin
PublisherSpringer, Springer Nature
Pages163-179
Number of pages17
ISBN (Electronic)9783642340475
ISBN (Print)9783642340468
DOIs
Publication statusPublished - 2012
Event19th International Workshop on Fast Software Encryption, FSE 2012 - Washington, DC, United States
Duration: 19 Mar 201221 Mar 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7549 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other19th International Workshop on Fast Software Encryption, FSE 2012
CountryUnited States
CityWashington, DC
Period19/03/1221/03/12

Fingerprint

Dive into the research topics of 'On the (in)security of IDEA in various hashing modes'. Together they form a unique fingerprint.

Cite this