On the (in)security of IDEA in various hashing modes

Lei Wei; Thomas Peyrin; Przemysław Sokołowski; San Ling; Josef Pieprzyk; Huaxiong Wang

doi:10.1007/978-3-642-34047-5_10

On the (in)security of IDEA in various hashing modes

Lei Wei^*, Thomas Peyrin, Przemysław Sokołowski, San Ling, Josef Pieprzyk, Huaxiong Wang

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

12 Citations (Scopus)

Abstract

In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

Original language	English
Title of host publication	Fast Software Encryption
Subtitle of host publication	19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers
Editors	Anne Canteaut
Place of Publication	Berlin
Publisher	Springer, Springer Nature
Pages	163-179
Number of pages	17
ISBN (Electronic)	9783642340475
ISBN (Print)	9783642340468
DOIs	https://doi.org/10.1007/978-3-642-34047-5_10
Publication status	Published - 2012
Event	19th International Workshop on Fast Software Encryption, FSE 2012 - Washington, DC, United States Duration: 19 Mar 2012 → 21 Mar 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7549 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	19th International Workshop on Fast Software Encryption, FSE 2012
Country/Territory	United States
City	Washington, DC
Period	19/03/12 → 21/03/12

Access to Document

10.1007/978-3-642-34047-5_10

Cite this

Wei, L., Peyrin, T., Sokołowski, P., Ling, S., Pieprzyk, J., & Wang, H. (2012). On the (in)security of IDEA in various hashing modes. In A. Canteaut (Ed.), Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers (pp. 163-179). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7549 LNCS). Springer, Springer Nature. https://doi.org/10.1007/978-3-642-34047-5_10

Wei, Lei ; Peyrin, Thomas ; Sokołowski, Przemysław et al. / On the (in)security of IDEA in various hashing modes. Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers. editor / Anne Canteaut. Berlin : Springer, Springer Nature, 2012. pp. 163-179 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{554b48bb247a40099d5524af319b96bc,

title = "On the (in)security of IDEA in various hashing modes",

abstract = "In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.",

author = "Lei Wei and Thomas Peyrin and Przemys{\l}aw Soko{\l}owski and San Ling and Josef Pieprzyk and Huaxiong Wang",

year = "2012",

doi = "10.1007/978-3-642-34047-5_10",

language = "English",

isbn = "9783642340468",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer, Springer Nature",

pages = "163--179",

editor = "Anne Canteaut",

booktitle = "Fast Software Encryption",

address = "United States",

note = "19th International Workshop on Fast Software Encryption, FSE 2012 ; Conference date: 19-03-2012 Through 21-03-2012",

}

Wei, L, Peyrin, T, Sokołowski, P, Ling, S, Pieprzyk, J & Wang, H 2012, On the (in)security of IDEA in various hashing modes. in A Canteaut (ed.), Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7549 LNCS, Springer, Springer Nature, Berlin, pp. 163-179, 19th International Workshop on Fast Software Encryption, FSE 2012, Washington, DC, United States, 19/03/12. https://doi.org/10.1007/978-3-642-34047-5_10

On the (in)security of IDEA in various hashing modes. / Wei, Lei; Peyrin, Thomas; Sokołowski, Przemysław et al.
Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers. ed. / Anne Canteaut. Berlin: Springer, Springer Nature, 2012. p. 163-179 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7549 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - On the (in)security of IDEA in various hashing modes

AU - Wei, Lei

AU - Peyrin, Thomas

AU - Sokołowski, Przemysław

AU - Ling, San

AU - Pieprzyk, Josef

AU - Wang, Huaxiong

PY - 2012

Y1 - 2012

N2 - In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

AB - In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

UR - http://www.scopus.com/inward/record.url?scp=84866647459&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-34047-5_10

DO - 10.1007/978-3-642-34047-5_10

M3 - Chapter

AN - SCOPUS:84866647459

SN - 9783642340468

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 163

EP - 179

BT - Fast Software Encryption

A2 - Canteaut, Anne

PB - Springer, Springer Nature

CY - Berlin

T2 - 19th International Workshop on Fast Software Encryption, FSE 2012

Y2 - 19 March 2012 through 21 March 2012

ER -

Wei L, Peyrin T, Sokołowski P, Ling S, Pieprzyk J, Wang H. On the (in)security of IDEA in various hashing modes. In Canteaut A, editor, Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers. Berlin: Springer, Springer Nature. 2012. p. 163-179. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-34047-5_10

On the (in)security of IDEA in various hashing modes

Abstract

Publication series

Other

Access to Document

Other files and links

Fingerprint

Cite this