New research results on hash function security

The amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilize. One of these is hash functions, which are used to compute short hash values from messages of any length.

User passwords are often encrypted with hash functions. Hash functions are also used in protecting communication, e.g. in digital signatures. It is crucial for the information society to ensure that the used hash functions are secure and pay attention to their improvement.

In Kimmo Halunen´s PhD thesis, the security of hash functions is studied from two different viewpoints. First of all, the security of the Very Smooth Hash against preimage attacks is being analyzed. If a preimage can be found, it means that the original password can be retrieved from the encrypted data.

The thesis presents an improved method for finding preimages of Very Smooth Hash, which is then compared with existing methods. Its efficiency is demonstrated with practical results, where passwords secured with Very Smooth Hash and its variants were broken. The significance of these findings for the information security are however minor, since VSH has not been taken into large scale use.

Secondly, the thesis describes the methods for finding multicollisions in traditional iterated hash functions and gives some extensions and improvements to these. The thesis shows, that finding such multicollisions is easier than expected. Multicollisions can be used for e.g. fake digital signatures. The methods presented in the thesis are however theoretical and do not enable powerful enough attack against available hash functions.

Kimmo Halunen will defend his PhD thesis in public on Friday, November 16, 2012 at 9.00 a.m. in lecture hall TS 101, Tietotalo I building.


Last updated: 18.10.2013