The 7th Central European Conference on Cryptology
June 22-24, 2007, Smolenice, Slovakia

Abstract of a plenary talk

Hash functions: recent developments

Bart Preneel

Katholieke Universiteit Leuven
Dept. Electrical Engineering-ESAT, COSIC
Kasteelpark Arenberg 10, B-3001 Leuven, Belgium

In the last years serious weaknesses have been identified in widely used cryptographic hash functions. An efficient algorithm has been developed that produces collisions for MD4 and MD5 and it has been shown that finding collisions for SHA-1 is about 100 million times easier than believed earlier. In this talk we review the implications of these recent attacks on current and future applications (such as digital signatures, TLS, and HMAC), and we discuss which alternatives are available in existing and emerging standards.

A second set of results, which has received less publicity outside the cryptographic community, has pointed out structural weaknesses in the common approach to design cryptographic hash functions. It turns out that the current design principles for iterated hash functions result in a total security breakdown once collisions can be found for the building block of the hash function. An important consequence of these weaknesses is that in contrast to popular belief the concatenation of two iterated hash functions does not result in an increase in security. We summarize these new results and review their impact on current and future hash function designs.

Curriculum Vitae: Prof. Dr. Ir. Bart Preneel
Bart Preneel is a professor at the Electrical Engineering Department of the Katholieke Universiteit Leuven and has been visiting professor at several universities in Europe. He is heading the research group COSIC at the K.U.Leuven which has currently 50 members. His main research interests are cryptology and information security. He has authored and co-authored more than 200 articles in international journals and conference proceedings and is editor of ten books. He is Vice President of the International Association of Cryptologic Research (http://www.iacr.org), Chairman of the Leuven Security Excellence Consortium (http://www.l-sec.be) and project manager of ECRYPT (http://www.ecrypt.eu.org), the EU-funded European Network of Excellence on Cryptology and Watermarking. Bart has lectured as invited speaker at more than 25 international conferences. He has extensive expertise in standardization and more than 15 years of experience in consulting for the IT and financial industry.


Last updated on April 18, 2007.