Abstract: According to the properties of the function in the first pass and the order of the message words in HAVAL algorithm, a preimage attack on the compression function of the first 104-step HAVAL is proposed by using the exhaustive search method. The complexity of the attack is 2224 hash function valuations with the storage of 238 Bytes. However, the complexity of brute-force to find preimage is 2256. Analysis result has some new light on the evaluation of the security of HAVAL.

Key words: hash function, HAVAL algorithm, cryptanalysis, preimage attack

摘要： 针对杂凑函数HAVAL的第1圈中圈函数的性质和消息字的顺序，结合使用穷举搜索等方法，给出对前104步HAVAL压缩函数的原根攻击。其计算复杂度是2224次杂凑运算，需要存储238个字节，而穷举攻击的计算复杂度是2256次杂凑运算。分析结果对杂凑函数HAVAL安全性的评估有重要的参考价值。

关键词: 杂凑函数, HAVAL算法, 密码分析, 原根攻击

CLC Number: 

• TP393.08