Paper 2012/096

The Collision Security of MDC-4

Ewan Fleischmann, Christian Forler, Stefan Lucks, and Jakob Wenzel

Abstract

There are four somewhat classical double length block cipher based compression functions known: MDC-2, MDC-4, Abreast-DM, and Tandem-DM. They all have been developed over 20 years ago. In recent years, cryptographic research has put a focus on block cipher based hashing and found collision security results for three of them (MDC-2, Abreast-DM, Tandem-DM). In this paper, we add MDC-4, which is part of the IBM CLiC cryptographic module (FIPS 140-2 Security Policy for IBM CrytoLite in C, October 2003), to that list by showing that - 'instantiated' using an ideal block cipher with 128 bit key/plaintext/ciphertext size - no adversary asking less than $2^{74.76}$ queries can find a collision with probability greater than $1/2$. This is the first result on the collision security of the hash function MDC-4. The compression function MDC-4 is created by interconnecting two MDC-2 compression functions but only hashing one message block with them instead of two. The developers aim for MDC-4 was to offer a higher security margin, when compared to MEDC-2, but still being fast enough for practical purposes. The MDC-2 collision security proof of Steinberger (EUROCRYPT 2007) cannot be directly applied to MDC-4 due to the structural differences. Although sharing many commonalities, our proof for MDC-4 is much shorter and we claim that our presentation is also easier to grasp.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
MDC-4cryptographic hash functionblock-cipher basedproof of securitydouble lengthideal cipher model
Contact author(s)
christian forler @ uni-weimar de
History
2012-04-21: last of 6 revisions
2012-02-24: received
See all versions
Short URL
https://ia.cr/2012/096
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/096,
      author = {Ewan Fleischmann and Christian Forler and Stefan Lucks and Jakob Wenzel},
      title = {The Collision Security of MDC-4},
      howpublished = {Cryptology ePrint Archive, Paper 2012/096},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/096}},
      url = {https://eprint.iacr.org/2012/096}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.