Paper 2005/391

Some thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1

Praveen Gauravaram, William Millan, and Juanma Gonzalez Nieto


The design principle of Merkle-Damgård construction is collision resistance of the compression function implies collision resistance of the hash function. Recently multi-block collisions have been found on the hash functions MD5, SHA-0 and SHA-1 using differential cryptanalysis. These multi-block collisions raise several questions on some definitions and properties used in the hash function literature. In this report, we take a closer look at some of the literature in cryptographic hash functions and give our insights on them. We bring out some important differences between the 1989's Damgård's hash function and the hash functions that followed it. We conclude that these hash functions did not consider the pseudo-collision attack in their design criteria. We also doubt whether these hash functions achieve the design principle of Merkle-Damgård's construction. We formalise some definitions on the properties of hash functions in the literature.

Note: This is the draft version of work in progress. For any suggestions on improving the work or any corrections in our work, please contact the author.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
p gauravaram @ isrc qut edu au
2005-10-30: received
Short URL
Creative Commons Attribution


      author = {Praveen Gauravaram and William Millan and Juanma Gonzalez Nieto},
      title = {Some thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1},
      howpublished = {Cryptology ePrint Archive, Paper 2005/391},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.