Cryptanalysis of 3-pass HAVAL

Bart Preneel
Leuven


HAVAL is a cryptographic hash function proposed in 1992 by Zheng, Pieprzyk and Seberry. It has a structure that is quite similar to well-known hash functions such as MD4 and MD5. The main advantage of HAVAL over these hash functions is that it allows to compute longer hashes: five different output lengths are supported with a maximum of 256 bits. The specification of HAVAL includes a security parameter: the number of passes (that is, the number of times that a particular word of the message is used in the computation) can be chosen equal to 3, 4 or 5. In this paper we describe a practical attack that finds collisions for the 3-pass version of HAVAL in 2**29 steps. We will also present the state of the art for related hash functions such as the SHA and RIPEMD families.

(joint work with Bart Van Rompay and Alex Biryukov).