### Cryptanalysis of 3-pass HAVAL

Bart Preneel
*Leuven*

HAVAL is a cryptographic hash function proposed in 1992 by Zheng, Pieprzyk
and Seberry. It has a structure that is quite similar to well-known hash
functions such as MD4 and MD5. The main advantage of HAVAL over these
hash functions is that it allows to compute longer hashes: five different
output lengths are supported with a maximum of 256 bits. The specification of
HAVAL includes a security parameter: the number of passes (that is, the
number of times that a particular word of the message is used in the
computation) can be chosen equal to 3, 4 or 5. In this paper we describe a
practical attack that finds collisions for the 3-pass version of HAVAL in
2**29 steps. We will also present the state of the art for related hash
functions such as the SHA and RIPEMD families.
(joint work with Bart Van Rompay and Alex Biryukov).