Cryptographic hash functions play an important role in the security of many applications such as digital signatures, the protection of passwords, the derivation of cryptographic keys, tamper detection, and countless others. This versatility has earned them the nickname ‘Swiss army knives of cryptography’.
Most of the widespread and popular hash functions, such as MD5, SHA-1 and SHA-2, share a common design philosophy. Recent cryptanalytic advances have raised serious concerns regarding the long-term security of these hash functions.
Some of them, e.g., MD4 and MD5, were broken in practice, and for others, e.g., SHA-1, severe theoretical weaknesses were shown. Even though the SHA-2 family is not (yet) really threatened by any attack, it receives little con?dence because it is based on the same design principles. Hence, there is a clear need for new, secure cryptographic hash functions. The United States ‘National Institute of Standards
and Technology’ (NIST) has started an international competition to develop the
next generation cryptographic hash function standard, which will be called SHA-3. This competition started in 2007, and is still ongoing with 14 candidates left in the second round of evaluations.
Most of the research presented in this dissertation is closely related to this
competition. We have designed a candidate cryptographic hash function called Lane. The primary objectives of Lane are to be secure, easy to understand, elegant and ?exible in implementation. It was entered into the SHA-3 competition, but did not advance to the second round of evaluations.
Furthermore, we have actively contributed to the evaluation of several SHA-3 candidates. For a number of ?rst round candidates, we have demonstrated attacks that contradict the security claims made by their designers. In particular, we have shown practical collision attacks on the candidates Dynamic SHA, EnRUPT
and SHAMATA, as well as a theoretical collision attack on Dynamic SHA2 and a practical preimage attack on Maraca. Beside the SHA-3 competition, we have contributed to the cryptanalysis of the hash functions RC4-Hash, SHA-2, and Tiger, and the block cipher KeeLoq that is used among others in vehicle anti-theft systems.