N-Hash

In cryptography, N-Hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 in an article by Miyaguchi, Ohta, and Iwata;[1] weaknesses were published the following year.[2]

N-Hash has a 128-bit hash size. A message is divided into 128-bit blocks, and each block is combined with the hash value computed so far using the g compression function. g contains eight rounds, each of which uses an F function, similar to the one used by FEAL.

Eli Biham and Adi Shamir (1991) applied the technique of differential cryptanalysis to N-Hash, and showed that collisions could be generated faster than by a birthday attack for N-Hash variants with even up to 12 rounds.[2]

References

S. Miyaguchi, K. Ohta, and M. Iwata (November 1990). "128-bit hash function (N-hash)". NTT Review. 2 (6): 128–132.CS1 maint: uses authors parameter (link)
Eli Biham, Adi Shamir (1991). "Differential Cryptanalysis of Feal and N-Hash". EUROCRYPT. Lecture Notes in Computer Science. 547: 1–16. doi:10.1007/3-540-46416-6_1. ISBN 978-3-540-54620-7.CS1 maint: uses authors parameter (link)

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] S. Miyaguchi, K. Ohta, and M. Iwata (November 1990). "128-bit hash function (N-hash)". NTT Review. 2 (6): 128–132.CS1 maint: uses authors parameter (link)

[eurocrypt-2] Eli Biham, Adi Shamir (1991). "Differential Cryptanalysis of Feal and N-Hash". EUROCRYPT. Lecture Notes in Computer Science. 547: 1–16. doi:10.1007/3-540-46416-6_1. ISBN 978-3-540-54620-7.CS1 maint: uses authors parameter (link)