A Secure Hash Function MD-192 With Modified Message Expansion

Cryptographic hash functions play a central role in cryptography. Hash functions were introduced in cryptology to provide message integrity and authentication. MD5, SHA1 and RIPEMD are among the most commonly used message digest algorithm. Recently proposed attacks on well known and widely used hash functions motivate a design of new stronger hash function. In this paper a new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure. This hash function is collision resistant and assures a good compression and preimage resistance.

💡 Research Summary

The paper introduces a new cryptographic hash function called MD‑192, which is built on the structure of SHA‑1 but aims to provide higher security by producing a 192‑bit digest and by modifying the message‑expansion schedule. The authors argue that the extra 32‑bit chaining variable (six registers instead of five) and the altered expansion algorithm increase resistance to differential attacks, while the output length raises the theoretical collision complexity to 2⁹⁶ (birthday bound) and the pre‑image resistance to 2¹⁹².

Design Overview
MD‑192 processes messages in 512‑bit blocks, using the same padding and length‑encoding scheme as SHA‑1. After parsing each block into sixteen 32‑bit words, a message schedule expands these to eighty 32‑bit words. The expansion differs from SHA‑1 in three ways: (1) for rounds 16‑19 the schedule uses a left‑rotate‑by‑1 of the XOR of wₜ₋₁, wₜ₋₂ and wₜ₋₁₅; (2) for rounds 20‑63 it adds wₜ₋₂₀ to the XOR before the same rotation; (3) for rounds 64‑79 the same XOR is rotated by 13 bits. The intention is to increase the “minimum distance between similar words” and thus disrupt the propagation of differential patterns.

The compression function runs for 80 rounds. In each round the algorithm computes two temporary values P and Q, both involving a left‑rotate‑by‑5 of A, a round‑dependent Boolean function F1 (IF‑THEN‑ELSE, XOR, or MAJORITY), the current word wₜ, a constant Kₜ, and the registers E and F. After the computation, the registers are updated as follows: F←P, E←ROTL15(D), D←C, C←ROTL30(B), B←A, and A←Q. The Boolean functions are identical to those used in SHA‑1, and the round constants are taken from the same table.

After processing a block, each of the six registers is added to its previous hash value, yielding a new 192‑bit internal state (A‖B‖C‖D‖E‖F). The final digest is the concatenation of these six 32‑bit words.

Security Claims
The authors claim three main security improvements:

1. Collision resistance – because the output is 192 bits, a generic birthday attack would require about 2⁹⁶ operations, which is higher than SHA‑1’s 2⁸⁰.
2. Pre‑image and second‑pre‑image resistance – the ideal cost is 2¹⁹² operations, again higher than SHA‑1’s 2⁸⁰.
3. Differential resistance – the modified message schedule and the extra 15‑bit rotation of D are intended to increase the diffusion of bit differences, making Wang‑style differential attacks more difficult.

Performance Evaluation
The authors implemented MD‑192 on a Pentium IV 2.8 GHz machine running Windows XP and measured the time required to hash typical text files. They report that MD‑192 is roughly 10–15 % slower than SHA‑1, attributing the slowdown to the additional chaining variable and the more complex schedule. No detailed benchmark methodology, nor a comparison with optimized SHA‑1 or SHA‑256 implementations, is provided.

Critical Analysis
While the design is a straightforward extension of SHA‑1, the paper lacks rigorous cryptographic analysis. The Boolean functions and round constants remain unchanged, so the core algebraic structure is still vulnerable to the same types of differential patterns that broke SHA‑1. The new schedule does add non‑linear rotations, but the authors do not present any formal proof that these prevent the construction of a differential path, nor do they supply empirical differential attack results.

The security argument that a longer output automatically yields higher security is only valid under the assumption that the underlying compression function is ideal. In practice, many hash functions with longer outputs (e.g., SHA‑256) are still vulnerable to specific attacks that exploit structural weaknesses, and the same could apply to MD‑192. Moreover, the paper does not discuss resistance to length‑extension attacks, side‑channel leakage, or implementation pitfalls.

Performance claims are modest; a 10–15 % slowdown is not justified as a worthwhile trade‑off given the lack of demonstrable security gains. Compared with SHA‑256, which offers 256‑bit output and a more robust design (different constants, eight rounds of 64 steps, and a larger state), MD‑192 appears inferior both in security margin and efficiency.

Conclusion and Future Work
The authors conclude that MD‑192 “provides stronger security than SHA‑1” and suggest future work on reducing the time delay. However, without formal security proofs, extensive differential analysis, or a thorough performance comparison with contemporary hash functions, the claim remains speculative. For MD‑192 to be considered a viable alternative, further research must include:

• Detailed differential‑path analysis showing that the new schedule blocks known attacks.
• Formal proofs of collision and pre‑image resistance under standard assumptions.
• Optimized implementations and benchmarks against SHA‑256, SHA‑3, and modern hardware.
• Evaluation of side‑channel resistance and suitability for constrained environments.

In its current form, MD‑192 is an interesting academic exercise in modifying SHA‑1, but it does not yet meet the rigorous standards required for adoption in security‑critical applications.