Indifferentiability of Double Length Compression Functions
نویسنده
چکیده
Double block length hashing covers the idea of constructing a compression function on 2n bits using an n-bit block cipher. In this work, we present a comprehensive indifferentiability analysis of all relevant double length compression functions. Indifferentiability is a stronger security notion than collision and preimage resistance and ensures that a design has no structural flaws. It is very well suited for composition: using an indifferentiable compression function in a proper mode of operation supplies an indifferentiable hash function. Yet, as we demonstrate compression function indifferentiability is not at all a triviality: almost all double length compression functions, including Tandem-DM and Jetchev et al.’s, appear to be differentiable from a random function in 2 queries. Nevertheless, we also prove that two known functions are indifferentiable: the MDC-4 compression function (up to 2 queries tight) and Mennink’s function (up to 2 queries tight).
منابع مشابه
Indifferentiability of Single-Block-Length and Rate-1 Compression Functions
The security notion of indifferentiability was proposed by Maurer, Renner, and Holenstein in 2004. In 2005, Coron, Dodis, Malinaud, and Puniya discussed the indifferentiability of hash functions. They showed that the Merkle-Damg̊ard construction is not secure in the sense of indifferentiability. In this paper, we analyze the security of single-block-length and rate-1 compression functions in the...
متن کاملIndifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding
Understanding what construction strategy has a chance to be a good hash function is extremely important nowadays. In TCC’04, Maurer et al. [13] introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two systems. In Crypto’2005, Coron et al. [5] suggested to employ indifferentiability in generic analysis of hash functions and started by sug...
متن کاملA synthetic indifferentiability analysis of some block-cipher-based hash functions
Nowadays, investigating what construction is better to be a cryptographic hash function is red hot. In [13], Maurer et al. first introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two cryptosystems. At ASIACRYPT’06, Chang et al. [6] analyzed the indifferentiability security of some popular block-cipher-based hash functions, such as PGV...
متن کاملContext-Restricted Indifferentiability: Generalizing UCE and Implications on the Soundness of Hash-Function Constructions
Understanding how hash functions can be used in a sound manner within cryptographic protocols, as well as how they can be constructed in a sound manner from compression functions, are two important problems in cryptography with a long history. Two approaches towards solving the first problem are the random oracle model (ROM) methodology and the UCE framework, and an approach to solving the seco...
متن کاملRevisiting the Indifferentiability of PGV Hash Functions
In this paper, first we point out some flaws in the existing indifferentiability simulations of the pf-MD and the NMAC constructions, and provide new differentiable attacks on the hash functions based these schemes. Afterthat, the indifferentiability of the 20 collision resistant PGV hash functions, which are padded under the pf-MD, the NMAC/HMAC and the chop-MD constructions, are reconsidered....
متن کامل