Breaking and Fixing Cryptophia's Short Combiner
نویسندگان
چکیده
A combiner is a construction formed out of two hash functions that is secure if one of the underlying functions is. Conventional combiners are known not to support short outputs: if the hash functions have n-bit outputs the combiner should have at least almost 2n bits of output in order to be robust for collision resistance (Pietrzak, CRYPTO 2008). Mittelbach (ACNS 2013) introduced a relaxed security model for combiners and presented “Cryptophia’s short combiner,” a rather delicate construction of an n-bit combiner that achieves optimal collision, preimage, and second preimage security. We re-analyze Cryptophia’s combiner and show that a collision can be found in two queries and a second preimage in one query, invalidating the claimed results. We additionally propose a way to fix the design in order to re-establish the original security results.
منابع مشابه
Cryptophia's Short Combiner for Collision-Resistant Hash Functions
A combiner for collision-resistant hash functions takes two functions as input and implements a hash function with the guarantee that it is collision-resistant if one of the functions is. It has been shown that such a combiner cannot have short output (Pietrzak, Crypto 2008); that is, its output length is lower bounded by roughly 2n if the ingoing functions output n-bit hash values. In this pap...
متن کاملSteep. Short-Crested Waves and Related Phenomena
Steep, short-crested waves, as well as a large variety of three-dimensional propagating wave patterns have been created in laboratory, utilizing a plunging half-cone. Monochromatic waves, over a range of frequencies and amplitudes through breaking and including soliton wave groups near resonance, have been observed and studied in a small wave flume. This monochromatic wavemaker creates complex ...
متن کاملThe Sum Can Be Weaker Than Each Part
In this paper we study the security of summing the outputs of two independent hash functions, in an effort to increase the security of the resulting design, or to hedge against the failure of one of the hash functions. The exclusive-or (XOR) combiner H1(M)⊕H2(M) is one of the two most classical combiners, together with the concatenation combiner H1(M) ‖ H2(M). While the security of the concaten...
متن کاملSpontaneous symmetry breaking in the Higgs mechanism
The Higgs mechanism is very powerful: it furnishes a description of the electroweak theory in the Standard Model which has a convincing experimental verification. But although the Higgs mechanism had been applied successfully, the conceptual background is not clear. The Higgs mechanism is often presented as spontaneous breaking of a local gauge symmetry. But a local gauge symmetry is rooted in ...
متن کاملNew Attacks on the Concatenation and XOR Hash Combiners
We study the security of the concatenation combiner H1(M)‖H2(M) for two independent iterated hash functions with n-bit outputs that are built using the Merkle-Damg̊ard construction. In 2004 Joux showed that the concatenation combiner of hash functions with an n-bit internal state does not offer better collision and preimage resistance compared to a single strong n-bit hash function. On the other...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014