Domain extender for collision resistant hash functions: Improving upon Merkle-Damgård iteration
نویسنده
چکیده
We study the problem of securely extending the domain of a collision resistant compression function. A new construction based on directed acyclic graphs is described. This generalizes the usual iterated hashing constructions. Our main contribution is to introduce a new technique for hashing arbitrary length strings. Combined with DAG based hashing, this technique gives a new hashing algorithm. The amount of padding and the number of invocations of the compression function required by the new algorithm is smaller than the general Merkle-Damg̊ard algorithm. Lastly, we describe the design of a new parallel hash algorithm.
منابع مشابه
Higher Order Universal One-Way Hash Functions from the Subset Sum Assumption
Universal One-Way Hash Functions (UOWHFs) may be used in place of collision-resistant functions in many public-key cryptographic applications. At Asiacrypt 2004, Hong, Preneel and Lee introduced the stronger security notion of higher order UOWHFs to allow construction of long-input UOWHFs using the Merkle-Damg̊ard domain extender. However, they did not provide any provably secure constructions f...
متن کاملHash Functions: From Merkle-Damgård to Shoup
In this paper we study two possible approaches to improving existing schemes for constructing hash functions that hash arbitrary long messages. First, we introduce a continuum of function classes that lie between universal one-way hash functions and collision-resistant functions. For some of these classes efficient (yielding short keys) composite schemes exist. Second, we prove that the schedul...
متن کاملHow to Fill Up Merkle-Damgård Hash Functions
Many of the popular Merkle-Damg̊ard hash functions have turned out to be not collision-resistant (CR). The problem is that we no longer know if these hash functions are even second-preimage-resistant (SPR) or one-way (OW), without the underlying compression functions being CR. We remedy this situation by introducing the “split padding” into a current Merkle-Damg̊ard hash function H. The patched h...
متن کاملSalvaging Merkle-Damgård for Practical Applications
Many cryptographic applications of hash functions are analyzed in the random oracle model. Unfortunately, most concrete hash functions, including the SHA family, use the iterative (strengthened) Merkle-Damgård transform applied to a corresponding compression function. Moreover, it is well known that the resulting “structured” hash function cannot be generically used as a random oracle, even if ...
متن کاملXSA-strengthening: Strengthening MD5 and Other Iterated Hash Functions Through Variable-length External Message Expansion
In recent years, it has been demonstrated that collisions can be systematically constructed for some popular cryptographic hash algorithms, such as MD5 and SHA-1. Various ways of enhancing these hash functions via message pre-processing or external message expansion have been proposed to make them resistant to known collision attacks. Message preprocessing/expansion is a way of creating a new h...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2003 شماره
صفحات -
تاریخ انتشار 2003