Adaptive Preimage Resistance and Permutation-based Hash Functions
نویسندگان
چکیده
In this paper, we introduce a new notion of security, called adaptive preimage resistance. We prove that a compression function that is collision resistant and adaptive preimage resistant can be combined with a public random function to yield a hash function that is indifferentiable from a random oracle. Specifically, we analyze adaptive preimage resistance of 2n-bit to n-bit compression functions that use three calls to n-bit public random permutations. This analysis also provides a simpler proof of their collision resistance and preimage resistance than the one provided by Rogaway and Steinberger [19]. By using such compression functions as building blocks, we obtain permutation-based pseudorandom oracles that outperform the Sponge construction [4] and the MD6 compression function [9] both in terms of security and efficiency.
منابع مشابه
Security of Single-permutation-based Compression Functions
In this paper, we study security for a certain class of permutation-based compression functions. Denoted lp231 in [12], they are 2n-bit to n-bit compression functions using three calls to a single n-bit random permutation. We prove that lp231 is asymptotically preimage resistant up to (2 2n 3 /n) queries, adaptive preimage resistant up to (2 n 2 /n) queries/commitments, and collision resistant ...
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کاملProvable Second Preimage Resistance Revisited
Most cryptographic hash functions are iterated constructions, in which a mode of operation specifies how a compression function or a fixed permutation is applied. The Merkle-Damg̊ard mode of operation is the simplest and more widely deployed mode of operation, yet it suffers from generic second preimage attacks, even when the compression
متن کاملSecurity Properties of Domain Extenders for Cryptographic Hash Functions
Cryptographic hash functions reduce inputs of arbitrary or very large length to a short string of fixed length. All hash function designs start from a compression function with fixed length inputs. The compression function itself is designed from scratch, or derived from a block cipher or a permutation. The most common procedure to extend the domain of a compression function in order to obtain ...
متن کاملWeak Security Notions of Cryptographic Unkeyed Hash Functions and Their Amplifiability
Cryptographic unkeyed hash functions should satisfy preimage resistance, second-preimage resistance and collision resistance. In this article, weak second-preimage resistance and weak collision resistance are defined following the definition of weak one-wayness. Preimage resistance is one-wayness of cryptographic hash functions. The properties of weak collision resistance is discussed in this a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009