Security Analysis of Double Length Compression Function Based on Block Cipher
نویسندگان
چکیده
Recently Nandi etc. have proposed a 1/3-rate and a 2/3-rate double length compression functions and studied their security in the black-box model. They proved that to find a collision for the compression function, it requires Ω(2) queries, where n is the length of output size. In this paper, we show that not all hash functions based on block cipher constructed according to their model are of the same security .i.e., the complexity to find the collisions for these hash functions can be reduced to O(2).
منابع مشابه
Optimal Collision Security in Double Block Length Hashing with Single Length Key
The idea of double block length hashing is to construct a compression function on 2n bits using a block cipher with an n-bit block size. All optimally secure double length hash functions known in the literature employ a cipher with a key space of double block size, 2n-bit. On the other hand, no optimally secure compression functions built from a cipher with an n-bit key space are known. Our wor...
متن کاملThe Preimage Security of Double-Block-Length Compression Functions
We present new techniques for deriving preimage resistance bounds for block cipher based double-block-length, double-call hash functions. We give improved bounds on the preimage security of the three “classical” double-block-length, double-call, block cipher-based compression functions, these being Abreast-DM, Tandem-DM and Hirose’s scheme. For Hirose’s scheme, we show that an adversary must ma...
متن کاملOn the Design of Secure and Fast Double Block Length Hash Functions
In this work the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of n-bit and a key length of 2n-bit, is reconsidered. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose uncovered flaws in the necessary conditions given by Satoh et al. and Hirose. Prei...
متن کاملIndifferentiability of Double Length Compression Functions
Double block length hashing covers the idea of constructing a compression function on 2n bits using an n-bit block cipher. In this work, we present a comprehensive indifferentiability analysis of all relevant double length compression functions. Indifferentiability is a stronger security notion than collision and preimage resistance and ensures that a design has no structural flaws. It is very ...
متن کاملNear-Collision Attack and Collision-Attack on Double Block Length Compression Functions based on the Block Cipher IDEA
IDEA is a block cipher designed by Xuejia Lai and James L. Massey and was first described in 1991. IDEA does not vary the constant in its key schedule. In [1], Donghoon Chang and Moti Yung showed that there may be a weakness of hash function based on block cipher whose key schedule does not use various constants. Based on their result, we investigate the security of double block length compress...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 4 شماره
صفحات -
تاریخ انتشار 2007