Three-Property Preserving Iterations of Keyless Compression Functions
نویسندگان
چکیده
Almost all hash functions are based on the Merkle-Damg̊ard iteration of a finite-domain compression function. It has been shown that this iteration preserves collision resistance, but it does not preserve other properties such as preimage or second preimage resistance. The recently proposed ROX construction provably preserves all seven security notions put forward by Rogaway and Shrimpton at FSE 2004, but it does so for families of hash functions, that is, the compression function is indexed by a public parameter known as a key. Practical hash functions however do not have such a parameter, so it is not entirely clear how to instantiate these schemes. We use Rogaway’s human-ignorance approach to resolve this situation, and present four different iterations (two of them chaining-based, two of them tree-based) that provably preserve all three notions of collision, preimage and second preimage resistance.
منابع مشابه
Seven-Property-Preserving Iterated Hashing: ROX
Nearly all modern hash functions are constructed by iterating a compression function. At FSE’04, Rogaway and Shrimpton [RS04] formalized seven security notions for hash functions: collision resistance (Coll) and three variants of second-preimage resistance (Sec, aSec, eSec) and preimage resistance (Pre, aPre, ePre). The main contribution of this paper is in determining, by proof or counterexamp...
متن کاملCompression Functions Suitable for the Multi-Property-Preserving Transform
Since Bellare and Ristenpart showed a multi-property preserving domain extension transform, the problem of the construction for multi-property hash functions has been reduced to that of the construction for multi-property compression functions. However, the Davies-Meyer compression function that is widely used for standard hash functions is not a multi-property compression function. That is, in...
متن کاملA Three-Property-Secure Hash Function
This paper proposes a new hash construction based on the widely used Merkle-Damg̊ard (MD) iteration [Mer90,Dam90]. It achieves the three basic properties required from a cryptographic hash function: collision (Coll), second preimage (Sec) and preimage (Pre) security. We show property preservation for the first two properties in the standard security model and the third Pre security property is p...
متن کاملCharacterizing Padding Rules of MD Hash Functions Preserving Collision Security
This paper characterizes collision preserving padding rules and provides variants of Merkle-Damg̊ard (MD) which are having less or no overhead costs due to length. We first show that suffix-free property of padding rule is necessary as well as sufficient to preserve the collision security of MD hash function for an arbitrary domain {0, 1}∗. Knowing this, we propose a simple suffix-free padding r...
متن کاملMulti-Property-Preserving Hash Domain Extension: The EMD Transform
In this paper we (1) argue the benefits of replacing the current MD transform with a multi-property-preserving domain extension transform that guarantees numerous properties of the hash function assuming they hold of the compression function; (2) provide a practical, proven-secure multi-domain extension transform suitable for use with the next generation of hash functions; (3) point to some sub...
متن کامل