Security of permutation-based compression function Ip231
نویسندگان
چکیده
In this paper, we study security of a certain class of permutation-based compression functions. Denoted lp231 in [10], they are 2n-to-n-bit compression functions using three calls to a single n-bit random permutation. We prove that lp231 is asymptotically preimage resistant up to 2 2n 3 /n query complexity and collision resistant up to 2 n 2 /n query complexity for any > 0. Based on a single permutation, lp231 provides both efficiency and almost optimal collision security.
منابع مشابه
Security of Single-permutation-based Compression Functions
In this paper, we study security for a certain class of permutation-based compression functions. Denoted lp231 in [12], they are 2n-bit to n-bit compression functions using three calls to a single n-bit random permutation. We prove that lp231 is asymptotically preimage resistant up to (2 2n 3 /n) queries, adaptive preimage resistant up to (2 n 2 /n) queries/commitments, and collision resistant ...
متن کاملEfficient Pseudorandom-Function Modes of a Block-Cipher-Based Hash Function
This article discusses the provable security of pseudorandom-function (PRF) modes of an iterated hash function using a block cipher. The iterated hash function uses the Matyas-Meyer-Oseas (MMO) mode for the compression function and the Merkle-Damgård with a permutation (MDP) for the domain extension transform. It is shown that the keyed-via-IV mode and the key-prefix mode of the iterated hash f...
متن کاملArtemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملHash Functions Based on Three Permutations: A Generic Security Analysis
We consider the family of 2n-to-n-bit compression functions that are solely based on at most three permutation executions and on XOR-operators, and analyze its collision and preimage security. Despite their elegance and simplicity, these designs are not covered by the results of Rogaway and Steinberger (CRYPTO 2008). By defining a carefully chosen equivalence relation on this family of compress...
متن کاملA Scheme to Base a Hash Function on a Block Cipher
This article discusses the provable security of an iterated hash function using a block cipher. It assumes the construction using the Matyas-Meyer-Oseas (MMO) scheme for the compression function and the Merkle-Damg̊ard with a permutation (MDP) for the domain extension transform. It is shown that this kind of hash function, MDPMMO, is indifferentiable from the variable-input-length random oracle ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Inf. Process. Lett.
دوره 114 شماره
صفحات -
تاریخ انتشار 2014