Collision Resistance of Hash Functions in a Weak Ideal Cipher Model
نویسندگان
چکیده
This article discusses the provable security of blockcipher-based hash functions. It introduces a new model called a weak ideal cipher model. In this model, an adversary is allowed to make key-disclosure queries to the oracle as well as encryption and decryption queries. A key-disclosure query is a pair of a plaintext and a ciphertext, and the reply is a corresponding key. Thus, in this model, a block cipher is random but completely insecure as a block cipher. It is shown that collision resistant hash functions can be constructed even in this weak model. key words: hash function, provable security, collision resistance
منابع مشابه
Some Plausible Constructions of Double-Block-Length Hash Functions
In this article, it is discussed how to construct a compression function with 2n-bit output using a component function with n-bit output. The component function is either a smaller compression function or a block cipher. Some constructions are presented which compose collision-resistant hash functions: Any collision-finding attack on them is at most as efficient as a birthday attack in the rand...
متن کاملCollision Resistance of Double-Block-Length Hash Function against Free-Start Attack
In this article, we discuss the security of double-blocklength (DBL) hash functions against the free-start collision attack. We focus on the DBL hash functions composed of compression functions of the form F(x) = ( f (x), f (p(x))), where f is a smaller compression function and p is a permutation. We first show, in the random oracle model, that a significantly good upper bound can be obtained o...
متن کاملA Practical Limit of Security Proof in the Ideal Cipher Model : Possibility of Using the Constant As a Trapdoor In Several Double Block Length Hash Functions
Recently, Shoichi Hirose [2] proposed several double block length (DBL) hash functions. Each DBL hash function uses a constant which has a role to make the DBL hash function collision-resistant in the ideal cipher model. However, we have to instantiate a block cipher. In this paper, we show that the constant may be used as a trapdoor to help a attacker to find a collision easily. In case of 256...
متن کاملThe Collision Security of Tandem-DM in the Ideal Cipher Model
We prove that Tandem-DM, which is one of the two “classical” schemes for turning a blockcipher of 2n-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009 [3]. As we detail, however, ...
متن کاملBuilding Application-Agile Hash Functions: the MCM Construction
Hash functions are often expected to provide security across applications, even if there is no formal backing for these expectations. For example SHA-1 is used variously as a collision-resistant hash function and as a real-world instantiation of a random oracle; recent attacks make either use less palatable. Better security would be provided by provable collision-resistance (resting on some und...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 95-A شماره
صفحات -
تاریخ انتشار 2012