In [1] it was proved that 20 out of 64 PGV-hash functions [2] based on block cipher are collision resistant and one-way-secure in blackbox model of the underlying block cipher. Here, we generalize the definition of PGV-hash function into a hash family and prove that besides the previous 20 hash functions we have 22 more collision resistant and one-way secure hash families. As all these 42 famil...

We describe Fugue, a hash function supporting inputs of length upto 2 − 1 bits and hash outputs of length upto 512 bits. Notably, Fugue is not based on a compression function. Rather, it is directly a hash function that supports variable-length inputs. The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kind of attacks that were develope...

Recent advances in hash functions cryptanalysis provide a strong impetus to explore new designs. This paper describes a new hash function mq-hash that depends for its security on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. While provably achieving pre-image resistance for a hash function based on multivariate equations is relatively easy, näıv...

An efficient authenticated encryption scheme with message linkages is proposed. For achieving both privacy and integrity in data communications, the proposed scheme requires smaller bandwidth and computational time when compared to previously proposed authenticated encryption schemes with message linkages. Moreover, the proposed scheme allows the verifier to recover and verify the message block...

We prove the existence of an oracle relative to which there exist seveial well-known cryptographic primitives, including one-way permutations, but excluding (for a suitably strong definition) collision-intractible hash functions. Thus any proof that such functions can be derived from these weaker primitives is necessarily non-relativizing; in particular, no provable construction of a collision-...

The Kupyna hash function was approved as the new Ukrainian standard DSTU 7564:2014 in 2015. Main requirements for it were both high security level and good performance of software implementation on general-purpose 64-bit CPUs. The new hash function uses DaviesMeyer compression function based on Even-Mansour cipher construction. Kupyna is built on the transformations of the Kalyna block cipher (...

Nearly all modern hash functions are constructed by iterating a compression function. At FSE’04, Rogaway and Shrimpton [RS04] formalized seven security notions for hash functions: collision resistance (Coll) and three variants of second-preimage resistance (Sec, aSec, eSec) and preimage resistance (Pre, aPre, ePre). The main contribution of this paper is in determining, by proof or counterexamp...

In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated...

Mercurial commitments were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [27]). Unlike regular commitments, which are strictly binding, mercurial commitments allow for certain amount of (limited) freedom. The notion of [8] also required that mercurial commitments should be equivocable given a certain tra...

Since the seminal works of Merkle and Damg̊ard on the iteration of compression functions, hash functions were built from compression functions using the Merkle-Damg̊ard construction. Recently, several flaws in this construction were identified, allowing for second pre-image attacks and chosen target pre-image attacks on such hash functions even when the underlying compression functions are secure...