In this paper we propose a new sequential mode of operation – the Fast wide pipe or FWP for short – to hash messages of arbitrary length. The mode is shown to be (1) preimage-resistance preserving, (2) collision-resistance-preserving and, most importantly, (3) indifferentiable from a random oracle up to O(2) compression function invocations. In addition, our rigorous investigation suggests that...

Almost all hash functions are based on the Merkle-Damg̊ard iteration of a finite-domain compression function. It has been shown that this iteration preserves collision resistance, but it does not preserve other properties such as preimage or second preimage resistance. The recently proposed ROX construction provably preserves all seven security notions put forward by Rogaway and Shrimpton at FSE...

Blockchain has a profound impact on all areas of society by virtue its immutability, decentralization and other characteristics. However, blockchain faces the problem data privacy leakage during application process, rapid development quantum computing also brings threat attack to blockchain. In this paper, we propose lattice-based certificateless fully homomorphic encryption (LCFHE) algorithm b...

A public random function is a random function that is accessible by all parties, in-cluding the adversary. For example, a (public) random oracle is a public random function{0, 1}∗ → {0, 1}. The natural problem of constructing a public random oracle from a pub-lic random function {0, 1} → {0, 1} (for some m > n) was first considered at Crypto 2005by Coron et al. who proved the se...

We apply new cryptanalytical techniques to perform the generic multi-block multicollision, second preimage and herding attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksums. The computational work required to perform these attacks on the Damg̊ard-Merkle hash functions with linear-XOR/additive checksum of message blocks (GOST), intermediate states (3C, MAELSTROM-0, F-Has...

We present the hash-based signature scheme XMSS. It is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure hash based signature scheme.

Bernstein’s CubeHash is a hash function family that includes four functions submitted to the NIST Hash Competition. A CubeHash function is parametrized by a number of rounds r, a block byte size b, and a digest bit length h (the compression function makes r rounds, while the finalization function makes 10r rounds). The 1024-bit internal state of CubeHash is represented as a five-dimensional hyp...

In this paper, we introduce a new notion of security, called adaptive preimage resistance. We prove that a compression function that is collision resistant and adaptive preimage resistant can be combined with a public random function to yield a hash function that is indifferentiable from a random oracle. Specifically, we analyze adaptive preimage resistance of 2n-bit to n-bit compression functi...