DHA-256 (Double Hash Algorithm) was proposed at the Cryptographic Hash Workshop hosted by NIST in November 2005. DHA-256 is a dedicated hash function with output length of 256 bits and 64 steps of operations designed to enhance SHA-256 security. In this paper, we show an attack on 35-step DHA-256. The attack finds pseudo-preimage and preimage of 35-step DHA-256 with the time complexity of 2 and...

In this paper we study the security of summing the outputs of two independent hash functions, in an effort to increase the security of the resulting design, or to hedge against the failure of one of the hash functions. The exclusive-or (XOR) combiner H1(M)⊕H2(M) is one of the two most classical combiners, together with the concatenation combiner H1(M) ‖ H2(M). While the security of the concaten...

We look at the problem of designing Message Recognition Protocols (MRP) and note that all proposals available in the literature have relied on security proofs which hold in the random oracle model or are based on non-standard assumptions. Incorporating random coins, we propose a new MRP using a pseudorandom function F and prove its security based on new assumptions. Then, we show that these new...

In this paper, we present improved preimage attacks on the reduced-round GOST hash function family, which serves as the new Russian hash standard, with the aid of techniques such as the rebound attack, the Meet-in-the-Middle preimage attack and the multicollisions. Firstly, the preimage attack on 5-round GOST-256 is proposed which is the first preimage attack for GOST-256 at the hash function l...

Most cryptographic hash functions rely on a simpler primitive called a compression function, and in nearly all cases, there is a reduction between some of the security properties of the full hash function and those of the compression function. For instance, a celebrated result of Merkle and Damg̊ard from 1989 states that a collision on the hash function cannot be found without finding a collisio...

In this paper, we discuss how to construct secure cryptosystems and secure hash functions in weakened random oracle models. The weakened random oracle model (WROM), which was introduced by Numayama et al. at PKC 2008, is a random oracle with several weaknesses. Though the security of cryptosystems in the random oracle model, ROM, has been discussed sufficiently, the same is not true for WROM. A...

Hash functions are fundamental cryptographic primitives that compress messages of arbitrary length into message digests of a fixed length. They are used as the building block in many important security applications such as digital signatures, message authentication codes, password protection, etc. The three main security properties of hash functions are collision, second preimage and preimage r...

We consider basic notions of security for cryptographic hash functions: collision resistance,preimage resistance, and second-preimage resistance. We give seven different definitions thatcorrespond to these three underlying ideas, and then we work out all of the implications andseparations among these seven definitions within the concrete-security, provable-security frame-wor...

A (k, l)-robust combiner for collision resistant hash functions is a construction, which takes l hash functions and combines them so that if at least k of the components are collision resistant, then so is the resulting combination. A black-box (k, l)-robust combiner is robust combiner, which takes its components as black-boxes. A trivial black-box combiner is concatenation of any (l−k+1) of th...

Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of theWhirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round p...