Security of iterated hash functions based on block ciphers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A Construction of a Cioher From a Single Pseudorandom Permutation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Security analysis of a 2/3-rate double length compression function in the black-box model
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Towards optimal double-length hash functions
INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of highly-efficient blockcipher-based hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Provably secure double-block-length hash functions in a black-box model
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Hash Functions and RFID Tags: Mind the Gap
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Fast Hash-Based Signatures on Constrained Devices
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication
ISC '08 Proceedings of the 11th international conference on Information Security
Side Channel Analysis of Some Hash Based MACs: A Response to SHA-3 Requirements
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Security of Cyclic Double Block Length Hash Functions
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Another Glance at Double-Length Hashing
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Collision resistant double-length hashing
ProvSec'10 Proceedings of the 4th international conference on Provable security
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
The collision security of tandem-DM in the ideal cipher model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Blockcipher-Based double-length hash functions for pseudorandom oracles
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Collisions are not incidental: a compression function exploiting discrete geometry
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
The collision security of MDC-4
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Weimar-DM: a highly secure double-length compression function
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Understanding adaptivity: random systems revisited
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Provable security of the knudsen-preneel compression functions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Optimal collision security in double block length hashing with single length key
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Security of permutation-based compression function lp231
Information Processing Letters
| Hi-index | 0.00 |
We provide the first proof of security for MDC-2, the most well-known construction for turning an n-bit blockcipher into a 2n-bit cryptographic hash function. Our result, which is in the ideal-cipher model, shows that MDC-2, when built from a blockcipher having blocklength and keylength n, has security much better than that delivered by any hash function that has an n-bit output. When the blocklength and keylength are n= 128 bits, as with MDC-2 based on AES-128, an adversary that asks fewer than 274.9queries usually cannot find a collision.