Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Domain extension of public random functions: beyond the birthday Barrier
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A simple variant of the Merkle-Damgård scheme with a permutation
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Indifferentiable security analysis of popular hash functions with prefix-free padding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Multicollision Attacks on Some Generalized Sequential Hash Functions
IEEE Transactions on Information Theory
A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Meet-in-the-Middle Attacks Using Output Truncation in 3-Pass HAVAL
ISC '09 Proceedings of the 12th International Conference on Information Security
On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
A Distinguisher for the Compression Function of SIMD-512
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Security analysis of the mode of JH hash function
FSE'10 Proceedings of the 17th international conference on Fast software encryption
On the indifferentiability of the Grøstl hash function
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Careful with composition: limitations of the indifferentiability framework
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Practical near-collisions on the compression function of BMW
FSE'11 Proceedings of the 18th international conference on Fast software encryption
On the indifferentiability of fugue and luffa
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Practical key recovery attack against secret-IV EDON-R
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Indifferentiability of domain extension modes for hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Hi-index | 0.00 |
The classical design principle Merkle-Damgård [13,6] is scrutinized by many ways such as Joux's multicollision attack, Kelsey-Schneier second preimage attack etc. In TCC'04, Maurer et al. introduced a strong security notion called as "indifferentiability" for a hash function based on a compression function. The classical design principle is also insecure against this strong security notion whereas chopMD hash is secure with the security bound roughly 茂戮驴2/2swhere sis the number of chopped bits and 茂戮驴is the total number of message blocks queried by a distinguisher. In case of n= 2swhere nis the output size of a compression function, the value 茂戮驴to get a significant bound is 2s/2which is the birthday complexity, where the hash output size is s-bit. In this paper, we present an improved security bound for chopMD. The improved bound shown in this paper is (3(n茂戮驴 s) + 1)q/2s+ q/2n茂戮驴 s茂戮驴 1+ 茂戮驴2/2n+ 1where qis the total number of queries. In case of n= 2s, chopMD is indifferentiably-secure if q= O(2s/(3s+ 1)) and 茂戮驴= O(2n/2) which are beyond the birthday complexity. We also present a design principle for an n-bit hash function based on a compression function $f : {0,1}^{2n+b} {\Rightarrow} {0,1}^n$ and show that the indifferentiability security bound for this hash function is roughly (3n+ 1)茂戮驴/2n. So, the new design of hash function is second-preimage and r-multicollision secure as long as the query complexity (the number of message blocks queried) of an attacker is less than 2n/(3n+ 1) or 2n(r茂戮驴 1)/rrespectively.