A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Advances in Cryptology - EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, ... (Lecture Notes in Computer Science)
Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Security-amplifying combiners for collision-resistant hash functions
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
The second-preimage attack on MD4
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
On the Weak Ideal Compression Functions
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Improved Generic Algorithms for 3-Collisions
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Security of encryption schemes in weakened random oracle models
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Blockcipher-Based double-length hash functions for pseudorandom oracles
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Hi-index | 0.00 |
At Crypto 2004 Joux showed a novel attack against the concatenated hash combiner instantiated with Merkle-Damgård iterated hash functions. His method of producing multicollisions in the design was the first in a recent line of generic attacks against the Merkle-Damgård construction. In the same paper, Joux raised an open question concerning the strength of the concatenated hash combiner and asked whether his attack can be improved when the attacker can efficiently find collisions in both underlying compression functions. We solve this open problem by showing that even in the powerful adversarial scenario first introduced by Liskov (SAC 2006) in which the underlying compression functions can be fully inverted (which implies that collisions can be easily generated), collisions in the concatenated hash cannot be created using fewer than 2n/2queries. We then expand this result to include the double pipe hash construction of Lucks from Asiacrypt 2005. One of the intermediate results is of interest on its own and provides the first streamable construction provably indifferentiable from a random oracle in this model.