Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Collision Intractability of MDC-2 in the Ideal-Cipher Model
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Building a Collision-Resistant Compression Function from Non-compressing Primitives
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Domain extension of public random functions: beyond the birthday Barrier
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Security/efficiency tradeoffs for permutation-based hashing
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Combining compression functions and block cipher-based hash functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Some attacks against a double length hash proposal
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Security analysis of a 2/3-rate double length compression function in the black-box model
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
On the impossibility of highly-efficient blockcipher-based hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Security analysis of constructions combining FIL random oracles
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Attacking the Knudsen-Preneel compression functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
The collision security of tandem-DM in the ideal cipher model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Multi-property-preserving domain extension using polynomial-based modes of operation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Stam’s collision resistance conjecture
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Collisions are not incidental: a compression function exploiting discrete geometry
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Efficient and optimally secure key-length extension for block ciphers via randomized cascading
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Security analysis and comparison of the SHA-3 finalists BLAKE, grøstl, JH, keccak, and skein
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Provable security of the knudsen-preneel compression functions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Optimal collision security in double block length hashing with single length key
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Security of permutation-based compression function lp231
Information Processing Letters
| Hi-index | 0.00 |
Suppose we are given a perfect n+ c-to-nbit compression function fand we want to construct a larger m+ s-to-sbit compression function Hinstead. What level of security, in particular collision resistance, can we expect from Hif it makes rcalls to f? We conjecture that typically collisions can be found in 2(nr+ cr茂戮驴 m)/(r+ 1)queries. This bound is also relevant for building a m+ s-to-sbit compression function based on a blockcipher with k-bit keys and n-bit blocks: simply set c= k, or c= 0 in case of fixed keys.We also exhibit a number of (conceptual) compression functions whose collision resistance is close to this bound. In particular, we consider the following four scenarios: 1A 2n-to-nbit compression function making two calls to an n-to-nbit primitive, providing collision resistance up to 2n/3/nqueries. This beats a recent bound by Rogaway and Steinberger that 2n/4queries to the underlying random n-to-nbit function suffice to find collisions in any rate-1/2 compression function. In particular, this shows that Rogaway and Steinberger's recent bound of 2(nr茂戮驴 m茂戮驴 s/2)/r)queries (for c= 0) crucially relies upon a uniformity assumption; a blanket generalization to arbitrary compression functions would be incorrect.1A 3n-to-2nbit compression function making a single call to a 3n-to-nbit primitive, providing collision resistance up to 2nqueries.1A 3n-to-2nbit compression function making two calls to a 2n-to-nbit primitive, providing collision resistance up to 2nqueries.1A single call compression function with parameters satisfying m≤ n+ c, n≤ s, c≤ m. This result provides a tradeoff between how many bits you can compress for what level of security given a single call to an n+ c-to-nbit random function.