Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Lower bounds on the efficiency of generic cryptographic constructions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
How to Go Beyond the Black-Box Simulation Barrier
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Robust Multi-property Combiners for Hash Functions Revisited
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Robuster combiners for oblivious transfer
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Security-amplifying combiners for collision-resistant hash functions
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Amplifying collision resistance: a complexity-theoretic treatment
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
On tolerant cryptographic constructions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On robust combiners for oblivious transfer and other primitives
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On robust combiners for private information retrieval and other primitives
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Hash function combiners in TLS and SSL
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
On the instantiability of hash-and-sign RSA signatures
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Cryptophia's short combiner for collision-resistant hash functions
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
A black-box combiner for collision resistant hash functions (CRHF) is a construction which given black-box access to two hash functions is collision resistant if at least one of the components is collision resistant.In this paper we prove a lower bound on the output length of black-box combiners for CRHFs. The bound we prove is basically tight as it is achieved by a recent construction of Canetti et al [Crypto'07]. The best previously known lower bounds only ruled out a very restricted class of combiners having a very strong security reduction: the reduction was required to output collisions for both underlying candidate hash-functions given a single collision for the combiner (Canetti et al [Crypto'07] building on Boneh and Boyen [Crypto'06] and Pietrzak [Eurocrypt'07]).Our proof uses a lemma similar to the elegant "reconstruction lemma" of Gennaro and Trevisan [FOCS'00], which states that any function which is not one-way is compressible (and thus uniformly random function must be one-way). In a similar vein we show that a function which is not collision resistant is compressible. We also borrow ideas from recent work by Haitner et al. [FOCS'07], who show that one can prove the reconstruction lemma even relative to some very powerful oracles (in our case this will be an exponential time collision-finding oracle).