Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Hash Functions: From Merkle-Damgård to Shoup
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Formal aspects of mobile code security
Formal aspects of mobile code security
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Some Observations on the Theory of Cryptographic Hash Functions
Designs, Codes and Cryptography
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Fast Software Encryption
New Techniques for Cryptanalysis of Hash Functions and Improved Attacks on Snefru
Fast Software Encryption
New design criteria for hash functions and block ciphers
New design criteria for hash functions and block ciphers
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Seven-property-preserving iterated hashing: ROX
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Second preimage attacks on dithered hash functions
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Getting the best out of existing hash functions; or what if we are stuck with SHA?
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Linear-XOR and additive checksums don't protect Damgård-Merkle hashes from generic attacks
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hash functions in the dedicated-key setting: design choices and MPP transforms
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
On Randomizing Hash Functions to Strengthen the Security of Digital Signatures
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Analysis of Property-Preservation Capabilities of the ROX and ESh Hash Domain Extenders
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Domain extension for enhanced target collision-resistant hash functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Enhanced security notions for dedicated-key hash functions: definitions and relationships
FSE'10 Proceedings of the 17th international conference on Fast software encryption
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
Many of the popular Merkle-Damgård hash functions have turned out to be not collision-resistant (CR). The problem is that we no longer know if these hash functions are even second-preimage-resistant (SPR) or one-way (OW), without the underlying compression functions being CR. We remedy this situation by introducing the "split padding" into a current Merkle-Damgård hash function H . The patched hash function $\bar{H}$ resolves the problem in the following ways: (i) $\bar{H}$ is SPR if the underlying compression function h satisfies an "SPR-like" property, and (ii) $\bar{H}$ is OW if h satisfies an "OW-like" property. The assumptions we make about h are provided with simple definitions and clear relations to other security notions. In particular, they belong to the class whose existence is ensured by that of OW functions, revealing an evident separation from the strong CR requirement. Furthermore, we get the full benefit from the patch at almost no expense: The new scheme requires no change in the internals of a hash function, runs as efficiently as the original, and as usual inherits CR from h . Thus the patch has significant effects on systems and applications whose security relies heavily on the SPR or OW property of Merkle-Damgård hash functions.