How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the existence of statistically hiding bit commitment schemes and fail-stop signatures
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Short Signatures from the Weil Pairing
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The random oracle methodology, revisited
Journal of the ACM (JACM)
A Forward-Secure Public-Key Encryption Scheme
Journal of Cryptology
Extractable Perfectly One-Way Functions
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Building a Collision-Resistant Compression Function from Non-compressing Primitives
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Leaky Random Oracle (Extended Abstract)
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Towards a Theory of Extractable Functions
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A simple variant of the Merkle-Damgård scheme with a permutation
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
How to build a hash function from any collision-resistant function
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A new mode of operation for block ciphers and length-preserving MACs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Security/efficiency tradeoffs for permutation-based hashing
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Getting the best out of existing hash functions; or what if we are stuck with SHA?
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Provably secure double-block-length hash functions in a black-box model
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Hash functions in the dedicated-key setting: design choices and MPP transforms
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Confirm Cryptosystems Security: The Original Merkle-Damgård Is Still Alive!
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Security analysis of the mode of JH hash function
FSE'10 Proceedings of the 17th international conference on Fast software encryption
On the indifferentiability of the Grøstl hash function
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Some observations on indifferentiability
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Security reductions of the second round SHA-3 candidates
ISC'10 Proceedings of the 13th international conference on Information security
Careful with composition: limitations of the indifferentiability framework
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
On the security of hash functions employing blockcipher postprocessing
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Security of practical cryptosystems using Merkle-Damgård hash function in the ideal cipher model
ProvSec'11 Proceedings of the 5th international conference on Provable security
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Multi-property-preserving domain extension using polynomial-based modes of operation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Blockcipher-Based double-length hash functions for pseudorandom oracles
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Black-box property of cryptographic hash functions
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
On the public indifferentiability and correlation intractability of the 6-round feistel construction
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Security analysis and comparison of the SHA-3 finalists BLAKE, grøstl, JH, keccak, and skein
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Indifferentiability of domain extension modes for hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Hi-index | 0.00 |
Many cryptographic applications of hash functions are analyzed in the random oracle model. Unfortunately, most concrete hash functions, including the SHA family, use the iterative (strengthened) Merkle-Damgård transform applied to a corresponding compression function. Moreover, it is well known that the resulting "structured" hash function cannot be generically used as a random oracle, even if the compression function is assumed to be ideal. This leaves a large disconnect between theory and practice: although no attack is known for many concrete applications utilizing existing (Merkle-Damgård based) hash functions, there is no security guarantee either, even by idealizing the compression function. Motivated by this question, we initiate a rigorous and modular study of developing new notions of (still idealized) hash functions which would be (a) natural and elegant; (b) sufficient for arguing security of important applications; and (c) provably met by the (strengthened) Merkle-Damgård transform, applied to a "strong enough" compression function. In particular, we develop two such notions satisfying (a)-(c): a preimage aware function ensures that the attacker cannot produce a "useful" output of the function without already "knowing" the corresponding preimage, and a public-use random oracle , which is a random oracle that reveals to attackers messages queried by honest parties.