Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Domain extender for collision resistant hash functions: Improving upon Merkle-Damgård iteration
Discrete Applied Mathematics
Collision free hash functions and public key signature schemes
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
This paper characterizes collision preserving padding rules and provides variants of Merkle-Damgård (MD) which are having less or no overhead costs due to length. We first show that suffix-free property of padding rule is necessary as well as sufficient to preserve the collision security of MD hash function for an arbitrary domain {0,1}*. Knowing this, we propose a simple suffix-free padding rule padding only log|M | bits for a message M , which is less than that of Damgard's and Sarkar's padding rules. We also prove that the length-padding is not absolutely necessary. We show that a simple variant of MD with 10 d -padding (or any injective padding) is collision resistant provided that the underlying compression function is collision resistant after chopping the last-bit. Finally, we design another variant of MD hash function preserving all three basic security notions of hash functions, namely collision and (2nd) preimage, which is an improvement over a recently designed (SAC-08) three-property preserving hash function.