A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Security of digital signature schemes in weakened random oracle models
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
In SAC 2006, Liskov introduced the weak ideal compression functions. He proved that a hash construction based on these functions is indifferentiable from the random oracle. In ICALP 2008, Hoch and Shamir applied Liskov's idea and proved the indifferentiability of another hash construction. However, these proofs of indifferentiability can have gaps in certain situations. In this paper, we formalize these situations and propose the simulation method which covers these situations. In particular, we apply our simulation method to the latter proof of indifferentiability, and concretely analyze the security of the latter hash construction. We can derive a lower bound to find a collision in the concatenated hash construction, which covers the gaps of the original proof.