Security-amplifying combiners for collision-resistant hash functions

Authors:
Marc Fischlin;Anja Lehmann
Affiliations:
Darmstadt University of Technology, Germany;Darmstadt University of Technology, Germany
Venue:
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Year:
2007

Citing 10
Cited 5

A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Theory and application of trapdoor functions

SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Security preserving amplification of hardness

SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Amplifying collision resistance: a complexity-theoretic treatment

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Breaking the ICE – finding multicollisions in iterated concatenated and expanded (ICE) hash functions

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
On tolerant cryptographic constructions

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
On hardness amplification of one-way functions

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the impossibility of efficiently combining collision resistant hash functions

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology

On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak

ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Compression from Collisions, or Why CRHF Combiners Have a Long Output

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A comprehensive reference architecture for trustworthy long-term archiving of sensitive data

NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Security of encryption schemes in weakened random oracle models

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Hash function combiners in TLS and SSL

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Quantified Score

Hi-index	0.04

Visualization

Abstract

The classical combiner CombH0, H1class (M) = H0(M)||H1(M) for hash functions H0, H1 provides collision-resistance as long as at least one of the two underlying hash functions is secure. This statement is complemented by the multi-collision attack of Joux (Crypto 2004) for iterated hash functions H0,H1 with n-bit outputs. He shows that one can break the classical combiner in n/2 ċ T0 + T1 steps if one can find collisions for H0 and H1 in time T0 and T1, respectively. Here we address the question if there are security-amplifying combiners where the security of the building blocks increases the security of the combined hash function, thus beating the bound of Joux. We discuss that one can indeed have such combiners and, somewhat surprisingly in light of results of Nandi and Stinson (ePrint 2004) and of Hoch and Shamir (FSE 2006), our solution is essentially as efficient as the classical combiner.