A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Security preserving amplification of hardness
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Amplifying collision resistance: a complexity-theoretic treatment
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
On tolerant cryptographic constructions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
On hardness amplification of one-way functions
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Compression from Collisions, or Why CRHF Combiners Have a Long Output
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A comprehensive reference architecture for trustworthy long-term archiving of sensitive data
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Security of encryption schemes in weakened random oracle models
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Hash function combiners in TLS and SSL
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Hi-index | 0.04 |
The classical combiner CombH0, H1class (M) = H0(M)||H1(M) for hash functions H0, H1 provides collision-resistance as long as at least one of the two underlying hash functions is secure. This statement is complemented by the multi-collision attack of Joux (Crypto 2004) for iterated hash functions H0,H1 with n-bit outputs. He shows that one can break the classical combiner in n/2 ċ T0 + T1 steps if one can find collisions for H0 and H1 in time T0 and T1, respectively. Here we address the question if there are security-amplifying combiners where the security of the building blocks increases the security of the combined hash function, thus beating the bound of Joux. We discuss that one can indeed have such combiners and, somewhat surprisingly in light of results of Nandi and Stinson (ePrint 2004) and of Hoch and Shamir (FSE 2006), our solution is essentially as efficient as the classical combiner.