Journal of Cryptology
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Formal aspects of mobile code security
Formal aspects of mobile code security
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Masking-based domain extenders for UOWHFs: bounds and constructions
IEEE Transactions on Information Theory
Hash functions in the dedicated-key setting: design choices and MPP transforms
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
Fast Software Encryption
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Hash Functions from Sigma Protocols and Improvements to VSH
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Fill Up Merkle-Damgård Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Analysis of Property-Preservation Capabilities of the ROX and ESh Hash Domain Extenders
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Second preimage attacks on dithered hash functions
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Domain extension for enhanced target collision-resistant hash functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
On the indifferentiability of the Grøstl hash function
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Security reductions of the second round SHA-3 candidates
ISC'10 Proceedings of the 13th international conference on Information security
Increasing the flexibility of the herding attack
Information Processing Letters
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Provable chosen-target-forced-midfix preimage resistance
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
The symbiosis between collision and preimage resistance
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Indifferentiability of domain extension modes for hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
On capabilities of hash domain extenders to preserve enhanced security properties
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Optimal collision security in double block length hashing with single length key
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Nearly all modern hash functions are constructed by iterating a compression function. At FSE'04, Rogaway and Shrimpton [28] formalized seven security notions for hash functions: collision resistance (Coll) and three variants of second-preimage resistance (Sec, aSec, eSec) and preimage resistance (Pre, aPre, ePre). The main contribution of this paper is in determining, by proof or counterexample, which of these seven notions is preserved by each of eleven existing iterations. Our study points out that none of them preserves more than three notions from [28]. As a second contribution, we propose the new Random-Oracle XOR (ROX) iteration that is the first to provably preserve all seven notions, but that, quite controversially, uses a random oracle in the iteration. The compression function itself is not modeled as a random oracle though. Rather, ROX uses an auxiliary small-input random oracle (typically 170 bits) that is called only a logarithmic number of times.