Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An Efficient MAC for Short Messages
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom functions revisited: the cascade construction and its concrete security
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
"Sandwich" is indeed secure: how to authenticate a message with just one hashing
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Single-key AIL-MACs from any FIL-MAC
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Strengthening digital signatures via randomized hashing
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On the security of iterated message authentication codes
IEEE Transactions on Information Theory
Hash functions in the dedicated-key setting: design choices and MPP transforms
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
Side Channel Analysis of Some Hash Based MACs: A Response to SHA-3 Requirements
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Basing PRFs on Constant-Query Weak PRFs: Minimizing Assumptions for Efficient Symmetric Cryptography
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Single-Key Domain Extender for Privacy-Preserving MACs and PRFs
Information Security and Cryptology --- ICISC 2008
ISC '09 Proceedings of the 12th International Conference on Information Security
| Hi-index | 0.00 |
This paper presents a novel mode of operation of compression functions, intended for dedicated use as a message authentication code (MAC.) The new approach is faster than the well-known Merkle-Damgård iteration; more precisely, it is (1 + c/b)-times as fast as the classical Merkle-Damgård hashing when applied to a compression function h : {0, 1}c+b → {0, 1}c. Our construction provides a single-key MAC with provable security; we show that the proposed scheme yields a PRF(pseudo-random function)-based MAC on the assumption that the underlying compression function h satisfies certain PRF properties. Thus our method offers a way to process data more efficiently than the conventional HMAC without losing formal proofs of security. Our design also takes into account usage with prospective compression functions; that is, those compression functions h with relatively weighty load and relatively large c (i.e., "wide-pipe") greatly benefit from the improved performance by our mode of operation.