Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of highly-efficient blockcipher-based hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
At CRYPTO 2005, Coron etc. proposed several modified methods to make the usual hash functions based on MD method indifferentiable from random oracles. However, the compression functions used in Coron's schemes are supposed to be random oracles. This assumption is too strong. To achieve Coron's goal in the real world, Liskov proposed Zipper structure and implemented a new scheme indifferentiable from random oracle based on this structure. Unlike Coron's schemes, the indifferentiability of Liskov's scheme does not depend on strong compression functions and insecure compression functions can be used to implement Liskov's scheme. In this paper, we show that the security of Liskov's scheme is not ideal as a hash function. We also analyze those Zipper schemes whose compression functions are insecure PGV compression functions instead of Liskov's weak compression functions, and we find that some insecure PGV compression functions whose security is stronger than Liskov's weak compression function cannot be used to build indifferentiable and collision-resistant Zipper schemes.