Analysis of Zipper as a hash function

Authors:
Pin Lin;Wenling Wu;Chuankun Wu;Tian Qiu
Affiliations:
The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences and Graduate School of Chinese Academy of Sciences;The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences;The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences;National Key Laboratory of Integrated Information System Technology, Institute of Software, Chinese Academy of Sciences and Graduate School of Chinese Academy of Sciences
Venue:
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Year:
2008

Citing 13
Cited 0

Hash functions based on block ciphers: a synthetic approach

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Constructing an ideal hash function from weak ideal compression functions

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
A failure-friendly design principle for hash functions

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Breaking the ICE – finding multicollisions in iterated concatenated and expanded (ICE) hash functions

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of highly-efficient blockcipher-based hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

At CRYPTO 2005, Coron etc. proposed several modified methods to make the usual hash functions based on MD method indifferentiable from random oracles. However, the compression functions used in Coron's schemes are supposed to be random oracles. This assumption is too strong. To achieve Coron's goal in the real world, Liskov proposed Zipper structure and implemented a new scheme indifferentiable from random oracle based on this structure. Unlike Coron's schemes, the indifferentiability of Liskov's scheme does not depend on strong compression functions and insecure compression functions can be used to implement Liskov's scheme. In this paper, we show that the security of Liskov's scheme is not ideal as a hash function. We also analyze those Zipper schemes whose compression functions are insecure PGV compression functions instead of Liskov's weak compression functions, and we find that some insecure PGV compression functions whose security is stronger than Liskov's weak compression function cannot be used to build indifferentiable and collision-resistant Zipper schemes.