Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Fast and Secure Hashing Based on Codes
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Fast Correlation Attacks: An Algorithmic Point of View
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Hash Functions Based on Block Ciphers and Quaternary Codes
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Building a Collision-Resistant Compression Function from Non-compressing Primitives
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Blockcipher-Based Hashing Revisited
Fast Software Encryption
Fast Software Encryption
Proceedings of the 12th IMA International Conference on Cryptography and Coding
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Security of Cyclic Double Block Length Hash Functions
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Another Glance at Double-Length Hashing
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
The knapsack hash function proposed at Crypto'89 can be broken
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Security/efficiency tradeoffs for permutation-based hashing
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Combining compression functions and block cipher-based hash functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Some attacks against a double length hash proposal
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Security analysis of a 2/3-rate double length compression function in the black-box model
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Construction of secure and fast hash functions using nonbinary error-correcting codes
IEEE Transactions on Information Theory
Primal-Dual Distance Bounds of Linear Codes With Application to Cryptography
IEEE Transactions on Information Theory
Security analysis of constructions combining FIL random oracles
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Provable security of the knudsen-preneel compression functions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
Knudsen and Preneel (Asiacrypt'96 and Crypto'97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random functions. We give a new non-adaptive preimage attack, beating the one given by Knudsen and Preneel, that is optimal in terms of query complexity. Moreover, our new attack falsifies their (conjectured) preimage resistance security bound and shows that intuitive bounds based on the number of 'active' components can be treacherous. Complementing our attack is a formal analysis of the query complexity (both lower and upper bounds) of preimage-finding attacks. This analysis shows that for many concrete codes the time complexity of our attack is optimal.