Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Indistinguishability of Random Systems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Improved Indifferentiability Security Analysis of chopMD Hash Function
Fast Software Encryption
The Random Oracle Model and the Ideal Cipher Model Are Equivalent
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Salvaging Merkle-Damgård for Practical Applications
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A new mode of operation for block ciphers and length-preserving MACs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Indifferentiable security analysis of popular hash functions with prefix-free padding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A simple and unified method of proving indistinguishability
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Birthday paradox for multi-collisions
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
On the indifferentiability of the Grøstl hash function
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Security reductions of the second round SHA-3 candidates
ISC'10 Proceedings of the 13th international conference on Information security
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
On the indifferentiability of fugue and luffa
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
SPN-hash: improving the provable resistance against differential collision attacks
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Security analysis and comparison of the SHA-3 finalists BLAKE, grøstl, JH, keccak, and skein
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Discrete-time interacting quantum walks and quantum Hash schemes
Quantum Information Processing
Hi-index | 0.00 |
Recently, NIST has selected 14 second round candidates of SHA3 competition. One of these candidates will win the competition and eventually become the new hash function standard. In TCC'04, Maurer et al introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two systems. Indifferentiability is the appropriate notion of modeling a random oracle as well as a strong security criteria for a hash-design. In this paper we analyze the indifferentiability and preimage resistance of JH hash function which is one of the SHA3 second round candidates. JH uses a 2n bit fixed permutation based compression function and applies chopMD domain extension with specific padding. - We show under the assumption that the underlying permutations is a 2n- bit random permutation, JH mode of operation with output length 2n - s bits, is indifferentiable from a random oracle with distinguisher's advantage bounded by O(q2σ/2s + q3/2n) where σ is the total number of blocks queried by distinguisher. - We show that the padding rule used in JH is essential as there is a simple indifferentiablity distinguisher (with constant query complexity) against JH mode of operation without length padding outputting n bit digest. - We prove that a little modification (namely chopping different bits) of JH mode of operation enables us to construct a hash function based on random permutation (without any length padding) with similar bound of sponge constructions (with fixed output size) and with same efficiency. - On the other hand, we improve the preimage attack of query complexity 2510.3 due to Mendel and Thompson. Using multicollisions in both forward and reverse direction, we show a preimage attack on JH with n = 512, s = 512 in 2507 queries to the permutation.