Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
How to Protect DES Against Exhaustive Key Search
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Construction of a Cioher From a Single Pseudorandom Permutation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
The Collision Intractability of MDC-2 in the Ideal-Cipher Model
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Blockcipher-Based Hashing Revisited
Fast Software Encryption
Fast Software Encryption
Proceedings of the 12th IMA International Conference on Cryptography and Coding
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Security of Cyclic Double Block Length Hash Functions
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Another Glance at Double-Length Hashing
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Hash functions based on block ciphers
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Provably secure double-block-length hash functions in a black-box model
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
The collision security of tandem-DM in the ideal cipher model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Blockcipher-Based double-length hash functions for pseudorandom oracles
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
The collision security of MDC-4
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
| Hi-index | 0.00 |
We give collision resistance bounds for blockcipher based, double-call, double-length hash functions using (k, n)-bit blockciphers with k n. Özen and Stam recently proposed a framework [21] for such hash functions that use 3n-to-2n-bit compression functions and two parallel calls to two independent blockciphers with 2n-bit key and n-bit block size. We take their analysis one step further. We first relax the requirement of two distinct and independent blockciphers. We then extend this framework and also allow to use the ciphertext of the first call to the blockcipher as an input to the second call of the blockcipher. As far as we know, our extended framework currently covers any double-length, double-call blockcipher based hash function known in literature using a (2n, n)-bit blockcipher as, e.g., ABREAST-DM, TANDEM-DM [15], CYCLIC-DM [9] and Hirose's FSE'06 proposal [13]. Our generic analysis gives a simpler proof as in the FSE'09 analysis of TANDEM-DM by also tightening the security bound. The collision resistance bound for CYCLIC-DM given in [9] diminishes with an increasing cycle length c. We improve this bound for cycle lengths larger than 26.