How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Constructing VIL-MACsfrom FIL-MACs: Message Authentication under Weakened Assumptions
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom functions revisited: the cascade construction and its concrete security
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Single-key AIL-MACs from any FIL-MAC
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
On the generic insecurity of the full domain hash
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
A synthetic indifferentiability analysis of some block-cipher-based hash functions
Designs, Codes and Cryptography
Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Improved Indifferentiability Security Analysis of chopMD Hash Function
Fast Software Encryption
Looking Back at a New Hash Function
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
The Random Oracle Model and the Ideal Cipher Model Are Equivalent
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Hash Functions from Sigma Protocols and Improvements to VSH
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Slide Attacks on a Class of Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Fill Up Merkle-Damgård Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Indifferentiability of Single-Block-Length and Rate-1 Compression Functions
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Classification of Hash Functions Suitable for Real-Life Systems
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Compression Functions Suitable for the Multi-Property-Preserving Transform
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
A Single-Key Domain Extender for Privacy-Preserving MACs and PRFs
Information Security and Cryptology --- ICISC 2008
A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Salvaging Merkle-Damgård for Practical Applications
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
Analysis of Property-Preservation Capabilities of the ROX and ESh Hash Domain Extenders
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
On the Weak Ideal Compression Functions
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Meet-in-the-Middle Attacks Using Output Truncation in 3-Pass HAVAL
ISC '09 Proceedings of the 12th International Conference on Information Security
ISC '09 Proceedings of the 12th International Conference on Information Security
On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Confirm Cryptosystems Security: The Original Merkle-Damgård Is Still Alive!
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Domain extension of public random functions: beyond the birthday Barrier
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Extended multi-property-preserving and ECM-construction
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
A simple variant of the Merkle-Damgård scheme with a permutation
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Seven-property-preserving iterated hashing: ROX
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
How to build a hash function from any collision-resistant function
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Boosting Merkle-Damgård hashing for message authentication
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A new mode of operation for block ciphers and length-preserving MACs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Analysis of Zipper as a hash function
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Getting the best out of existing hash functions; or what if we are stuck with SHA?
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
On seed-incompressible functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Multi-property preserving combiners for hash functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Changing base without losing space
Proceedings of the forty-second ACM symposium on Theory of computing
Security analysis of the mode of JH hash function
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Constructing rate-1 MACs from related-key unpredictable block ciphers: PGV model revisited
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Leakage-resilient pseudorandom functions and side-channel attacks on Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient indifferentiable hashing into ordinary elliptic curves
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Cryptographic extraction and key derivation: the HKDF scheme
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Sponge-based pseudo-random number generators
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Cryptography for network security: failures, successes and challenges
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
On the indifferentiability of the Grøstl hash function
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Some observations on indifferentiability
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Security reductions of the second round SHA-3 candidates
ISC'10 Proceedings of the 13th international conference on Information security
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
The equivalence of the random oracle model and the ideal cipher model, revisited
Proceedings of the forty-third annual ACM symposium on Theory of computing
Domain extension for MACs beyond the birthday barrier
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Careful with composition: limitations of the indifferentiability framework
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
On the security of hash functions employing blockcipher postprocessing
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Practical near-collisions on the compression function of BMW
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Improving the message expansion of the tangle hash function
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
On the indifferentiability of fugue and luffa
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Security of practical cryptosystems using Merkle-Damgård hash function in the ideal cipher model
ProvSec'11 Proceedings of the 5th international conference on Provable security
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Indifferentiable security analysis of popular hash functions with prefix-free padding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Combining compression functions and block cipher-based hash functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
RC4-hash: a new hash function based on RC4
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Some attacks against a double length hash proposal
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Increasing the flexibility of the herding attack
Information Processing Letters
Collision-Resistant usage of MD5 and SHA-1 via message preprocessing
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
A domain extender for the ideal cipher
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Multi-property-preserving domain extension using polynomial-based modes of operation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Cryptanalysis of t-function-based hash functions
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Domain expansion of MACs: alternative uses of the FIL-MAC
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
On the relation between the ideal cipher and the random oracle models
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Provable chosen-target-forced-midfix preimage resistance
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Blockcipher-Based double-length hash functions for pseudorandom oracles
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Black-box property of cryptographic hash functions
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
On the public indifferentiability and correlation intractability of the 6-round feistel construction
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Verified indifferentiable hashing into elliptic curves
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Security analysis and comparison of the SHA-3 finalists BLAKE, grøstl, JH, keccak, and skein
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Indifferentiability of domain extension modes for hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
KALwEN: a new practical and interoperable key management scheme for body sensor networks
Security and Communication Networks
Security analysis of constructions combining FIL random oracles
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Hash functions in the dedicated-key setting: design choices and MPP transforms
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
On capabilities of hash domain extenders to preserve enhanced security properties
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Improved (and practical) public-key authentication for UHF RFID tags
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Splittable pseudorandom number generators using cryptographic hashing
Proceedings of the 2013 ACM SIGPLAN symposium on Haskell
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Verifying computations with state
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Cryptophia's short combiner for collision-resistant hash functions
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Verified indifferentiable hashing into elliptic curves
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a block-cipher. In this paper, we introduce a new security notion for hash-functions, stronger than collision-resistance. Under this notion, the arbitrary length hash function H must behave as a random oracle when the fixed-length building block is viewed as a random oracle or an ideal block-cipher. The key property is that if a particular construction meets this definition, then any cryptosystem proven secure assuming H is a random oracle remains secure if one plugs in this construction (still assuming that the underlying fixed-length primitive is ideal). In this paper, we show that the current design principle behind hash functions such as SHA-1 and MD5 — the (strengthened) Merkle-Damgård transformation — does not satisfy this security notion. We provide several constructions that provably satisfy this notion; those new constructions introduce minimal changes to the plain Merkle-Damgård construction and are easily implementable in practice.