Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Analysis of SHA-1 in Encryption Mode
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Bounds on the Efficiency of Generic Cryptographic Constructions
SIAM Journal on Computing
The Collision Intractability of MDC-2 in the Ideal-Cipher Model
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Building a Collision-Resistant Compression Function from Non-compressing Primitives
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication
ISC '08 Proceedings of the 11th international conference on Information Security
Indifferentiability of Single-Block-Length and Rate-1 Compression Functions
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
On tweaking Luby-Rackoff blockciphers
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A new mode of operation for block ciphers and length-preserving MACs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Security/efficiency tradeoffs for permutation-based hashing
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Analysis of Zipper as a hash function
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
How (not) to efficiently dither blockcipher-based hash functions?
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Preimage resistance of LPm kr with r=m-1
Information Processing Letters
On hashing with tweakable ciphers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Security reductions of the second round SHA-3 candidates
ISC'10 Proceedings of the 13th international conference on Information security
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
PolyE+CTR: a swiss-army-knife mode for block ciphers
ProvSec'11 Proceedings of the 5th international conference on Provable security
Combining compression functions and block cipher-based hash functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Some attacks against a double length hash proposal
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
On related-secret pseudorandomness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Stam’s collision resistance conjecture
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Analysis of fast blockcipher-based hash functions
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Security analysis and comparison of the SHA-3 finalists BLAKE, grøstl, JH, keccak, and skein
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
McOE: a family of almost foolproof on-line authenticated encryption schemes
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Provable security of the knudsen-preneel compression functions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Security of permutation-based compression function lp231
Information Processing Letters
Hi-index | 0.00 |
Fix a small, non-empty set of blockcipher keys ${\mathcal K}$. We say a blockcipher-based hash function is highly-efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from ${\mathcal K}$. Although a few highly-efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the ideal-cipher model, that it is impossible to construct a highly-efficient iterated blockcipher-based hash function that is provably secure. Our result implies, in particular, that the Tweakable Chain Hash (TCH) construction suggested by Liskov, Rivest, and Wagner [7] is not correct under an instantiation suggested for this construction, nor can TCH be correctly instantiated by any other efficient means.