Factoring polynomials over finite fields: a survey
Journal of Symbolic Computation - Special issue on computational algebra and number theory: proceedings of the second Magma conference
Constructing VIL-MACsfrom FIL-MACs: Message Authentication under Weakened Assumptions
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Salvaging Merkle-Damgård for Practical Applications
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Blockcipher-Based Hashing Revisited
Fast Software Encryption
Message Authentication Codes from Unpredictable Block Ciphers
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Another Glance at Double-Length Hashing
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Hash functions based on block ciphers
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
A new mode of operation for block ciphers and length-preserving MACs
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Single-key AIL-MACs from any FIL-MAC
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Some plausible constructions of double-block-length hash functions
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Herding hash functions and the nostradamus attack
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
MJH: a faster alternative to MDC-2
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Domain extension for MACs beyond the birthday barrier
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
The collision security of tandem-DM in the ideal cipher model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Optimal collision security in double block length hashing with single length key
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
In this paper, we propose a new double-piped mode of operation for multi-property-preserving domain extension of MACs (message authentication codes), PRFs (pseudorandom functions) and PROs (pseudorandom oracles). Our mode of operation performs twice as fast as the original double-piped mode of operation of Lucks [15] while providing comparable security. Our construction, which uses a class of polynomial-based compression functions proposed by Stam [22,23], makes a single call to a 3n-bit to n-bit primitive at each iteration and uses a finalization function f2 at the last iteration, producing an n-bit hash function H[f1,f2] satisfying the following properties. H[f1,f2] is unforgeable up to O(2n/n) query complexity as long as f1 and f2 are unforgeable. H[f1,f2] is pseudorandom up to O(2n/n) query complexity as long as f1 is unforgeable and f2 is pseudorandom. H[f1,f2] is indifferentiable from a random oracle up to O(22n/3) query complexity as long as f1 and f2 are public random functions. To our knowledge, our result constitutes the first time O(2n/n) unforgeability has been achieved using only an unforgeable primitive of n-bit output length. (Yasuda showed unforgeability of O(25n/6) for Lucks’ construction assuming an unforgeable primitive, but the analysis is sub-optimal; in the appendix, we show how Yasuda’s bound can be improved to O(2n).) In related work, we strengthen Stam’s collision resistance analysis of polynomial-based compression functions (showing that unforgeability of the primitive suffices) and discuss how to implement our mode by replacing f1 with a 2n-bit key blockcipher in Davies-Meyer mode or by replacing f1 with the cascade of two 2n-bit to n-bit compression functions.