SSL and TLS: designing and building secure systems
SSL and TLS: designing and building secure systems
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom functions revisited: the cascade construction and its concrete security
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
Non-trivial Black-Box Combiners for Collision-Resistant Hash-Functions Don't Exist
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Robust Multi-property Combiners for Hash Functions Revisited
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Preimages for Reduced SHA-0 and SHA-1
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Compression from Collisions, or Why CRHF Combiners Have a Long Output
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Security-amplifying combiners for collision-resistant hash functions
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Amplifying collision resistance: a complexity-theoretic treatment
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Aggregate message authentication codes
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Multi-property preserving combiners for hash functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Delayed-key message authentication for streams
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
On tolerant cryptographic constructions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Cryptophia's short combiner for collision-resistant hash functions
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
The TLS and SSL protocols are widely used to ensure secure communication over an untrusted network. Therein, a client and server first engage in the so-called handshake protocol to establish shared keys that are subsequently used to encrypt and authenticate the data transfer. To ensure that the obtained keys are as secure as possible, TLS and SSL deploy hash function combiners for key derivation and the authentication step in the handshake protocol. A robust combiner for hash functions takes two candidate implementations and constructs a hash function which is secure as long as at least one of the candidates is secure. In this work, we analyze the security of the proposed TLS/SSL combiner constructions for pseudorandom functions resp. message authentication codes.