Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables
ACM Transactions on Information and System Security (TISSEC)
Blockcipher-Based Hashing Revisited
Fast Software Encryption
Seven-property-preserving iterated hashing: ROX
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
An Analysis of the Blockcipher-Based Hash Functions from PGV
Journal of Cryptology
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
On the role definitions in and beyond cryptography
ASIAN'04 Proceedings of the 9th Asian Computing Science conference on Advances in Computer Science: dedicated to Jean-Louis Lassez on the Occasion of His 5th Cycle Birthday
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Hash based digital signature schemes
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Hi-index | 0.00 |
We revisit the definitions of preimage resistance, focussing on the question of finding a definition that is simple enough to prove security against, yet flexible enough to be of use for most applications. We give an in-depth analysis of existing preimage resistance notions, introduce several new notions, and establish relations and separations between the known and new preimage notions. This establishes a clear separation between domain-oriented and range-oriented preimage resistance notions. For the former an element is chosen from the domain and hashed to form the target digest; for the latter the target digest is chosen directly from the range. In particular, we show that Rogaway and Shrimpton's notion of everywhere preimage resistance on its own is less powerful than previously thought. However, we prove that in conjunction with collision resistance , everywhere preimage resistance implies ‘ordinary' (domain-based) preimage resistance. We show the implications of our result for iterated hash functions and hash chains, where the latter is related to the Winternitz one-time signature scheme.